urlscan.io logo urlscan.io
SecurityTrails logo

widget.s24.com Open in urlscan Pro
52.29.232.52  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://facebookok.com/
Effective URL: https://widget.s24.com/recommendations?title=Tuta%20Together%20Back%20to%20School%20AEROREADY&s24cid=cooperation:datasy...
Submission Tags: @ecarlesi possiblethreat Search All
Submission: On May 15 via api from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 3 countries across 15 domains to perform 28 HTTP transactions. The main IP is 52.29.232.52, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is widget.s24.com.
TLS certificate: Issued by R3 on March 23rd 2024. Valid for: 3 months.
This is the only time widget.s24.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 185.53.178.51 61969 (TEAMINTER...)
1 18.66.121.135 16509 (AMAZON-02)
1 34.205.34.207 14618 (AMAZON-AES)
1 54.204.43.26 14618 (AMAZON-AES)
1 1 172.67.161.46 13335 (CLOUDFLAR...)
2 3.126.48.135 16509 (AMAZON-02)
1 1 188.114.97.3 13335 (CLOUDFLAR...)
2 3 3.77.209.234 16509 (AMAZON-02)
5 52.29.232.52 16509 (AMAZON-02)
3 142.250.186.106 15169 (GOOGLE)
1 142.250.184.200 15169 (GOOGLE)
1 143.204.215.107 16509 (AMAZON-02)
3 172.217.23.99 15169 (GOOGLE)
1 172.217.16.206 15169 (GOOGLE)
28 13
4    185.53.178.51 (Germany)

ASN61969 (TEAMINTERNET-AS, DE)
facebookok.com
1    18.66.121.135 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-121-135.fra60.r.cloudfront.net
d38psrni17bvxu.cloudfront.net
1    34.205.34.207 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-205-34-207.compute-1.amazonaws.com
salvi-fov.com
1    54.204.43.26 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-204-43-26.compute-1.amazonaws.com
iuven-ojr.com
1    172.67.161.46 (United States)

ASN13335 (CLOUDFLARENET, US)
geotrkclknow.com
2    3.126.48.135 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-48-135.eu-central-1.compute.amazonaws.com
ilimumf.com
1    188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
clickcanv.com
3    3.77.209.234 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-77-209-234.eu-central-1.compute.amazonaws.com
tracking.s24.com
5    52.29.232.52 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-232-52.eu-central-1.compute.amazonaws.com
widget.s24.com
emmi-findet.de
3    142.250.186.106 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f10.1e100.net
fonts.googleapis.com
1    142.250.184.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f8.1e100.net
www.googletagmanager.com
1    143.204.215.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-107.fra53.r.cloudfront.net
s24.media
3    172.217.23.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f3.1e100.net
fonts.gstatic.com
1    172.217.16.206 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f206.1e100.net
www.google-analytics.com
Apex Domain
Subdomains		 Transfer
7 s24.com
tracking.s24.com — Cisco Umbrella Rank: 213277
widget.s24.com
21 KB
4 facebookok.com
facebookok.com
4 KB
3 gstatic.com
fonts.gstatic.com
48 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33
3 KB
2 ilimumf.com
ilimumf.com
4 KB
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 32
21 KB
1 emmi-findet.de
emmi-findet.de
809 B
1 s24.media
s24.media
3 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
75 KB
1 clickcanv.com
clickcanv.com
582 B
1 geotrkclknow.com
geotrkclknow.com
671 B
1 iuven-ojr.com
iuven-ojr.com — Cisco Umbrella Rank: 397565
1 KB
1 salvi-fov.com
salvi-fov.com
3 KB
1 cloudfront.net
d38psrni17bvxu.cloudfront.net
1 KB
0 recomad.de Failed
recomad.de Failed
28 15
Domain Requested by
4 widget.s24.com widget.s24.com
4 facebookok.com d38psrni17bvxu.cloudfront.net
facebookok.com
3 fonts.gstatic.com fonts.googleapis.com
3 fonts.googleapis.com widget.s24.com
client
3 tracking.s24.com 2 redirects
2 ilimumf.com iuven-ojr.com
1 www.google-analytics.com www.googletagmanager.com
1 emmi-findet.de widget.s24.com
1 s24.media widget.s24.com
1 www.googletagmanager.com widget.s24.com
1 clickcanv.com 1 redirects
1 geotrkclknow.com 1 redirects
1 iuven-ojr.com salvi-fov.com
1 salvi-fov.com facebookok.com
1 d38psrni17bvxu.cloudfront.net facebookok.com
0 recomad.de Failed
28 16

This site contains links to these domains. Also see Links.

Domain
www.s24.com
recomad.de
Subject Issuer Validity Valid
facebookok.com
R3		 2024-03-27 -
2024-06-25		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2023-10-10 -
2024-09-19		 a year crt.sh
zeropark.com
Amazon RSA 2048 M01		 2023-07-12 -
2024-08-09		 a year crt.sh
iuven-ojr.com
Amazon RSA 2048 M03		 2023-12-22 -
2025-01-19		 a year crt.sh
ilimumf.com
R3		 2024-04-26 -
2024-07-25		 3 months crt.sh
philae.tbd.prod.s24.mrge.tech
R3		 2024-04-05 -
2024-07-04		 3 months crt.sh
widget.s24.com
R3		 2024-03-23 -
2024-06-21		 3 months crt.sh
upload.video.google.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.google-analytics.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.albert-bevorzugt.de
Amazon RSA 2048 M03		 2023-08-16 -
2024-09-13		 a year crt.sh
*.gstatic.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://widget.s24.com/recommendations?title=Tuta%20Together%20Back%20to%20School%20AEROREADY&s24cid=cooperation:datasyndication::faf93174&clickref=11943f45-b0ef-4738-98a9-acd29ed9849f
Frame ID: 66A9238099D046587219C70CB45DD73D
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Alternative Angebote

Page URL History Show full URLs

  1. http://facebookok.com/ HTTP 307
    https://facebookok.com/ Page URL
  2. http://salvi-fov.com/zclkvisitor/28b6fed4-1280-11ef-89a5-0afffc1f1217/85aefdc2-9ed0-48aa-922d-60f... HTTP 307
    https://salvi-fov.com/zclkvisitor/28b6fed4-1280-11ef-89a5-0afffc1f1217/85aefdc2-9ed0-48aa-922d-60f... Page URL
  3. https://iuven-ojr.com/zclkredirect?visitid=28b6fed4-1280-11ef-89a5-0afffc1f1217&type=js&browserWid... Page URL
  4. https://geotrkclknow.com/rot/k5qYlA25FNmyRUip?extid=zr28b6fed4128011ef89a50afffc1f1217664b76bd3e9d4e4... HTTP 302
    https://ilimumf.com/click?trvid=32496&extid=zr28b6fed4128011ef89a50afffc1f1217664b76bd3e9d4e49a6... Page URL
  5. https://ilimumf.com/double?t=2&d=eyJVUkwiOiJodHRwczovL2NsaWNrY2Fudi5jb20vb2ZmZXItczI0P3N1YmlkPTV... Page URL
  6. https://clickcanv.com/offer-s24?subid=5u6Js7w7zMYZ&id=13295&merchantUrl=https%3A%2F%2Fwww.adidas.i... HTTP 302
    https://tracking.s24.com/v3/clickout/faf93174/13295/7575754507/fbf295e2201480905ddda91f5a8420d75ae7cf... HTTP 303
    https://tracking.s24.com/v3/proceed?cor_b=CiQxMTk0M2Y0NS1iMGVmLTQ3MzgtOThhOS1hY2QyOWVkOTg0OWYSDDV1Nkp... Page URL
  7. https://tracking.s24.com/v3/commit?cor_b=CiQxMTk0M2Y0NS1iMGVmLTQ3MzgtOThhOS1hY2QyOWVkOTg0OWYSDDV1Nkpz... HTTP 303
    https://widget.s24.com/recommendations?title=Tuta%20Together%20Back%20to%20School%20AEROREADY&s24ci... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js

Page Statistics

28
Requests

82 %
HTTPS

0 %
IPv6

15
Domains

16
Subdomains

13
IPs

3
Countries

185 kB
Transfer

399 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://facebookok.com/ HTTP 307
    https://facebookok.com/ Page URL
  2. http://salvi-fov.com/zclkvisitor/28b6fed4-1280-11ef-89a5-0afffc1f1217/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e93d8640-4dca-11ee-8404-123f4a2b6bb7 HTTP 307
    https://salvi-fov.com/zclkvisitor/28b6fed4-1280-11ef-89a5-0afffc1f1217/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e93d8640-4dca-11ee-8404-123f4a2b6bb7 Page URL
  3. https://iuven-ojr.com/zclkredirect?visitid=28b6fed4-1280-11ef-89a5-0afffc1f1217&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC%2B02%3A00&timezoneName=Europe%2FRome Page URL
  4. https://geotrkclknow.com/rot/k5qYlA25FNmyRUip?extid=zr28b6fed4128011ef89a50afffc1f1217664b76bd3e9d4e49a67f772bf4f4af66082133239dc6b1988d&cost=0.003500&targid=echo-wry-1nzrd4w6g5&sczp=lateritious-falcon HTTP 302
    https://ilimumf.com/click?trvid=32496&extid=zr28b6fed4128011ef89a50afffc1f1217664b76bd3e9d4e49a67f772bf4f4af66082133239dc6b1988d&cost=0.003500&targid=echo-wry-1nzrd4w6g5&sczp=lateritious-falcon&vsid=VX0BK6AY&asid=aqt1pb02l&dsid=D977347 Page URL
  5. https://ilimumf.com/double?t=2&d=eyJVUkwiOiJodHRwczovL2NsaWNrY2Fudi5jb20vb2ZmZXItczI0P3N1YmlkPTV1NkpzN3c3ek1ZWlx1MDAyNmlkPTEzMjk1XHUwMDI2bWVyY2hhbnRVcmw9aHR0cHMlM0ElMkYlMkZ3d3cuYWRpZGFzLml0JTJGIiwiUmVkaXJlY3RXb3JkaW5nIjoiICIsIlJlZGlyZWN0VGl0bGUiOiJSZWRpcmVjdGlvbi4uLiIsIlJlZGlyZWN0TGlua1RleHQiOiIgIiwiSW5zdGFsbElkIjoyMDAxfQ== Page URL
  6. https://clickcanv.com/offer-s24?subid=5u6Js7w7zMYZ&id=13295&merchantUrl=https%3A%2F%2Fwww.adidas.it%2F HTTP 302
    https://tracking.s24.com/v3/clickout/faf93174/13295/7575754507/fbf295e2201480905ddda91f5a8420d75ae7cff3?s24plid=5u6Js7w7zMYZ HTTP 303
    https://tracking.s24.com/v3/proceed?cor_b=CiQxMTk0M2Y0NS1iMGVmLTQ3MzgtOThhOS1hY2QyOWVkOTg0OWYSDDV1NkpzN3c3ek1ZWhoIZmFmOTMxNzQg72coi66znBxA7JjT1vcxSiBVMjd5NmlpOXZjdElSZVl4NzR3bzhXRk9FUzJuUWtNQVJvTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNC4wLjAuMCBTYWZhcmkvNTM3LjM2Wg4xODUuMTk4LjYyLjIwMIIBJDIwMzQ0MmE2LTBiZTAtNGZjYS1hZWMwLWIxODdlYmUxMmZmY5ABAKABAA%3D%3D&cor_h=2ECdWV39BmU_qDmaDgfMQE0zGgm7JwVZTKDc_b0KxpM%3D Page URL
  7. https://tracking.s24.com/v3/commit?cor_b=CiQxMTk0M2Y0NS1iMGVmLTQ3MzgtOThhOS1hY2QyOWVkOTg0OWYSDDV1NkpzN3c3ek1ZWhoIZmFmOTMxNzQg72coi66znBxA7JjT1vcxSiBVMjd5NmlpOXZjdElSZVl4NzR3bzhXRk9FUzJuUWtNQVJvTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNC4wLjAuMCBTYWZhcmkvNTM3LjM2Wg4xODUuMTk4LjYyLjIwMIIBJDIwMzQ0MmE2LTBiZTAtNGZjYS1hZWMwLWIxODdlYmUxMmZmY5ABAKABAA%3D%3D&cor_h=2ECdWV39BmU_qDmaDgfMQE0zGgm7JwVZTKDc_b0KxpM%3D HTTP 303
    https://widget.s24.com/recommendations?title=Tuta%20Together%20Back%20to%20School%20AEROREADY&s24cid=cooperation:datasyndication::faf93174&clickref=11943f45-b0ef-4738-98a9-acd29ed9849f Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://facebookok.com/ HTTP 307
  • https://facebookok.com/
Request Chain 5
  • http://salvi-fov.com/zclkvisitor/28b6fed4-1280-11ef-89a5-0afffc1f1217/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e93d8640-4dca-11ee-8404-123f4a2b6bb7 HTTP 307
  • https://salvi-fov.com/zclkvisitor/28b6fed4-1280-11ef-89a5-0afffc1f1217/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e93d8640-4dca-11ee-8404-123f4a2b6bb7
Request Chain 7
  • https://geotrkclknow.com/rot/k5qYlA25FNmyRUip?extid=zr28b6fed4128011ef89a50afffc1f1217664b76bd3e9d4e49a67f772bf4f4af66082133239dc6b1988d&cost=0.003500&targid=echo-wry-1nzrd4w6g5&sczp=lateritious-falcon HTTP 302
  • https://ilimumf.com/click?trvid=32496&extid=zr28b6fed4128011ef89a50afffc1f1217664b76bd3e9d4e49a67f772bf4f4af66082133239dc6b1988d&cost=0.003500&targid=echo-wry-1nzrd4w6g5&sczp=lateritious-falcon&vsid=VX0BK6AY&asid=aqt1pb02l&dsid=D977347
Request Chain 9
  • https://clickcanv.com/offer-s24?subid=5u6Js7w7zMYZ&id=13295&merchantUrl=https%3A%2F%2Fwww.adidas.it%2F HTTP 302
  • https://tracking.s24.com/v3/clickout/faf93174/13295/7575754507/fbf295e2201480905ddda91f5a8420d75ae7cff3?s24plid=5u6Js7w7zMYZ HTTP 303
  • https://tracking.s24.com/v3/proceed?cor_b=CiQxMTk0M2Y0NS1iMGVmLTQ3MzgtOThhOS1hY2QyOWVkOTg0OWYSDDV1NkpzN3c3ek1ZWhoIZmFmOTMxNzQg72coi66znBxA7JjT1vcxSiBVMjd5NmlpOXZjdElSZVl4NzR3bzhXRk9FUzJuUWtNQVJvTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNC4wLjAuMCBTYWZhcmkvNTM3LjM2Wg4xODUuMTk4LjYyLjIwMIIBJDIwMzQ0MmE2LTBiZTAtNGZjYS1hZWMwLWIxODdlYmUxMmZmY5ABAKABAA%3D%3D&cor_h=2ECdWV39BmU_qDmaDgfMQE0zGgm7JwVZTKDc_b0KxpM%3D

28 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
facebookok.com/
Redirect Chain
  • http://facebookok.com/
  • https://facebookok.com/
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://facebookok.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.53.178.51 , Germany, ASN61969 (TEAMINTERNET-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash
de833f6ae1825887c06343e0c1cb0dc816e66810d02f89c14b8181a5ac55c2f9

Request headers

Accept-Language
it-IT,it;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Accept-Ch
viewport-width dpr device-memory rtt downlink ect ua ua-full-version ua-platform ua-platform-version ua-arch ua-model ua-mobile
Accept-Ch-Lifetime
30
Content-Encoding
gzip
Content-Length
1353
Content-Type
text/html; charset=UTF-8
Date
Wed, 15 May 2024 05:58:32 GMT
Server
nginx
Vary
Accept-Encoding
X-Adblock-Key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Le7ywReyHIpZMjhJp1lzHlaHgawPVVHb6CqWM6ioXMDbPYaw1fEyNonuFlYxfCrf21HEZEF1qN37akjpL0zAIw==
X-Buckets
bucket011,bucket077
X-Domain
facebookok.com
X-Language
italian
X-Redirect
zeropark_zeroclick
X-Subdomain
X-Template
tpl_CleanPeppermintBlack_twoclick

Redirect headers

Location
https://facebookok.com/
Non-Authoritative-Reason
HttpsUpgrades
js3.js
d38psrni17bvxu.cloudfront.net/scripts/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Requested by
Host: facebookok.com
URL: https://facebookok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.121.135 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-121-135.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://facebookok.com/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 15 May 2024 04:33:35 GMT
via
1.1 1aa52a2a71a599aaf6b3df3a9c53b268.cloudfront.net (CloudFront)
last-modified
Thu, 21 Mar 2024 11:48:11 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
age
5098
etag
"65fc1e7b-448"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
1096
x-amz-cf-id
BPaHfkmitTga0UdChOkw-0iAqbD9zlTyU32Wi1A9JRvcppYRdgp9Yg==
track.php
facebookok.com/ 		0
565 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://facebookok.com/track.php?domain=facebookok.com&toggle=browserjs&uid=MTcxNTc1MjcxMS44NDM4Ojg5N2NiZTg4ZDgxNjU5MGU3YTQ2MTdhMTdjOGY0MjJhODQyM2RmMzFhZDExOTBmYzU0MTM3YzBlYjEyMzE3NGI6NjY0NDRmMDdjZTAwNA%3D%3D
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.53.178.51 , Germany, ASN61969 (TEAMINTERNET-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
device-memory
8
rtt
250
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
viewport-width
1600
Accept-Language
it-IT,it;q=0.9;q=0.9
Referer
https://facebookok.com/
dpr
1
downlink
8.1
ect
4g
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 15 May 2024 05:58:33 GMT
Content-Encoding
gzip
Accept-Ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Server
nginx
X-Custom-Track
browserjs
Vary
Accept-Encoding
Accept-Ch-Lifetime
30
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Content-Length
20
ls.php
facebookok.com/ 		16 B
863 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://facebookok.com/ls.php?t=66444f08&token=a9e46fff33ab651a24619bb6d87e45ad81819b3e
Requested by
Host: facebookok.com
URL: https://facebookok.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.53.178.51 , Germany, ASN61969 (TEAMINTERNET-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
device-memory
8
rtt
250
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
viewport-width
1600
Accept-Language
it-IT,it;q=0.9;q=0.9
Referer
https://facebookok.com/
dpr
1
downlink
8.1
ect
4g
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 15 May 2024 05:58:33 GMT
Accept-Ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Server
nginx
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
POST, OPTIONS
Content-Type
text/javascript;charset=UTF-8
Access-Control-Allow-Origin
Accept-Ch-Lifetime
30
Charset
utf-8
X-Adblock-Key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Jk02YGQT313wifoAJoU0cSqBjxd6S+TUh+0pLoJGPHtV+v4DxfRyBu4abw6BUoWaBt+f78BPXNH/8K2Yf7wXDg==
X-Log-Success
66444f097019eb81b200858a
Content-Length
16
track.php
facebookok.com/ 		0
580 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://facebookok.com/track.php?click=3b57ad2025e33ed3c2dc1f6cde5c7a3dffafe1f4&domain=facebookok.com&uid=MTcxNTc1MjcxMS44NDM4Ojg5N2NiZTg4ZDgxNjU5MGU3YTQ2MTdhMTdjOGY0MjJhODQyM2RmMzFhZDExOTBmYzU0MTM3YzBlYjEyMzE3NGI6NjY0NDRmMDdjZTAwNA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTEsYnVja2V0MDc3fHx8fHx8NjY0NDRmMDdjZGZjMHx8fDE3MTU3NTI3MTIuMTI1N3w2ODNiOGVlYThhODUzYjI4MzFkZGFjMWZhZWY1YzE3OTU1OWUzNzZlfHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18YTllNDZmZmYzM2FiNjUxYTI0NjE5YmI2ZDg3ZTQ1YWQ4MTgxOWIzZXwwfHwwfDB8fA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.53.178.51 , Germany, ASN61969 (TEAMINTERNET-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
device-memory
8
rtt
250
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
viewport-width
1600
Accept-Language
it-IT,it;q=0.9;q=0.9
Referer
https://facebookok.com/
dpr
1
downlink
8.1
ect
4g
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 15 May 2024 05:58:33 GMT
Content-Encoding
gzip
Accept-Ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Server
nginx
X-Custom-Track
none
Vary
Accept-Encoding
Accept-Ch-Lifetime
30
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
X-View-Match
true
Content-Length
20
85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d
salvi-fov.com/zclkvisitor/28b6fed4-1280-11ef-89a5-0afffc1f1217/
Redirect Chain
  • http://salvi-fov.com/zclkvisitor/28b6fed4-1280-11ef-89a5-0afffc1f1217/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e93d8640-4dca-11ee-8404-123f4a2b6bb7
  • https://salvi-fov.com/zclkvisitor/28b6fed4-1280-11ef-89a5-0afffc1f1217/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e93d8640-4dca-11ee-8404-123f4a2b6bb7
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://salvi-fov.com/zclkvisitor/28b6fed4-1280-11ef-89a5-0afffc1f1217/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e93d8640-4dca-11ee-8404-123f4a2b6bb7
Requested by
Host: facebookok.com
URL: https://facebookok.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.205.34.207 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-34-207.compute-1.amazonaws.com
Software
/
Resource Hash
9e2be3a5c1f8635e0a589d176226b94d25d85fd837aa2a078c32900af4bbbea4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Accept-Language
it-IT,it;q=0.9;q=0.9
Referer
https://facebookok.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
2732
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Wed, 15 May 2024 05:58:34 GMT
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp
default-src 'self'; script-src 'self' 'unsafe-inline'

Redirect headers

Location
https://salvi-fov.com/zclkvisitor/28b6fed4-1280-11ef-89a5-0afffc1f1217/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e93d8640-4dca-11ee-8404-123f4a2b6bb7
Non-Authoritative-Reason
HttpsUpgrades
zclkredirect
iuven-ojr.com/ 		584 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://iuven-ojr.com/zclkredirect?visitid=28b6fed4-1280-11ef-89a5-0afffc1f1217&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC%2B02%3A00&timezoneName=Europe%2FRome
Requested by
Host: salvi-fov.com
URL: https://salvi-fov.com/zclkvisitor/28b6fed4-1280-11ef-89a5-0afffc1f1217/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e93d8640-4dca-11ee-8404-123f4a2b6bb7
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.204.43.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-204-43-26.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Accept-Language
it-IT,it;q=0.9;q=0.9
Referer
https://salvi-fov.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
584
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Wed, 15 May 2024 05:58:34 GMT
redirected
JS
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp
default-src 'self'; script-src 'self' 'unsafe-inline'
click
ilimumf.com/
Redirect Chain
  • https://geotrkclknow.com/rot/k5qYlA25FNmyRUip?extid=zr28b6fed4128011ef89a50afffc1f1217664b76bd3e9d4e49a67f772bf4f4af66082133239dc6b1988d&cost=0.003500&targid=echo-wry-1nzrd4w6g5&sczp=lateritious-fa...
  • https://ilimumf.com/click?trvid=32496&extid=zr28b6fed4128011ef89a50afffc1f1217664b76bd3e9d4e49a67f772bf4f4af66082133239dc6b1988d&cost=0.003500&targid=echo-wry-1nzrd4w6g5&sczp=lateritious-falcon&vsi...
1 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ilimumf.com/click?trvid=32496&extid=zr28b6fed4128011ef89a50afffc1f1217664b76bd3e9d4e49a67f772bf4f4af66082133239dc6b1988d&cost=0.003500&targid=echo-wry-1nzrd4w6g5&sczp=lateritious-falcon&vsid=VX0BK6AY&asid=aqt1pb02l&dsid=D977347
Requested by
Host: iuven-ojr.com
URL: https://iuven-ojr.com/zclkredirect?visitid=28b6fed4-1280-11ef-89a5-0afffc1f1217&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC%2B02%3A00&timezoneName=Europe%2FRome
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.126.48.135 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-48-135.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
d5f180e6c92565eefa25e110bd186e02d5757bc6e5d77f13e4887472c5e8fd08

Request headers

Accept-Language
it-IT,it;q=0.9;q=0.9
Referer
https://iuven-ojr.com/zclkredirect?visitid=28b6fed4-1280-11ef-89a5-0afffc1f1217&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC%2B02%3A00&timezoneName=Europe%2FRome
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-cache, no-store, no-transform, must-revalidate, private, max-age=0
content-length
1137
content-type
text/html; charset=utf-8
date
Wed, 15 May 2024 05:58:35 GMT
expires
Thu, 01 Jan 1970 00:00:00 UTC
pragma
no-cache
server
nginx

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, private
cf-cache-status
DYNAMIC
cf-ray
8840e5a87a6e3d0b-CDG
content-type
text/html; charset=UTF-8
date
Wed, 15 May 2024 05:58:35 GMT
location
https://ilimumf.com/click?trvid=32496&extid=zr28b6fed4128011ef89a50afffc1f1217664b76bd3e9d4e49a67f772bf4f4af66082133239dc6b1988d&cost=0.003500&targid=echo-wry-1nzrd4w6g5&sczp=lateritious-falcon&vsid=VX0BK6AY&asid=aqt1pb02l&dsid=D977347
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8BuwipGWAI3wwcCM239LPYZJarpPe3rj7JVSAkIzEy2ft2uUHJEHEXyRYaPBHOq3Ptft5g9LJi8x%2F78Pf0uE%2FRS%2B%2Bh85%2BvUXtzyK2TGz2bgWoHnAjM5fUrhEAz6dPYqzoMMW"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
double
ilimumf.com/ 		736 B
917 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ilimumf.com/double?t=2&d=eyJVUkwiOiJodHRwczovL2NsaWNrY2Fudi5jb20vb2ZmZXItczI0P3N1YmlkPTV1NkpzN3c3ek1ZWlx1MDAyNmlkPTEzMjk1XHUwMDI2bWVyY2hhbnRVcmw9aHR0cHMlM0ElMkYlMkZ3d3cuYWRpZGFzLml0JTJGIiwiUmVkaXJlY3RXb3JkaW5nIjoiICIsIlJlZGlyZWN0VGl0bGUiOiJSZWRpcmVjdGlvbi4uLiIsIlJlZGlyZWN0TGlua1RleHQiOiIgIiwiSW5zdGFsbElkIjoyMDAxfQ==
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.126.48.135 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-48-135.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept-Language
it-IT,it;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-cache, no-store, no-transform, must-revalidate, private, max-age=0
content-length
736
content-type
text/html; charset=utf-8
date
Wed, 15 May 2024 05:58:36 GMT
expires
Thu, 01 Jan 1970 00:00:00 UTC
pragma
no-cache
server
nginx
proceed
tracking.s24.com/v3/
Redirect Chain
  • https://clickcanv.com/offer-s24?subid=5u6Js7w7zMYZ&id=13295&merchantUrl=https%3A%2F%2Fwww.adidas.it%2F
  • https://tracking.s24.com/v3/clickout/faf93174/13295/7575754507/fbf295e2201480905ddda91f5a8420d75ae7cff3?s24plid=5u6Js7w7zMYZ
  • https://tracking.s24.com/v3/proceed?cor_b=CiQxMTk0M2Y0NS1iMGVmLTQ3MzgtOThhOS1hY2QyOWVkOTg0OWYSDDV1NkpzN3c3ek1ZWhoIZmFmOTMxNzQg72coi66znBxA7JjT1vcxSiBVMjd5NmlpOXZjdElSZVl4NzR3bzhXRk9FUzJuUWtNQVJvTW9...
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tracking.s24.com/v3/proceed?cor_b=CiQxMTk0M2Y0NS1iMGVmLTQ3MzgtOThhOS1hY2QyOWVkOTg0OWYSDDV1NkpzN3c3ek1ZWhoIZmFmOTMxNzQg72coi66znBxA7JjT1vcxSiBVMjd5NmlpOXZjdElSZVl4NzR3bzhXRk9FUzJuUWtNQVJvTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNC4wLjAuMCBTYWZhcmkvNTM3LjM2Wg4xODUuMTk4LjYyLjIwMIIBJDIwMzQ0MmE2LTBiZTAtNGZjYS1hZWMwLWIxODdlYmUxMmZmY5ABAKABAA%3D%3D&cor_h=2ECdWV39BmU_qDmaDgfMQE0zGgm7JwVZTKDc_b0KxpM%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.77.209.234 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-77-209-234.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
70137d66090e951168f730174ebbb63e4cb4a57c60e182dfd657520285b9a7ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
it-IT,it;q=0.9;q=0.9
Referer
https://ilimumf.com/double?t=2&d=eyJVUkwiOiJodHRwczovL2NsaWNrY2Fudi5jb20vb2ZmZXItczI0P3N1YmlkPTV1NkpzN3c3ek1ZWlx1MDAyNmlkPTEzMjk1XHUwMDI2bWVyY2hhbnRVcmw9aHR0cHMlM0ElMkYlMkZ3d3cuYWRpZGFzLml0JTJGIiwiUmVkaXJlY3RXb3JkaW5nIjoiICIsIlJlZGlyZWN0VGl0bGUiOiJSZWRpcmVjdGlvbi4uLiIsIlJlZGlyZWN0TGlua1RleHQiOiIgIiwiSW5zdGFsbElkIjoyMDAxfQ==
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-language
it-IT
content-length
1334
content-type
text/html;charset=UTF-8
date
Wed, 15 May 2024 05:58:37 GMT
etag
"09f1164fb9dfd1825fbef04cc4bb33386"
p3p
CP="NOI DSP LAW NID CURa ADMa PSAa OUR LEG PUR COM NAV STA"
strict-transport-security
max-age=31536000; includeSubDomains
x-robots-tag
noindex, nofollow

Redirect headers

cache-control
no-cache, no-store
content-language
it-IT
content-length
0
date
Wed, 15 May 2024 05:58:37 GMT
location
https://tracking.s24.com/v3/proceed?cor_b=CiQxMTk0M2Y0NS1iMGVmLTQ3MzgtOThhOS1hY2QyOWVkOTg0OWYSDDV1NkpzN3c3ek1ZWhoIZmFmOTMxNzQg72coi66znBxA7JjT1vcxSiBVMjd5NmlpOXZjdElSZVl4NzR3bzhXRk9FUzJuUWtNQVJvTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNC4wLjAuMCBTYWZhcmkvNTM3LjM2Wg4xODUuMTk4LjYyLjIwMIIBJDIwMzQ0MmE2LTBiZTAtNGZjYS1hZWMwLWIxODdlYmUxMmZmY5ABAKABAA%3D%3D&cor_h=2ECdWV39BmU_qDmaDgfMQE0zGgm7JwVZTKDc_b0KxpM%3D
p3p
CP="NOI DSP LAW NID CURa ADMa PSAa OUR LEG PUR COM NAV STA"
strict-transport-security
max-age=31536000; includeSubDomains
x-robots-tag
noindex, nofollow
Primary Request recommendations
widget.s24.com/
Redirect Chain
  • https://tracking.s24.com/v3/commit?cor_b=CiQxMTk0M2Y0NS1iMGVmLTQ3MzgtOThhOS1hY2QyOWVkOTg0OWYSDDV1NkpzN3c3ek1ZWhoIZmFmOTMxNzQg72coi66znBxA7JjT1vcxSiBVMjd5NmlpOXZjdElSZVl4NzR3bzhXRk9FUzJuUWtNQVJvTW96...
  • https://widget.s24.com/recommendations?title=Tuta%20Together%20Back%20to%20School%20AEROREADY&s24cid=cooperation:datasyndication::faf93174&clickref=11943f45-b0ef-4738-98a9-acd29ed9849f
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://widget.s24.com/recommendations?title=Tuta%20Together%20Back%20to%20School%20AEROREADY&s24cid=cooperation:datasyndication::faf93174&clickref=11943f45-b0ef-4738-98a9-acd29ed9849f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.29.232.52 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-232-52.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
75b59b0de9162ac5f73cb7226034e2d5ba31c44feea0999d191728571d519583
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
it-IT,it;q=0.9;q=0.9
Content-Type
application/x-www-form-urlencoded
Origin
https://tracking.s24.com
Referer
https://tracking.s24.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
max-age=7200
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 15 May 2024 05:58:38 GMT
expires
Wed, 15 May 2024 07:58:38 GMT
pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding Accept-Encoding Origin
x-51d-devicetype
Desktop
x-51d-iscrawler
False

Redirect headers

content-language
it-IT
content-length
0
date
Wed, 15 May 2024 05:58:37 GMT
location
https://widget.s24.com/recommendations?title=Tuta%20Together%20Back%20to%20School%20AEROREADY&s24cid=cooperation:datasyndication::faf93174&clickref=11943f45-b0ef-4738-98a9-acd29ed9849f
p3p
CP="NOI DSP LAW NID CURa ADMa PSAa OUR LEG PUR COM NAV STA"
strict-transport-security
max-age=31536000; includeSubDomains
x-robots-tag
noindex, nofollow
css
fonts.googleapis.com/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:800i|Source+Sans+Pro:400,600
Requested by
Host: widget.s24.com
URL: https://widget.s24.com/recommendations?title=Tuta%20Together%20Back%20to%20School%20AEROREADY&s24cid=cooperation:datasyndication::faf93174&clickref=11943f45-b0ef-4738-98a9-acd29ed9849f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.106 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f10.1e100.net
Software
ESF /
Resource Hash
6b7609ba3065bad37e681d8ff7c22b2377e4492106a70ec1d3327f22ae99acdd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://widget.s24.com/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Wed, 15 May 2024 05:58:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 15 May 2024 05:58:39 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 May 2024 05:58:39 GMT
s24widget.min.js
widget.s24.com/js/ 		45 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.s24.com/js/s24widget.min.js
Requested by
Host: widget.s24.com
URL: https://widget.s24.com/recommendations?title=Tuta%20Together%20Back%20to%20School%20AEROREADY&s24cid=cooperation:datasyndication::faf93174&clickref=11943f45-b0ef-4738-98a9-acd29ed9849f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.29.232.52 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-232-52.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
4405bfaff47adec7c6a2183cc54f466b4bceacbfebde583922a8dfbd2a67802a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://widget.s24.com/recommendations?title=Tuta%20Together%20Back%20to%20School%20AEROREADY&s24cid=cooperation:datasyndication::faf93174&clickref=11943f45-b0ef-4738-98a9-acd29ed9849f
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 15 May 2024 05:58:38 GMT
x-51d-iscrawler
False
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 22 Mar 2024 13:35:29 GMT
etag
W/"65fd8921-b3a0"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-51d-devicetype
Desktop
expires
Thu, 31 Dec 2037 23:55:55 GMT
products
widget.s24.com/applications/531f129b/widgets/189/ 		9 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://widget.s24.com/applications/531f129b/widgets/189/products?searchTerm=Tuta%20Together%20Back%20to%20School%20AEROREADY&origin=https%3A%2F%2Fwidget.s24.com%2Frecommendations%3Ftitle%3DTuta%2520Together%2520Back%2520to%2520School%2520AEROREADY%26s24cid%3Dcooperation%3Adatasyndication%3A%3Afaf93174%26clickref%3D11943f45-b0ef-4738-98a9-acd29ed9849f
Requested by
Host: widget.s24.com
URL: https://widget.s24.com/js/s24widget.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.29.232.52 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-232-52.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
acf879d0c3c5e28c56e0441edb75fa2e5e7704e2f0cec92b1f7469252b4d1cf9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://widget.s24.com/recommendations?title=Tuta%20Together%20Back%20to%20School%20AEROREADY&s24cid=cooperation:datasyndication::faf93174&clickref=11943f45-b0ef-4738-98a9-acd29ed9849f
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 15 May 2024 05:58:39 GMT
x-51d-iscrawler
False
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding, Accept-Encoding, Origin
content-type
application/json
cache-control
max-age=7200
x-51d-devicetype
Desktop
expires
Wed, 15 May 2024 07:58:39 GMT
css
fonts.googleapis.com/ 		7 KB
809 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600,300
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.106 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f10.1e100.net
Software
ESF /
Resource Hash
7b6a5bb945b6dd8b7019082a44443072b5bb680878dc5a6286c92ca9696d8373
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://widget.s24.com/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Wed, 15 May 2024 05:58:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 15 May 2024 05:58:39 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 May 2024 05:58:39 GMT
css
fonts.googleapis.com/ 		1 KB
482 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:400,900
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.106 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f10.1e100.net
Software
ESF /
Resource Hash
e3d44f6d683f763ed28004af9956697f62c1c06373d09eb6854f62fe0cb12653
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://widget.s24.com/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Wed, 15 May 2024 05:58:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 15 May 2024 04:08:14 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 May 2024 05:58:39 GMT
gtm.js
www.googletagmanager.com/ 		211 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NMWF6ZW&l=s24DataLayer
Requested by
Host: widget.s24.com
URL: https://widget.s24.com/js/s24widget.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
88839068e4f29828840a9b1537e0834abd657db35a5f9b876a6ba29255e2fae7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://widget.s24.com/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 15 May 2024 05:58:39 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
76715
x-xss-protection
0
last-modified
Wed, 15 May 2024 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 15 May 2024 05:58:39 GMT
6633649832
s24.media/152x152/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s24.media/152x152/6633649832
Requested by
Host: widget.s24.com
URL: https://widget.s24.com/recommendations?title=Tuta%20Together%20Back%20to%20School%20AEROREADY&s24cid=cooperation:datasyndication::faf93174&clickref=11943f45-b0ef-4738-98a9-acd29ed9849f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-107.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
79f23ac5f3ebfa5a270814b12d102176425fc6e5d98a08eb934d913f4c64cc9e

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://widget.s24.com/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 15 May 2024 05:58:39 GMT
via
1.1 1f5757b46371746e677236d4fc67d364.cloudfront.net (CloudFront)
server
AmazonS3
x-amz-cf-pop
FRA53-C1
x-cache
Error from cloudfront
content-type
image/jpeg
content-length
2503
x-amz-cf-id
xw09QqVd_jkM9gUZqvD2ZTEzKx3dH78ZFVCFoTvo-fDZXRLiHnqKdw==
versand_18x9.png
emmi-findet.de/images/ 		536 B
809 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://emmi-findet.de/images/versand_18x9.png
Requested by
Host: widget.s24.com
URL: https://widget.s24.com/recommendations?title=Tuta%20Together%20Back%20to%20School%20AEROREADY&s24cid=cooperation:datasyndication::faf93174&clickref=11943f45-b0ef-4738-98a9-acd29ed9849f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.29.232.52 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-232-52.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
4a9eafbc1dccb80beb04525ab5c7e93728f6e5b8c5b05b652f51e1c9db85261d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://widget.s24.com/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 15 May 2024 05:58:39 GMT
x-51d-iscrawler
False
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 22 Mar 2024 13:35:29 GMT
etag
"65fd8921-218"
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
content-length
536
x-51d-devicetype
Desktop
expires
Thu, 31 Dec 2037 23:55:55 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:800i|Source+Sans+Pro:400,600
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f3.1e100.net
Software
sffe /
Resource Hash
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://widget.s24.com
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 14:07:28 GMT
x-content-type-options
nosniff
age
57071
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14824
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 22:52:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 14 May 2025 14:07:28 GMT
memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk0ZjWVAewA.woff2
fonts.gstatic.com/s/opensans/v40/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk0ZjWVAewA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:800i|Source+Sans+Pro:400,600
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f3.1e100.net
Software
sffe /
Resource Hash
2cf7414e40490f8db33bb6c31731c67699d63c787aa98897bb58563f039e3109
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://widget.s24.com
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 06:53:26 GMT
x-content-type-options
nosniff
age
83113
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19056
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:01:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 14 May 2025 06:53:26 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:800i|Source+Sans+Pro:400,600
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f3.1e100.net
Software
sffe /
Resource Hash
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://widget.s24.com
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 18:28:29 GMT
x-content-type-options
nosniff
age
41410
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14892
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 22:52:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 14 May 2025 18:28:29 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NMWF6ZW&l=s24DataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f206.1e100.net
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://widget.s24.com/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 15 May 2024 05:41:03 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
1057
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 15 May 2024 07:41:03 GMT
trackAdImpression
widget.s24.com/applications/531f129b/widgets/189/ 		0
580 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://widget.s24.com/applications/531f129b/widgets/189/trackAdImpression?searchTerm=Tuta%20Together%20Back%20to%20School%20AEROREADY&origin=https%3A%2F%2Fwidget.s24.com%2Frecommendations%3Ftitle%3DTuta%2520Together%2520Back%2520to%2520School%2520AEROREADY%26s24cid%3Dcooperation%3Adatasyndication%3A%3Afaf93174%26clickref%3D11943f45-b0ef-4738-98a9-acd29ed9849f&top=124.390625
Requested by
Host: widget.s24.com
URL: https://widget.s24.com/js/s24widget.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.29.232.52 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-232-52.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://widget.s24.com/recommendations?title=Tuta%20Together%20Back%20to%20School%20AEROREADY&s24cid=cooperation:datasyndication::faf93174&clickref=11943f45-b0ef-4738-98a9-acd29ed9849f
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 15 May 2024 05:58:40 GMT
google-delayed-impression
1
x-51d-iscrawler
False
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin
cache-control
max-age=7200
x-51d-devicetype
Desktop
expires
Wed, 15 May 2024 07:58:40 GMT
favicon-32x32.png
recomad.de/ 		0
0
favicon-16x16.png
recomad.de/ 		0
0
favicon-96x96.png
recomad.de/ 		0
0
android-icon-192x192.png
recomad.de/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
recomad.de
URL
https://recomad.de/favicon-32x32.png
Domain
recomad.de
URL
https://recomad.de/favicon-16x16.png
Domain
recomad.de
URL
https://recomad.de/favicon-96x96.png
Domain
recomad.de
URL
https://recomad.de/android-icon-192x192.png

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| recomad object| s24DataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData boolean| windowLoaded

7 Cookies

Domain/Path Name / Value
ilimumf.com/ Name: ClickDataNG
Value: H4sIAAAAAAAA_7RU72_bNhD9V4QDArSAIlO_LRVG4SZIlyUuhiVp1mFfKPJkc6FJjaTkOG3_94GSkgbYvvaTfe-ejveO7_gVBjRWaAU1xBGJCITgjh1CTUKwfXP7_J9pNaBxyKFuqbQYApOCPVxyqCHvi19teSifNl_-hBA4dQh1XMZ5mSdlnIfA6L6jYqs8O02yqghB2LPf1i-1jHbUCT0S8jLLQjC9RB-REAxyYZC5Dbqd9oQQrO4NG_NZCJIqLtR2Zs_RnZFQA4Sg2xaNz8VZnmQhNIYqtpvJY3Ki7pzrbL1YjLIYVUPE9H4xEk5tkr23fSP46rXUv3pCkkLwVZwmVT5FezRsR5W7M3I1VjxJ1yfJxUlycTgcIsoFpzYS7iS5AD9T66AmESFp7mUOqPpp2h096t79aPGsNwYVO0INdzfnEEJvxKuehRT7ft-OHY_9v3dmEHw1znpqDB-d4KsnkyybokWexcmSxDG2y4rmhLZty-I2TuKyKLKmLBqeYsUzzCpalG1ZJk2btRlti4IskzhNk7TirGjiarnkU32vZTVJIWSCHDVbwVfIdvr0YI6nsXoyPDsU23lWlj11K0kdGuGE7u1pSyXTakoOVvDV5z_Ih6ti_WWCqIfoPy7uGpLICeMeO6_KMs1KCEF0a84NWuvtvMyjuFpGRRIlhLxOFpMzeotmvUXloIaNfhJS0kUekeDNvVBcH2zw6TaISUTeBfdCFdm74LHI3gbrrpN4j82VcIs8LaO0CN5c_XK7uQ4DKR4w-IjsQb8NznZG73ERJ5nfqogEN7SlRsyfgL_uFg0aqEH0A6pT_bfx9-f3BwfB8GXztBczt-T9bD__2FgvqzH6YMdC05kvFT4YqvgkdQI2mqN8DXyie5xiNh0HZ7SRuDi_ufbzsh3U8FHqhsrgd907NKNpe-WMd-Ll7ShjO_Vyefvt27XeN9Two6cJd5zRjZBUgTe1QeXOvD_n1TRiK9R19wpyhipL2fQWWKhVL2UIrLdO76H-Oq8MPBsNQsBHh0ZROb5EP8PfEMJApu6GGGr4Hz_7VDJTUqjhv6b2mWxm5PPvbMOhhBqene7jJdTwYnMPVFDDs8e_f_83AAD__-3cLTyzBQAA
ilimumf.com/ Name: ClickDataNgFall
Value: H4sIAAAAAAAA_7RU72_bNhD9V4QDArSAIlO_LRVG4SZIlyUuhiVp1mFfKPJkc6FJjaTkOG3_94GSkgbYvvaTfe-ejveO7_gVBjRWaAU1xBGJCITgjh1CTUKwfXP7_J9pNaBxyKFuqbQYApOCPVxyqCHvi19teSifNl_-hBA4dQh1XMZ5mSdlnIfA6L6jYqs8O02yqghB2LPf1i-1jHbUCT0S8jLLQjC9RB-REAxyYZC5Dbqd9oQQrO4NG_NZCJIqLtR2Zs_RnZFQA4Sg2xaNz8VZnmQhNIYqtpvJY3Ki7pzrbL1YjLIYVUPE9H4xEk5tkr23fSP46rXUv3pCkkLwVZwmVT5FezRsR5W7M3I1VjxJ1yfJxUlycTgcIsoFpzYS7iS5AD9T66AmESFp7mUOqPpp2h096t79aPGsNwYVO0INdzfnEEJvxKuehRT7ft-OHY_9v3dmEHw1znpqDB-d4KsnkyybokWexcmSxDG2y4rmhLZty-I2TuKyKLKmLBqeYsUzzCpalG1ZJk2btRlti4IskzhNk7TirGjiarnkU32vZTVJIWSCHDVbwVfIdvr0YI6nsXoyPDsU23lWlj11K0kdGuGE7u1pSyXTakoOVvDV5z_Ih6ti_WWCqIfoPy7uGpLICeMeO6_KMs1KCEF0a84NWuvtvMyjuFpGRRIlhLxOFpMzeotmvUXloIaNfhJS0kUekeDNvVBcH2zw6TaISUTeBfdCFdm74LHI3gbrrpN4j82VcIs8LaO0CN5c_XK7uQ4DKR4w-IjsQb8NznZG73ERJ5nfqogEN7SlRsyfgL_uFg0aqEH0A6pT_bfx9-f3BwfB8GXztBczt-T9bD__2FgvqzH6YMdC05kvFT4YqvgkdQI2mqN8DXyie5xiNh0HZ7SRuDi_ufbzsh3U8FHqhsrgd907NKNpe-WMd-Ll7ShjO_Vyefvt27XeN9Two6cJd5zRjZBUgTe1QeXOvD_n1TRiK9R19wpyhipL2fQWWKhVL2UIrLdO76H-Oq8MPBsNQsBHh0ZROb5EP8PfEMJApu6GGGr4Hz_7VDJTUqjhv6b2mWxm5PPvbMOhhBqene7jJdTwYnMPVFDDs8e_f_83AAD__-3cLTyzBQAA
.s24.com/ Name: co-session
Value: U27y6ii9vctIReYx74wo8WFOES2nQkMA
.s24.com/ Name: s24uid
Value: 203442a6-0be0-4fca-aec0-b187ebe12ffc
widget.s24.com/ Name: laravel_session
Value: eyJpdiI6IloxZlRZMWtKQlA1MEJzeGJBMis1SGc9PSIsInZhbHVlIjoiOVh5aFFQREpkQ2d6ZmhmTk5FamtjTFFldHdTNElINWw5czZWbk9aOHFXTXlWU3pnY0xuSyt4Wmp6RUxkcGdVTTlMdGovY1loSWh2dSt1QWFqSzI5a3dtcno3cXF6cVlHcXZHSG0wcHlYa0lTVER4byt3M0l2M3dWcjlOKy81MHYiLCJtYWMiOiJmMGVmZjc4ZjBjNTJjNTA1NTAzODhiZDllMjFiYjJiZDYzNjlkMjllYWM2N2NjMzU1ZjYwNGE0NGJkZDQyZGYxIiwidGFnIjoiIn0%3D
.s24.com/ Name: _ga
Value: GA1.2.771935585.1715752721
.s24.com/ Name: _gid
Value: GA1.2.1816924203.1715752721

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

clickcanv.com
d38psrni17bvxu.cloudfront.net
emmi-findet.de
facebookok.com
fonts.googleapis.com
fonts.gstatic.com
geotrkclknow.com
ilimumf.com
iuven-ojr.com
recomad.de
s24.media
salvi-fov.com
tracking.s24.com
widget.s24.com
www.google-analytics.com
www.googletagmanager.com
recomad.de
142.250.184.200
142.250.186.106
143.204.215.107
172.217.16.206
172.217.23.99
172.67.161.46
18.66.121.135
185.53.178.51
188.114.97.3
3.126.48.135
3.77.209.234
34.205.34.207
52.29.232.52
54.204.43.26
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9
2cf7414e40490f8db33bb6c31731c67699d63c787aa98897bb58563f039e3109
4405bfaff47adec7c6a2183cc54f466b4bceacbfebde583922a8dfbd2a67802a
4a9eafbc1dccb80beb04525ab5c7e93728f6e5b8c5b05b652f51e1c9db85261d
6b7609ba3065bad37e681d8ff7c22b2377e4492106a70ec1d3327f22ae99acdd
70137d66090e951168f730174ebbb63e4cb4a57c60e182dfd657520285b9a7ca
75b59b0de9162ac5f73cb7226034e2d5ba31c44feea0999d191728571d519583
79f23ac5f3ebfa5a270814b12d102176425fc6e5d98a08eb934d913f4c64cc9e
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
7b6a5bb945b6dd8b7019082a44443072b5bb680878dc5a6286c92ca9696d8373
88839068e4f29828840a9b1537e0834abd657db35a5f9b876a6ba29255e2fae7
9e2be3a5c1f8635e0a589d176226b94d25d85fd837aa2a078c32900af4bbbea4
acf879d0c3c5e28c56e0441edb75fa2e5e7704e2f0cec92b1f7469252b4d1cf9
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
d5f180e6c92565eefa25e110bd186e02d5757bc6e5d77f13e4887472c5e8fd08
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de833f6ae1825887c06343e0c1cb0dc816e66810d02f89c14b8181a5ac55c2f9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d44f6d683f763ed28004af9956697f62c1c06373d09eb6854f62fe0cb12653