tgfunnls.org Open in urlscan Pro
2606:4700:3033::ac43:bc5b Public Scan

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:08 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

HEAD
H2 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 51ms
29ms Fetch
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
etag: 14869471898732562513
vary: Accept-Encoding, Origin
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private, max-age=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:08 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 144ms
47ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 615912f041a697a45ad2002e3f9eec8b14493b68cd73df74488aa8317c641e49

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:08 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
542 B 213ms
110ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d82636af54506e25419e6834366d5e5c6f7e65d89429586a49ed60c75f8cff3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 143ms
49ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:08 GMT
Server: nginx/1.19.10
Etag: e7bf0891-f0bf-4857-a369-433048a2078f
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H2 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 17ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:08 GMT

GET
H2 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 22ms
19ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:08 GMT

GET
H2 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 20ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:08 GMT

GET
H2 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 21ms
19ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:08 GMT

GET
H2 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 20ms
18ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:08 GMT

GET
H2 206 se-1.mp4
static-13333.kxcdn.com/5275/media/ 683 KB
684 KB 7ms
6ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/se-1.mp4

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f84ec7719009b188b53ef86e2e2499391bf9ee9353ede346d4fe07ee35a39569

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=38174720-

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-amz-request-id: tx00000000000000501253a-00610bfe74-dde614e-ams3c
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 38174720-38874339/38874340
Content-Length: 699620
last-modified: Mon, 26 Jul 2021 16:58:52 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "d12ef942bc1b78d9c1ebe8ef6f833e81-8"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-hw: 1628176779.dop221.fr8.t,1628176779.cds257.fr8.shn,1628176779.dop221.fr8.t,1628176779.cds234.fr8.c
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:08 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 32ms
29ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

de85b8ee97824c5e846f3000562fd9b83fc14b62da6e812fbad4c9ad49eb0458

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51134
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:08 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2127
date: Fri, 06 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 180ms
65ms Script
application/javascript 13.224.96.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d4261e9b3b427b4faba85d775a6dbd131cf86cbd42945ba05ae2ebad8f8f36e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:48:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 50
etag: W/4e117f3a38c123981a4b3509540d1697
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: m3JMArb5amoe8kNHBv88LBRCy6brVaMqhUSpDpkHo5HqsAi834PyCg==
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)

GET
H/1.1 200
OK trackpush.min.js
s3.amazonaws.com/cdn.aimtell.com/trackpush/ 46 KB
13 KB 572ms
147ms Script
text/javascript 52.217.137.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/cdn.aimtell.com/trackpush/trackpush.min.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid=w697s3j4fg1dlji9imfda2d8&qze=3&aff_sub=HD29&aff_sub2=SharedTHMG_EN_DAILY_EN-FIN-019-V1&aff_sub3=%7BUSER%7D&aff_sub4=sharedTHMG&isoCode=SE&tpsiteid=24220
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.137.184 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:09 GMT
Content-Encoding: gzip
Last-Modified: Mon, 28 Jun 2021 21:08:18 GMT
Server: AmazonS3
x-amz-request-id: EF7FMNB3H0G3621S
ETag: "9d0da86deb2a490466778728a0471352"
Content-Type: text/javascript
Cache-Control: max-age=86400
Accept-Ranges: bytes
Content-Length: 13005
x-amz-id-2: nXnUDrCoYJIRuw+R+ElwWmLpnTE9PPzcJd+jvj9aWDJe12MwFSMkhoSkYHe76p7tNFgkrgEIhj0=

GET
H3-29 200 locate Show response
tgfunnls.org/ 150 B
1 KB 120ms
119ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9444725fb48cd94db4b9c4e1544b3ace3c54ccd0d1a289f124d36b69c9d6a20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6IkFjT1hOUHRxNkZoZHd6djNpeFVicEE9PSIsInZhbHVlIjoib0YweEJtanN5SFdKTFlpUng0MUh4NHAweW9ORFdydkozQkhCNGJJZzJSQWZyVlVJVWpNVmpzSURcLzlPcmIzblwvIiwibWFjIjoiNDgxY2E5YTc3NDdhNzhkY2MwYzFlOGFkNGVjMWMzYWU2NDc5MTIwYWI5NDc4MDY2NmFlMjA4ZjVjM2UzNjMzNCJ9
accept-language: en-US
sec-fetch-dest: empty
cookie: XSRF-TOKEN=eyJpdiI6IkFjT1hOUHRxNkZoZHd6djNpeFVicEE9PSIsInZhbHVlIjoib0YweEJtanN5SFdKTFlpUng0MUh4NHAweW9ORFdydkozQkhCNGJJZzJSQWZyVlVJVWpNVmpzSURcLzlPcmIzblwvIiwibWFjIjoiNDgxY2E5YTc3NDdhNzhkY2MwYzFlOGFkNGVjMWMzYWU2NDc5MTIwYWI5NDc4MDY2NmFlMjA4ZjVjM2UzNjMzNCJ9; c=eyJpdiI6IjVhblVsZjhnZGRGcUp3Nk42SENrWHc9PSIsInZhbHVlIjoieGluUEVRRkpCYnJjRXFnS1ZwRzgyOFdxSFwvWUt2U3FIK1VFVDN3OXEwTWFBMGY2OWZoYUFmVGJscnp1MENjZG8iLCJtYWMiOiJiZjZjNTM1ZjU0NzJhNzQ2ODM0Zjc2OGM2ZWU5NmI2YmYwNGIwZDI3ZGFiMDllOTYyNTRhNjI0MjkzYTAxYTcwIn0%3D; _vwo_uuid_v2=D40F03C4B721C4B93F33D459BEAE24449|a55d91d483043a732df5c107876a50b1
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid=w697s3j4fg1dlji9imfda2d8&qze=3&aff_sub=HD29&aff_sub2=SharedTHMG_EN_DAILY_EN-FIN-019-V1&aff_sub3=%7BUSER%7D&aff_sub4=sharedTHMG&isoCode=SE&tpsiteid=24220
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid=w697s3j4fg1dlji9imfda2d8&qze=3&aff_sub=HD29&aff_sub2=SharedTHMG_EN_DAILY_EN-FIN-019-V1&aff_sub3=%7BUSER%7D&aff_sub4=sharedTHMG&isoCode=SE&tpsiteid=24220
X-XSRF-TOKEN: eyJpdiI6IkFjT1hOUHRxNkZoZHd6djNpeFVicEE9PSIsInZhbHVlIjoib0YweEJtanN5SFdKTFlpUng0MUh4NHAweW9ORFdydkozQkhCNGJJZzJSQWZyVlVJVWpNVmpzSURcLzlPcmIzblwvIiwibWFjIjoiNDgxY2E5YTc3NDdhNzhkY2MwYzFlOGFkNGVjMWMzYWU2NDc5MTIwYWI5NDc4MDY2NmFlMjA4ZjVjM2UzNjMzNCJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sVTF%2Bb8TDqGU8dUgjlyT3hQCrisJilwpLO0TEymtNaz%2BGJkCoy%2BfXV0vdaLFF0yvGXnnUGvtFPKeN%2FfC0JTnW4Mn8qR3m4xkdZcMi%2BvPaq7Rv%2B4o2VHubucLXXSxJmqglWZfUH%2FZVzUepRc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Ik1NSU1wRTNlaEhiSjJqMnRodmpCcEE9PSIsInZhbHVlIjoib1krMXpxXC9zNm5FOVdETWJ1OCtIdWc3NXcyblB0Z1JzXC9QTnJJUDBycWF0TVdXSkk3N1NzUFlzZjhoXC9kV1NvdCIsIm1hYyI6ImY1ZGZjNjBmNzk0YjNiOTZhMTNmZjYzZjNhNGQ1YzU5Y2NjNGJmMTA4M2FmM2E1NDI2OTJmMmNhMmViNmY1YTgifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:08 GMT; Max-Age=7200; path=/ c=eyJpdiI6Ik5QdldjRjFYOGk2cDNjODkxc2FuTkE9PSIsInZhbHVlIjoiZlNTZXhSSmo5eGZHbVJMSmhwTFZsWHJVaXF0VExYNXlBRXE3THBRNXJYV1RFYTlCbUI2MHVoYTlORWp2Nlo2WSIsIm1hYyI6ImNiMjI5ZDQ4MGJjOTAxY2E0NWY2NWNiMWQzYTJmMzJiMmQwOTViNjYxNjI3ODQ2NzRmMjBjMWE5ZGVmOTIxYjUifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:08 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a46597742f7-FRA

GET
BLOB 200
OK 0b8ece4c-634a-4791-8f13-71d3c04627a1
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/0b8ece4c-634a-4791-8f13-71d3c04627a1
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid=w697s3j4fg1dlji9imfda2d8&qze=3&aff_sub=HD29&aff_sub2=SharedTHMG_EN_DAILY_EN-FIN-019-V1&aff_sub3=%7BUSER%7D&aff_sub4=sharedTHMG&isoCode=SE&tpsiteid=24220
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 141ms
46ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:08 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 47ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:08 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 19ms
19ms Image
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid=w697s3j4fg1dlji9imfda2d8&qze=3&aff_sub=HD29&aff_sub2=SharedTHMG_EN_DAILY_EN-FIN-019-V1&aff_sub3=%7BUSER%7D&aff_sub4=sharedTHMG&isoCode=SE&tpsiteid=24220
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 29ms
13ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=423358863&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3Dw697s3j4fg1dlji9imfda2d8%26qze%3D3%26aff_sub%3DHD29%26aff_sub2%3DSharedTHMG_EN_DAILY_EN-FIN-019-V1%26aff_sub3%3D%257BUSER%257D%26aff_sub4%3DsharedTHMG%26isoCode%3DSE%26tpsiteid%3D24220&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1509513915&gjid=229102235&cid=1200254003.1628250548&tid=UA-192660002-1&_gid=435069735.1628250548&_r=1&gtm=2wg840MSK8GMG&z=2101237710

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 54ms
54ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.6233992748662467&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3Dw697s3j4fg1dlji9imfda2d8%26qze%3D3%26aff_sub%3DHD29%26aff_sub2%3DSharedTHMG_EN_DAILY_EN-FIN-019-V1%26aff_sub3%3D%257BUSER%257D%26aff_sub4%3DsharedTHMG%26isoCode%3DSE%26tpsiteid%3D24220
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:07 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

POST
H3-29 204 collect
www.google-analytics.com/g/ 0
17 B 13ms
13ms Ping
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-Y6C8Y8V9BH&gtm=2oe840&_p=423358863&sr=1600x1200&ul=en-us&cid=1200254003.1628250548&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3Dw697s3j4fg1dlji9imfda2d8%26qze%3D3%26aff_sub%3DHD29%26aff_sub2%3DSharedTHMG_EN_DAILY_EN-FIN-019-V1%26aff_sub3%3D%257BUSER%257D%26aff_sub4%3DsharedTHMG%26isoCode%3DSE%26tpsiteid%3D24220&dt=Daily%20Profit&sid=1628250548&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 81ms
48ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:08 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 90ms
50ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:08 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H3-29 201 event Show response
tgfunnls.org/ 272 B
1 KB 186ms
186ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid=w697s3j4fg1dlji9imfda2d8

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90bd608ee2a9d4b953634b7a8d652231152773b6721b6af1a01fb167e9b2fc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6Ik1NSU1wRTNlaEhiSjJqMnRodmpCcEE9PSIsInZhbHVlIjoib1krMXpxXC9zNm5FOVdETWJ1OCtIdWc3NXcyblB0Z1JzXC9QTnJJUDBycWF0TVdXSkk3N1NzUFlzZjhoXC9kV1NvdCIsIm1hYyI6ImY1ZGZjNjBmNzk0YjNiOTZhMTNmZjYzZjNhNGQ1YzU5Y2NjNGJmMTA4M2FmM2E1NDI2OTJmMmNhMmViNmY1YTgifQ==
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D40F03C4B721C4B93F33D459BEAE24449|a55d91d483043a732df5c107876a50b1; _gid=GA1.2.435069735.1628250548; _gat_UA-192660002-1=1; XSRF-TOKEN=eyJpdiI6Ik1NSU1wRTNlaEhiSjJqMnRodmpCcEE9PSIsInZhbHVlIjoib1krMXpxXC9zNm5FOVdETWJ1OCtIdWc3NXcyblB0Z1JzXC9QTnJJUDBycWF0TVdXSkk3N1NzUFlzZjhoXC9kV1NvdCIsIm1hYyI6ImY1ZGZjNjBmNzk0YjNiOTZhMTNmZjYzZjNhNGQ1YzU5Y2NjNGJmMTA4M2FmM2E1NDI2OTJmMmNhMmViNmY1YTgifQ%3D%3D; c=eyJpdiI6Ik5QdldjRjFYOGk2cDNjODkxc2FuTkE9PSIsInZhbHVlIjoiZlNTZXhSSmo5eGZHbVJMSmhwTFZsWHJVaXF0VExYNXlBRXE3THBRNXJYV1RFYTlCbUI2MHVoYTlORWp2Nlo2WSIsIm1hYyI6ImNiMjI5ZDQ4MGJjOTAxY2E0NWY2NWNiMWQzYTJmMzJiMmQwOTViNjYxNjI3ODQ2NzRmMjBjMWE5ZGVmOTIxYjUifQ%3D%3D; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.0.1628250548.0; _ga=GA1.1.1200254003.1628250548
content-length: 188
:path: /event?hitid=w697s3j4fg1dlji9imfda2d8
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid=w697s3j4fg1dlji9imfda2d8&qze=3&aff_sub=HD29&aff_sub2=SharedTHMG_EN_DAILY_EN-FIN-019-V1&aff_sub3=%7BUSER%7D&aff_sub4=sharedTHMG&isoCode=SE&tpsiteid=24220
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid=w697s3j4fg1dlji9imfda2d8&qze=3&aff_sub=HD29&aff_sub2=SharedTHMG_EN_DAILY_EN-FIN-019-V1&aff_sub3=%7BUSER%7D&aff_sub4=sharedTHMG&isoCode=SE&tpsiteid=24220
X-XSRF-TOKEN: eyJpdiI6Ik1NSU1wRTNlaEhiSjJqMnRodmpCcEE9PSIsInZhbHVlIjoib1krMXpxXC9zNm5FOVdETWJ1OCtIdWc3NXcyblB0Z1JzXC9QTnJJUDBycWF0TVdXSkk3N1NzUFlzZjhoXC9kV1NvdCIsIm1hYyI6ImY1ZGZjNjBmNzk0YjNiOTZhMTNmZjYzZjNhNGQ1YzU5Y2NjNGJmMTA4M2FmM2E1NDI2OTJmMmNhMmViNmY1YTgifQ==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bYMTorGUwIjkYPl%2FG%2F5AJbPXOxKCyANarv2MVUrI%2BVWXkd6TWd%2BK44NfflD%2FTTd6GpzspgTQnDUI0B9VXSH2DI8DpfAZGhVG%2FeQIeiDAOKm0EVOvo5rHwur7K2%2F15i9hinlXrscYsyOIXAI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlRmSllqcDlETzVpRlwvN1RmTGY4UVdRPT0iLCJ2YWx1ZSI6IjhYckp2SFZ0dWdTXC9KMWJnZHA3aDRUTzJmZUZXRDhNeWV2UWlhQlROSW81Wlg5U0s4bkhMUGpxUDV1RDRHWTVYIiwibWFjIjoiNzhiMjE0ZWNkMjA1YTQyNmQ5NGRiZTBhYzQxMzg5YTQ3Nzg5NjczZTRmZTkwYTJiY2I2MTc2N2Q0YTQyMGMxNCJ9; expires=Fri, 06-Aug-2021 13:49:08 GMT; Max-Age=7200; path=/ c=eyJpdiI6InVcL2dZSkRsSUU1N3VzdmkydGpBWU9nPT0iLCJ2YWx1ZSI6IlBsMjU5TERZZkhmT0s0V3dYNUxNeEpmTFkrd05yWTNaNGFiaG9TYlJrSTJ5RDJkZUV5RVJHMDVrelhMQVR1Y1MiLCJtYWMiOiI5NzM3OGJiZWNmOTgwMDI1YzgwYWIwNjUwNjgxOWQ2MDMyZTE2OWFiMjM1ODk4OWVkZDE2MTA5NTUyNzIxOTI3In0%3D; expires=Fri, 06-Aug-2021 13:49:08 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a476c4942f7-FRA

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 51ms
49ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.25911856471867356
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
88 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-192660002-1&cid=1200254003.1628250548&jid=1509513915&gjid=229102235&_gid=435069735.1628250548&_u=YEBAAEAAAAAAAC~&z=1772589435

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 06 Aug 2021 11:49:08 GMT
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 190ms
67ms Script
application/javascript 13.224.96.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77463
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: TfyJPi23f79kp-2kjYFDp-m2_wlt-vBvtKXt2ry3DCMi-OMCWyCdZA==

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 55ms
54ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-133"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 18ms
18ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-192660002-1&cid=1200254003.1628250548&jid=1509513915&_u=YEBAAEAAAAAAAC~&z=873830304

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
522 B 50ms
21ms Image
image/gif 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-192660002-1&cid=1200254003.1628250548&jid=1509513915&_u=YEBAAEAAAAAAAC~&z=873830304

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 206 se-1.mp4
static-13333.kxcdn.com/5275/media/ 3 MB
0 16ms
15ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/se-1.mp4

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=65536-

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-amz-request-id: tx00000000000000501253a-00610bfe74-dde614e-ams3c
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 65536-38874339/38874340
Content-Length: 38808804
last-modified: Mon, 26 Jul 2021 16:58:52 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "d12ef942bc1b78d9c1ebe8ef6f833e81-8"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-hw: 1628176779.dop221.fr8.t,1628176779.cds257.fr8.shn,1628176779.dop221.fr8.t,1628176779.cds234.fr8.c
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:08 GMT

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame E7AD 2 KB
1 KB 169ms
55ms Document
text/html 13.224.96.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-92.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: Ubg81yxZpvOXAejHvCBmo7sm3i1rt-lcD9pwkuzn-KHo4jFmBWctVw==
age: 1683158

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js
cdn.pushcrew.com/js/ 248 KB
71 KB 184ms
128ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Fri, 06 Aug 2021 12:19:08 GMT

GET
H/1.1 200
OK behaviour
planet2.digital/v1/ 0
0 222ms
78ms Image
application/json 54.216.252.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://planet2.digital/v1/behaviour?type=CLICKER&userId={USER}&service=sharedTHMG
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid=w697s3j4fg1dlji9imfda2d8&qze=3&aff_sub=HD29&aff_sub2=SharedTHMG_EN_DAILY_EN-FIN-019-V1&aff_sub3=%7BUSER%7D&aff_sub4=sharedTHMG&isoCode=SE&tpsiteid=24220
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.216.252.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-216-252-255.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 47ms
47ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:08 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 49ms
49ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:08 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 204ms
203ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2b2f804c24948a4c281e0a870b8c1046a57be8e2fda1a94017e589dbe1d23eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid=w697s3j4fg1dlji9imfda2d8&qze=3&aff_sub=HD29&aff_sub2=SharedTHMG_EN_DAILY_EN-FIN-019-V1&aff_sub3=%7BUSER%7D&aff_sub4=sharedTHMG&isoCode=SE&tpsiteid=24220
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D40F03C4B721C4B93F33D459BEAE24449|a55d91d483043a732df5c107876a50b1; _gid=GA1.2.435069735.1628250548; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.0.1628250548.0; _ga=GA1.1.1200254003.1628250548; XSRF-TOKEN=eyJpdiI6IlRmSllqcDlETzVpRlwvN1RmTGY4UVdRPT0iLCJ2YWx1ZSI6IjhYckp2SFZ0dWdTXC9KMWJnZHA3aDRUTzJmZUZXRDhNeWV2UWlhQlROSW81Wlg5U0s4bkhMUGpxUDV1RDRHWTVYIiwibWFjIjoiNzhiMjE0ZWNkMjA1YTQyNmQ5NGRiZTBhYzQxMzg5YTQ3Nzg5NjczZTRmZTkwYTJiY2I2MTc2N2Q0YTQyMGMxNCJ9; c=eyJpdiI6InVcL2dZSkRsSUU1N3VzdmkydGpBWU9nPT0iLCJ2YWx1ZSI6IlBsMjU5TERZZkhmT0s0V3dYNUxNeEpmTFkrd05yWTNaNGFiaG9TYlJrSTJ5RDJkZUV5RVJHMDVrelhMQVR1Y1MiLCJtYWMiOiI5NzM3OGJiZWNmOTgwMDI1YzgwYWIwNjUwNjgxOWQ2MDMyZTE2OWFiMjM1ODk4OWVkZDE2MTA5NTUyNzIxOTI3In0%3D; _hjid=e93583e0-194c-4f75-a751-f95344453219; _hjFirstSeen=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid=w697s3j4fg1dlji9imfda2d8&qze=3&aff_sub=HD29&aff_sub2=SharedTHMG_EN_DAILY_EN-FIN-019-V1&aff_sub3=%7BUSER%7D&aff_sub4=sharedTHMG&isoCode=SE&tpsiteid=24220

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjBHTE90aDBZV21NdjVvU1YxV1F6Vmc9PSIsInZhbHVlIjoiUDlrXC9iRG5SN3Z2K0p1a1VvN1J0cGpPeDd2NUwxVlpwQzRcL3htQlwvMjVmWFcreWNEYTNSYnlXQlFyZFRqS0lSdiIsIm1hYyI6IjViODVjNjg4OWQ2MThlZTA5N2U4Mjg4YWNmYTVmMzc0NWY0ZDdlZTQyNmI0NGU0MjAxMjEwNjZlYjFjYmQ2ZWMifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:08 GMT; Max-Age=7200; path=/ c=eyJpdiI6IlpXRjhmb3lTUjQrcXNZVjZBTGdJRnc9PSIsInZhbHVlIjoiYnFpV2d6Z25zNHQrbTlrdFNsRkxIZCt5YjE1aFR5cjFDek5FeWZBNjR2dmkraXc3QUFha0lwcFwvM0wxMzRub3EiLCJtYWMiOiIxYjg5MjRmMjdhOWJiZWM4ZDllYjllZmE0MTA3MDM4ZWUyNTcxMmQ5MzhlNjg2NTY1NTUzMTUxZTE1MGUyODVjIn0%3D; expires=Fri, 06-Aug-2021 13:49:08 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 2
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EPAKytEUOOxj6wIga%2B2O%2FMifO9U3bOgDPrJyDRASIdbszCf9fZMM00oXUy41VK8K7civjH1zswcizQWCtzG1o5IhoTXDIcwS726JjSk8QRR%2FwwcnPUp3X%2Fd1g%2BGRJochVXLwBxDiIJb2Ueo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67a80a49bb1f42f7-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 141ms
46ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 06 Aug 2021 11:49:08 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 18ms
17ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vwo_uuid_v2=D40F03C4B721C4B93F33D459BEAE24449|a55d91d483043a732df5c107876a50b1; _gid=GA1.2.435069735.1628250548; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.0.1628250548.0; _ga=GA1.1.1200254003.1628250548; _hjid=e93583e0-194c-4f75-a751-f95344453219; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjBHTE90aDBZV21NdjVvU1YxV1F6Vmc9PSIsInZhbHVlIjoiUDlrXC9iRG5SN3Z2K0p1a1VvN1J0cGpPeDd2NUwxVlpwQzRcL3htQlwvMjVmWFcreWNEYTNSYnlXQlFyZFRqS0lSdiIsIm1hYyI6IjViODVjNjg4OWQ2MThlZTA5N2U4Mjg4YWNmYTVmMzc0NWY0ZDdlZTQyNmI0NGU0MjAxMjEwNjZlYjFjYmQ2ZWMifQ%3D%3D; c=eyJpdiI6IlpXRjhmb3lTUjQrcXNZVjZBTGdJRnc9PSIsInZhbHVlIjoiYnFpV2d6Z25zNHQrbTlrdFNsRkxIZCt5YjE1aFR5cjFDek5FeWZBNjR2dmkraXc3QUFha0lwcFwvM0wxMzRub3EiLCJtYWMiOiIxYjg5MjRmMjdhOWJiZWM4ZDllYjllZmE0MTA3MDM4ZWUyNTcxMmQ5MzhlNjg2NTY1NTUzMTUxZTE1MGUyODVjIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3659
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CDg3FR3gWc8PlK2XjJWbyCujgp4MOuVc%2FD7M5FrynwdANTNvyNnV9p1%2BP0mS3vxwuCcYOWlGGPBUaFf95iwPCtiS0mmqefYBg5rDUlXktvCy9E571IypqPZt%2F6O%2F%2B1cbMySAF6xx7%2FD65hw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a4b2feb42f7-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
760 B 13ms
12ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vwo_uuid_v2=D40F03C4B721C4B93F33D459BEAE24449|a55d91d483043a732df5c107876a50b1; _gid=GA1.2.435069735.1628250548; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.0.1628250548.0; _ga=GA1.1.1200254003.1628250548; _hjid=e93583e0-194c-4f75-a751-f95344453219; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjBHTE90aDBZV21NdjVvU1YxV1F6Vmc9PSIsInZhbHVlIjoiUDlrXC9iRG5SN3Z2K0p1a1VvN1J0cGpPeDd2NUwxVlpwQzRcL3htQlwvMjVmWFcreWNEYTNSYnlXQlFyZFRqS0lSdiIsIm1hYyI6IjViODVjNjg4OWQ2MThlZTA5N2U4Mjg4YWNmYTVmMzc0NWY0ZDdlZTQyNmI0NGU0MjAxMjEwNjZlYjFjYmQ2ZWMifQ%3D%3D; c=eyJpdiI6IlpXRjhmb3lTUjQrcXNZVjZBTGdJRnc9PSIsInZhbHVlIjoiYnFpV2d6Z25zNHQrbTlrdFNsRkxIZCt5YjE1aFR5cjFDek5FeWZBNjR2dmkraXc3QUFha0lwcFwvM0wxMzRub3EiLCJtYWMiOiIxYjg5MjRmMjdhOWJiZWM4ZDllYjllZmE0MTA3MDM4ZWUyNTcxMmQ5MzhlNjg2NTY1NTUzMTUxZTE1MGUyODVjIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3659
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vyP3jlqr8voAdOqrVDxLAZcAk55gJG%2Bsu4ZOZRrPz2UTmU4mtZmehrkopEAIgzE8Yh%2BV2qq94Lf3X2ZLj7Tx%2B1Ugycahz52ye9agOt5bEocIQqyfgZyYOZrSjoLp8OQpDvoOv8SZPlmioIk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a4b2fee42f7-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 8ms
7ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000049794a1-0060df28ef-12ed1804-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:08 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 51ms
50ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 30ms
20ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 30ms
21ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 17ms
12ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vwo_uuid_v2=D40F03C4B721C4B93F33D459BEAE24449|a55d91d483043a732df5c107876a50b1; _gid=GA1.2.435069735.1628250548; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.0.1628250548.0; _ga=GA1.1.1200254003.1628250548; _hjid=e93583e0-194c-4f75-a751-f95344453219; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjBHTE90aDBZV21NdjVvU1YxV1F6Vmc9PSIsInZhbHVlIjoiUDlrXC9iRG5SN3Z2K0p1a1VvN1J0cGpPeDd2NUwxVlpwQzRcL3htQlwvMjVmWFcreWNEYTNSYnlXQlFyZFRqS0lSdiIsIm1hYyI6IjViODVjNjg4OWQ2MThlZTA5N2U4Mjg4YWNmYTVmMzc0NWY0ZDdlZTQyNmI0NGU0MjAxMjEwNjZlYjFjYmQ2ZWMifQ%3D%3D; c=eyJpdiI6IlpXRjhmb3lTUjQrcXNZVjZBTGdJRnc9PSIsInZhbHVlIjoiYnFpV2d6Z25zNHQrbTlrdFNsRkxIZCt5YjE1aFR5cjFDek5FeWZBNjR2dmkraXc3QUFha0lwcFwvM0wxMzRub3EiLCJtYWMiOiIxYjg5MjRmMjdhOWJiZWM4ZDllYjllZmE0MTA3MDM4ZWUyNTcxMmQ5MzhlNjg2NTY1NTUzMTUxZTE1MGUyODVjIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3659
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:28:14 GMT
server: cloudflare
etag: "610d0ebe-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D1OGaXP1VETSiIvLV5jKh7FMfj7LX83BuszXaLKrP3Qbvw0g1JL3vH%2B%2BOGGPYkc3wsRSzMbyGzAawOWxCqxGUWc%2BlezhiNMpoAOTfXlVu8P1P6c1ddqSWm2oQzOUIINwyShQZMgBPhENOGs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a4b890542f7-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 30ms
19ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 31ms
20ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794ba-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 31ms
20ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b6-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 31ms
21ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bc-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 32ms
21ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794be-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 37ms
27ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 38ms
27ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 38ms
28ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bd-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 43ms
32ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 46ms
36ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bc-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 47ms
36ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bb-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 47ms
37ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 47ms
37ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b8-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 48ms
38ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a5-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 48ms
38ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 48ms
39ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a3-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 24ms
17ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vwo_uuid_v2=D40F03C4B721C4B93F33D459BEAE24449|a55d91d483043a732df5c107876a50b1; _gid=GA1.2.435069735.1628250548; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.0.1628250548.0; _ga=GA1.1.1200254003.1628250548; _hjid=e93583e0-194c-4f75-a751-f95344453219; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjBHTE90aDBZV21NdjVvU1YxV1F6Vmc9PSIsInZhbHVlIjoiUDlrXC9iRG5SN3Z2K0p1a1VvN1J0cGpPeDd2NUwxVlpwQzRcL3htQlwvMjVmWFcreWNEYTNSYnlXQlFyZFRqS0lSdiIsIm1hYyI6IjViODVjNjg4OWQ2MThlZTA5N2U4Mjg4YWNmYTVmMzc0NWY0ZDdlZTQyNmI0NGU0MjAxMjEwNjZlYjFjYmQ2ZWMifQ%3D%3D; c=eyJpdiI6IlpXRjhmb3lTUjQrcXNZVjZBTGdJRnc9PSIsInZhbHVlIjoiYnFpV2d6Z25zNHQrbTlrdFNsRkxIZCt5YjE1aFR5cjFDek5FeWZBNjR2dmkraXc3QUFha0lwcFwvM0wxMzRub3EiLCJtYWMiOiIxYjg5MjRmMjdhOWJiZWM4ZDllYjllZmE0MTA3MDM4ZWUyNTcxMmQ5MzhlNjg2NTY1NTUzMTUxZTE1MGUyODVjIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3659
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5kv94RSlpxsZgX07a24uJiK%2FbnR6hTF6eslRXD2PSKeX55LgQ6tRN7Tdp9GHiBG9GmNdD8eAZyY0PQHv5%2BoO5P51FmeFMZAXozb9Okhvy%2BFQZp4cwAHbr%2BQ2pPaJEU4WkhWjqmzNp03H89s%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67a80a4b892042f7-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 8ms
8ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vwo_uuid_v2=D40F03C4B721C4B93F33D459BEAE24449|a55d91d483043a732df5c107876a50b1; _gid=GA1.2.435069735.1628250548; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.0.1628250548.0; _ga=GA1.1.1200254003.1628250548; _hjid=e93583e0-194c-4f75-a751-f95344453219; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjBHTE90aDBZV21NdjVvU1YxV1F6Vmc9PSIsInZhbHVlIjoiUDlrXC9iRG5SN3Z2K0p1a1VvN1J0cGpPeDd2NUwxVlpwQzRcL3htQlwvMjVmWFcreWNEYTNSYnlXQlFyZFRqS0lSdiIsIm1hYyI6IjViODVjNjg4OWQ2MThlZTA5N2U4Mjg4YWNmYTVmMzc0NWY0ZDdlZTQyNmI0NGU0MjAxMjEwNjZlYjFjYmQ2ZWMifQ%3D%3D; c=eyJpdiI6IlpXRjhmb3lTUjQrcXNZVjZBTGdJRnc9PSIsInZhbHVlIjoiYnFpV2d6Z25zNHQrbTlrdFNsRkxIZCt5YjE1aFR5cjFDek5FeWZBNjR2dmkraXc3QUFha0lwcFwvM0wxMzRub3EiLCJtYWMiOiIxYjg5MjRmMjdhOWJiZWM4ZDllYjllZmE0MTA3MDM4ZWUyNTcxMmQ5MzhlNjg2NTY1NTUzMTUxZTE1MGUyODVjIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 03 Aug 2021 14:21:05 GMT
server: cloudflare
etag: W/"610950d1-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SAR%2Fq0DdWXcUTd28kA6q0nE4BZJzHk9ZwycFTJmKWSjxBGrPvJ5RNkzJEXPLtNEwxI2UDsGwgl7c3fflJ4sbXH8zbp9PfQnOMTsqj1bnvYfumt1WAfXjmxwrpU6oz6rw6utUUqnUIb0DPyg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a4b485f42f7-FRA
vary: Accept-Encoding
expires: Sun, 08 Aug 2021 11:49:09 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 14ms
14ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vwo_uuid_v2=D40F03C4B721C4B93F33D459BEAE24449|a55d91d483043a732df5c107876a50b1; _gid=GA1.2.435069735.1628250548; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.0.1628250548.0; _ga=GA1.1.1200254003.1628250548; _hjid=e93583e0-194c-4f75-a751-f95344453219; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjBHTE90aDBZV21NdjVvU1YxV1F6Vmc9PSIsInZhbHVlIjoiUDlrXC9iRG5SN3Z2K0p1a1VvN1J0cGpPeDd2NUwxVlpwQzRcL3htQlwvMjVmWFcreWNEYTNSYnlXQlFyZFRqS0lSdiIsIm1hYyI6IjViODVjNjg4OWQ2MThlZTA5N2U4Mjg4YWNmYTVmMzc0NWY0ZDdlZTQyNmI0NGU0MjAxMjEwNjZlYjFjYmQ2ZWMifQ%3D%3D; c=eyJpdiI6IlpXRjhmb3lTUjQrcXNZVjZBTGdJRnc9PSIsInZhbHVlIjoiYnFpV2d6Z25zNHQrbTlrdFNsRkxIZCt5YjE1aFR5cjFDek5FeWZBNjR2dmkraXc3QUFha0lwcFwvM0wxMzRub3EiLCJtYWMiOiIxYjg5MjRmMjdhOWJiZWM4ZDllYjllZmE0MTA3MDM4ZWUyNTcxMmQ5MzhlNjg2NTY1NTUzMTUxZTE1MGUyODVjIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3659
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:36 GMT
server: cloudflare
etag: W/"610d0f4c-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AQxqMoUjJIXgIASvdPbEAID3ryspVi146b15U%2FT%2FRVn2r83a21zPTixEf2BW4bbQC4K5nDWDKBIH8MZpycJ%2FeAsXbaarfWgaBGwsVdO%2Ft3MwZ05vfB9V0nDQOJfXqqRAe2tXSsuAQhnhHIo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a4b588d42f7-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 44ms
44ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vwo_uuid_v2=D40F03C4B721C4B93F33D459BEAE24449|a55d91d483043a732df5c107876a50b1; _gid=GA1.2.435069735.1628250548; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.0.1628250548.0; _ga=GA1.1.1200254003.1628250548; _hjid=e93583e0-194c-4f75-a751-f95344453219; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjBHTE90aDBZV21NdjVvU1YxV1F6Vmc9PSIsInZhbHVlIjoiUDlrXC9iRG5SN3Z2K0p1a1VvN1J0cGpPeDd2NUwxVlpwQzRcL3htQlwvMjVmWFcreWNEYTNSYnlXQlFyZFRqS0lSdiIsIm1hYyI6IjViODVjNjg4OWQ2MThlZTA5N2U4Mjg4YWNmYTVmMzc0NWY0ZDdlZTQyNmI0NGU0MjAxMjEwNjZlYjFjYmQ2ZWMifQ%3D%3D; c=eyJpdiI6IlpXRjhmb3lTUjQrcXNZVjZBTGdJRnc9PSIsInZhbHVlIjoiYnFpV2d6Z25zNHQrbTlrdFNsRkxIZCt5YjE1aFR5cjFDek5FeWZBNjR2dmkraXc3QUFha0lwcFwvM0wxMzRub3EiLCJtYWMiOiIxYjg5MjRmMjdhOWJiZWM4ZDllYjllZmE0MTA3MDM4ZWUyNTcxMmQ5MzhlNjg2NTY1NTUzMTUxZTE1MGUyODVjIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4582
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B70raVF0TaP3Mf9eCaKQCu9u5L6ooIdawrMdJGySAHCXNmXnw7Uw3gECFNplJ4CkdK7Yoex0yR91E%2FbFt6QDh3d%2BrK3YMO2xmwQfjSIcka2cyOmgMDyEdaXrCfbZph4kOlDHAZo70vX3NFo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a4b78ee42f7-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 12ms
11ms Script
application/javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx00000000000000495929e-0060df28ef-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 68ms
60ms Script
text/plain 18.195.123.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.123.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-123-247.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:09 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 165ms
57ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:09 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 42ms
23ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ebf9aea91580923f108d8e9c9fa03581c3c58fcd1ab8712d4ed593fbde60062

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Jul 2021 15:47:47 GMT
server: cloudflare
age: 4750
etag: W/"61041f23-9787"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zk3rV6MVtDh8htWoChAugbouIYOmJebaf%2FyDmVqPMPPzVcvcMGu1BclNjHsTU9F1wrYuDcJJkJvRga3O%2BwOGVe39Va1uUkrQvPWAEmq%2FFHGxedpH35dGWE%2BRITnTijy2vQMbXqD3t5qHmqLD3A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a4b99ab4401-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
41 KB 37ms
29ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ee25e98eb177cc22fba819b261e53fdcdb837d1ca65533dbc186fa9f1f9550a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41863
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Aug 2021 11:49:09 GMT

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 68ms
60ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.6659023327198241
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: c0a199f4edb010566746f01cd3420c275c56c168d52a9189e4eed4446bcd69e2

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:09 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 4 MB
0 42ms
38ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593e6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 91ms
89ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a8f778-0060df3204-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 91ms
90ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593a6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:09 GMT

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 39ms
24ms Fetch
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 14869471898732562513
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 06 Aug 2021 11:49:09 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 56ms
56ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3fc97f601eea440fdbd873aedaf83799080b89054cf0984e027ac6b35a55d225

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:09 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 56ms
55ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

da5c0c84add6c657b758ed1f425e344b2f509b399889dc9dad821d3d8ca39b3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 52ms
50ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:09 GMT
Server: nginx/1.19.10
Etag: e3cfe591-0ebf-47ae-a408-fc2f1cd75129
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 19ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:09 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 17ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:09 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 18ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:09 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 19ms
18ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:09 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 19ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:09 GMT

GET
H3-29 200 locate Show response
tgfunnls.org/ 150 B
1 KB 83ms
82ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9444725fb48cd94db4b9c4e1544b3ace3c54ccd0d1a289f124d36b69c9d6a20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6IjBHTE90aDBZV21NdjVvU1YxV1F6Vmc9PSIsInZhbHVlIjoiUDlrXC9iRG5SN3Z2K0p1a1VvN1J0cGpPeDd2NUwxVlpwQzRcL3htQlwvMjVmWFcreWNEYTNSYnlXQlFyZFRqS0lSdiIsIm1hYyI6IjViODVjNjg4OWQ2MThlZTA5N2U4Mjg4YWNmYTVmMzc0NWY0ZDdlZTQyNmI0NGU0MjAxMjEwNjZlYjFjYmQ2ZWMifQ==
accept-language: en-US
sec-fetch-dest: empty
cookie: _vwo_uuid_v2=D40F03C4B721C4B93F33D459BEAE24449|a55d91d483043a732df5c107876a50b1; _gid=GA1.2.435069735.1628250548; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.0.1628250548.0; _ga=GA1.1.1200254003.1628250548; _hjid=e93583e0-194c-4f75-a751-f95344453219; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjBHTE90aDBZV21NdjVvU1YxV1F6Vmc9PSIsInZhbHVlIjoiUDlrXC9iRG5SN3Z2K0p1a1VvN1J0cGpPeDd2NUwxVlpwQzRcL3htQlwvMjVmWFcreWNEYTNSYnlXQlFyZFRqS0lSdiIsIm1hYyI6IjViODVjNjg4OWQ2MThlZTA5N2U4Mjg4YWNmYTVmMzc0NWY0ZDdlZTQyNmI0NGU0MjAxMjEwNjZlYjFjYmQ2ZWMifQ%3D%3D; c=eyJpdiI6IlpXRjhmb3lTUjQrcXNZVjZBTGdJRnc9PSIsInZhbHVlIjoiYnFpV2d6Z25zNHQrbTlrdFNsRkxIZCt5YjE1aFR5cjFDek5FeWZBNjR2dmkraXc3QUFha0lwcFwvM0wxMzRub3EiLCJtYWMiOiIxYjg5MjRmMjdhOWJiZWM4ZDllYjllZmE0MTA3MDM4ZWUyNTcxMmQ5MzhlNjg2NTY1NTUzMTUxZTE1MGUyODVjIn0%3D
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IjBHTE90aDBZV21NdjVvU1YxV1F6Vmc9PSIsInZhbHVlIjoiUDlrXC9iRG5SN3Z2K0p1a1VvN1J0cGpPeDd2NUwxVlpwQzRcL3htQlwvMjVmWFcreWNEYTNSYnlXQlFyZFRqS0lSdiIsIm1hYyI6IjViODVjNjg4OWQ2MThlZTA5N2U4Mjg4YWNmYTVmMzc0NWY0ZDdlZTQyNmI0NGU0MjAxMjEwNjZlYjFjYmQ2ZWMifQ==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LL9jlq4jtolrJlEma3B1pNezMeAhr%2Fj28iiHTGndK0QzatrNtQQ4J%2FBmamSiF2DSV5LF%2By%2F0oTEt1b2U432w6%2Fco5fDRhYMPEcU%2F5AAA8qC3sBoITD1LBR5dKG81%2BhgHPCuBd3J5fSI5FcI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InhnazRNS2Z1OWQzUE8yZ2FLb1lpeFE9PSIsInZhbHVlIjoibzhnUWpaNFZpdUg2WWV6MDVYT2JxcTRJYTYxTDM4MitSbTFyOTNBUjlLZGdieFQ2eHdFRmM0WVdSQVZ1b1ZIVSIsIm1hYyI6ImIyNWM0YTNjYTlkY2Y0Y2ZhMGE0Y2JiMTkwM2UxYmI3MTI3YWQ0ZThjOTZhMTMzZjMzYWJkMzNjY2E3NDRhMGEifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:09 GMT; Max-Age=7200; path=/ c=eyJpdiI6Ilc0MkpPS3lxNHdsVGZwZCtnY3JyY3c9PSIsInZhbHVlIjoiZkF4c0lwZ1h1R1hCWXo0TDdOUWFyaklnVjNRUzc0dG1JeTRJaUJoTm8yOVhlMENrdWRhU0dSWFQ1NlFsY2NWOCIsIm1hYyI6IjFjNmZhOTZmNWY3M2RkYzY2YmJlMjc5NTFmZjQxODM4MjUzMjlkMTFiOWMyODU2NmE4N2M5ODEwZTgyYWYxMDYifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:09 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a4c6bba42f7-FRA

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 24ms
24ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vwo_uuid_v2=D40F03C4B721C4B93F33D459BEAE24449|a55d91d483043a732df5c107876a50b1; _gid=GA1.2.435069735.1628250548; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.0.1628250548.0; _ga=GA1.1.1200254003.1628250548; _hjid=e93583e0-194c-4f75-a751-f95344453219; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjBHTE90aDBZV21NdjVvU1YxV1F6Vmc9PSIsInZhbHVlIjoiUDlrXC9iRG5SN3Z2K0p1a1VvN1J0cGpPeDd2NUwxVlpwQzRcL3htQlwvMjVmWFcreWNEYTNSYnlXQlFyZFRqS0lSdiIsIm1hYyI6IjViODVjNjg4OWQ2MThlZTA5N2U4Mjg4YWNmYTVmMzc0NWY0ZDdlZTQyNmI0NGU0MjAxMjEwNjZlYjFjYmQ2ZWMifQ%3D%3D; c=eyJpdiI6IlpXRjhmb3lTUjQrcXNZVjZBTGdJRnc9PSIsInZhbHVlIjoiYnFpV2d6Z25zNHQrbTlrdFNsRkxIZCt5YjE1aFR5cjFDek5FeWZBNjR2dmkraXc3QUFha0lwcFwvM0wxMzRub3EiLCJtYWMiOiIxYjg5MjRmMjdhOWJiZWM4ZDllYjllZmE0MTA3MDM4ZWUyNTcxMmQ5MzhlNjg2NTY1NTUzMTUxZTE1MGUyODVjIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2312
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:55:13 GMT
server: cloudflare
etag: "610d1511-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g7SRasvUgRyp5%2Fh%2FU%2BFiJyLlGdybIn7GYsr%2BxpOV9vAV9o3j9RV3ba6riShQ9dJ6i95ZXm0n58gaCFRWP1Tc1hZdMbEFkCHPRKQJgJRfsaoayA%2Fof01mxzJH9AAYJfniPOE7Gf4YAdjIDms%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a4c6bbd42f7-FRA

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dae34939244e213c68b00452772818739ff77e23eefc25acc3a141fa1f506648

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51136
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:09 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2128
date: Fri, 06 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 55ms
54ms Script
application/javascript 13.224.96.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d4261e9b3b427b4faba85d775a6dbd131cf86cbd42945ba05ae2ebad8f8f36e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:48:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 51
etag: W/4e117f3a38c123981a4b3509540d1697
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: Y_4MpcJoaYI-8y4nH68atdAN9zc3dekt6heRkD1k9vyvJHvfuAZJIw==
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 47ms
47ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:09 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 48ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:09 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK ab21a4a6-eab7-4a91-9dda-104b0db6639a
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/ab21a4a6-eab7-4a91-9dda-104b0db6639a
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 20ms
19ms Image
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 47ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:09 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 47ms
46ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:09 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 tag-18c0c42595158c9943ee0260eecc4fc3.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/ 214 KB
61 KB 49ms
48ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.6659023327198241
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: b6a6463b285c1fdc27b7022ff01564762e81117074a3f3781cc931fe389afc70

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-f3a3"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62371
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 122ms
122ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D40F03C4B721C4B93F33D459BEAE24449&h=a55d91d483043a732df5c107876a50b1&t=false&r=0.7930474701480279

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:08 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 177ms
176ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6InhnazRNS2Z1OWQzUE8yZ2FLb1lpeFE9PSIsInZhbHVlIjoibzhnUWpaNFZpdUg2WWV6MDVYT2JxcTRJYTYxTDM4MitSbTFyOTNBUjlLZGdieFQ2eHdFRmM0WVdSQVZ1b1ZIVSIsIm1hYyI6ImIyNWM0YTNjYTlkY2Y0Y2ZhMGE0Y2JiMTkwM2UxYmI3MTI3YWQ0ZThjOTZhMTMzZjMzYWJkMzNjY2E3NDRhMGEifQ==
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D40F03C4B721C4B93F33D459BEAE24449|a55d91d483043a732df5c107876a50b1; _gid=GA1.2.435069735.1628250548; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.0.1628250548.0; _ga=GA1.1.1200254003.1628250548; _hjid=e93583e0-194c-4f75-a751-f95344453219; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6InhnazRNS2Z1OWQzUE8yZ2FLb1lpeFE9PSIsInZhbHVlIjoibzhnUWpaNFZpdUg2WWV6MDVYT2JxcTRJYTYxTDM4MitSbTFyOTNBUjlLZGdieFQ2eHdFRmM0WVdSQVZ1b1ZIVSIsIm1hYyI6ImIyNWM0YTNjYTlkY2Y0Y2ZhMGE0Y2JiMTkwM2UxYmI3MTI3YWQ0ZThjOTZhMTMzZjMzYWJkMzNjY2E3NDRhMGEifQ%3D%3D; c=eyJpdiI6Ilc0MkpPS3lxNHdsVGZwZCtnY3JyY3c9PSIsInZhbHVlIjoiZkF4c0lwZ1h1R1hCWXo0TDdOUWFyaklnVjNRUzc0dG1JeTRJaUJoTm8yOVhlMENrdWRhU0dSWFQ1NlFsY2NWOCIsIm1hYyI6IjFjNmZhOTZmNWY3M2RkYzY2YmJlMjc5NTFmZjQxODM4MjUzMjlkMTFiOWMyODU2NmE4N2M5ODEwZTgyYWYxMDYifQ%3D%3D
content-length: 188
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6InhnazRNS2Z1OWQzUE8yZ2FLb1lpeFE9PSIsInZhbHVlIjoibzhnUWpaNFZpdUg2WWV6MDVYT2JxcTRJYTYxTDM4MitSbTFyOTNBUjlLZGdieFQ2eHdFRmM0WVdSQVZ1b1ZIVSIsIm1hYyI6ImIyNWM0YTNjYTlkY2Y0Y2ZhMGE0Y2JiMTkwM2UxYmI3MTI3YWQ0ZThjOTZhMTMzZjMzYWJkMzNjY2E3NDRhMGEifQ==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J8mEmHNES0qMAo7VbXJItNP7n7C9nCPfyp62dfOINxZdjVioJmCHdJ0LsPUi9QZLbiiaEF4O3w4oMxRkHCk8l42sxy66nPZIS9rlTjwIv%2BZ9UBM2Ybm5hs0XPiawnn%2BpmUO1XPbA2XxQapU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImhObXpvS0NKV3NhTWNTbTlGXC9BdThRPT0iLCJ2YWx1ZSI6ImJCRHlZbmhLUm53aHVOdHg2QjVWQ3pIUnl6emxaTk1yM3lzQTI1cDl2WXp6M1ZUYXpGYWl2UmFyV3A2ZFNjS1UiLCJtYWMiOiJiNmUzZGNiN2FjZTE0MTg1OTEzNGI5MWVkYTdlNzQxNTNiYzIxMDlhMGJhNGI4Mzg0YmY5ODU2YWM0ZDczODcyIn0%3D; expires=Fri, 06-Aug-2021 13:49:09 GMT; Max-Age=7200; path=/ c=eyJpdiI6IjZDd2szN1hTTExNUFc5TVprTWg3clE9PSIsInZhbHVlIjoiMGhETGM1TzBObTBiSjVWclwvNjV1RVpzcXdoZFR3dTJnSU9tZkZGWW9yNklBVDdkYlIzS0twaXhCdmdueWhLSlkiLCJtYWMiOiIwYzc3YmM4MGNlMWI4NzdhMjZlNWQ1NThmN2I5YmM5OWE3NWQ2MzNmZGY1NjRhMzI0MzliNzFhYjRjOGM4NWNhIn0%3D; expires=Fri, 06-Aug-2021 13:49:09 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a4d1da542f7-FRA

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=1451897558&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=1200254003.1628250548&tid=UA-192660002-1&_gid=435069735.1628250548&gtm=2wg840MSK8GMG&z=1889877283

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 05:58:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 21029
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 63ms
63ms Script
application/javascript 13.224.96.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77464
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: U6j0JCYeeCB5botivhiHA-GPi3izdEe0oI8aBPy68kNHxl1iYQWdhA==

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 51ms
50ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.511812347633031&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 52ms
51ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.19311142271014892
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame B613 2 KB
1 KB 55ms
54ms Document
text/html 13.224.96.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-92.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: N4WV0cDXq-RlvwOl1IxTX8GJEsIZfX9LJZVb49owtcZR8nj7mEMGtQ==
age: 1683159

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 49ms
49ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:08 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-133"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js
cdn.pushcrew.com/js/ 248 KB
70 KB 130ms
129ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Fri, 06 Aug 2021 12:19:09 GMT

POST
H/1.1 200
OK add
tagdataxrt.com/log/ 12 B
597 B 49ms
49ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:09 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 47ms
47ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:09 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 47ms
46ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 06 Aug 2021 11:49:10 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 216ms
216ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9f5368117934669138c71ff86074d6a1262a62c330d992650c53eceb0571427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D40F03C4B721C4B93F33D459BEAE24449|a55d91d483043a732df5c107876a50b1; _gid=GA1.2.435069735.1628250548; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e93583e0-194c-4f75-a751-f95344453219; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250549.0; _ga=GA1.1.1200254003.1628250548; XSRF-TOKEN=eyJpdiI6ImhObXpvS0NKV3NhTWNTbTlGXC9BdThRPT0iLCJ2YWx1ZSI6ImJCRHlZbmhLUm53aHVOdHg2QjVWQ3pIUnl6emxaTk1yM3lzQTI1cDl2WXp6M1ZUYXpGYWl2UmFyV3A2ZFNjS1UiLCJtYWMiOiJiNmUzZGNiN2FjZTE0MTg1OTEzNGI5MWVkYTdlNzQxNTNiYzIxMDlhMGJhNGI4Mzg0YmY5ODU2YWM0ZDczODcyIn0%3D; c=eyJpdiI6IjZDd2szN1hTTExNUFc5TVprTWg3clE9PSIsInZhbHVlIjoiMGhETGM1TzBObTBiSjVWclwvNjV1RVpzcXdoZFR3dTJnSU9tZkZGWW9yNklBVDdkYlIzS0twaXhCdmdueWhLSlkiLCJtYWMiOiIwYzc3YmM4MGNlMWI4NzdhMjZlNWQ1NThmN2I5YmM5OWE3NWQ2MzNmZGY1NjRhMzI0MzliNzFhYjRjOGM4NWNhIn0%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InVoN213NzV1UWhxOVlicFg2b01ST0E9PSIsInZhbHVlIjoiOXNqY21uM3dtWUo3d2J2UUM0d1paelRhVHN0NGFEZjgyVGc5bk0ySVY5TmdWU285XC9CeXFuajNZUkx0ZTlwV1MiLCJtYWMiOiJjYjE4OTA4ZTI2MWM4ZjkyNGUxOGM4MDM4ZGUyNTJjODVhOWM4OGE3OTE4YzRkZmY3MzZmNGJhYjkzMTM1ZTBmIn0%3D; expires=Fri, 06-Aug-2021 13:49:10 GMT; Max-Age=7200; path=/ c=eyJpdiI6InE3K2VreDQySDlnM0xNbUpCdFBYTHc9PSIsInZhbHVlIjoiZXc2RlVEZ2lOV3BDeEtoUndZR2Z4Tkgyc1RUTU9NaFdOUkVzcW9udHhNTzRQNllFaXRIZm10ZTNQK0dcL241OUoiLCJtYWMiOiJlY2EwYzI0Y2RhYmM4NzQ4NjZjNGNlN2E5ODhlNTlkZjNjMGY0MDE2NjZlYmY0YzZhZGQ3ZjQyMGNjNWY3ZDJhIn0%3D; expires=Fri, 06-Aug-2021 13:49:10 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 3
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bhGJS6jOfCiviprAwo0NMCPElMRGzkDFKm88lym9ymPGi6F84V7WYlBPMPdTMwZkkafiN4Hh9QeFijcI319jgX5f8%2FueUsK%2FgxNV8ZsAfw4f25OAvjrHmHVU2UILz18%2BPiGFTeIJ0CMuCYQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67a80a530dbc42f7-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 17ms
15ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6InVoN213NzV1UWhxOVlicFg2b01ST0E9PSIsInZhbHVlIjoiOXNqY21uM3dtWUo3d2J2UUM0d1paelRhVHN0NGFEZjgyVGc5bk0ySVY5TmdWU285XC9CeXFuajNZUkx0ZTlwV1MiLCJtYWMiOiJjYjE4OTA4ZTI2MWM4ZjkyNGUxOGM4MDM4ZGUyNTJjODVhOWM4OGE3OTE4YzRkZmY3MzZmNGJhYjkzMTM1ZTBmIn0%3D; c=eyJpdiI6InE3K2VreDQySDlnM0xNbUpCdFBYTHc9PSIsInZhbHVlIjoiZXc2RlVEZ2lOV3BDeEtoUndZR2Z4Tkgyc1RUTU9NaFdOUkVzcW9udHhNTzRQNllFaXRIZm10ZTNQK0dcL241OUoiLCJtYWMiOiJlY2EwYzI0Y2RhYmM4NzQ4NjZjNGNlN2E5ODhlNTlkZjNjMGY0MDE2NjZlYmY0YzZhZGQ3ZjQyMGNjNWY3ZDJhIn0%3D; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3661
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qc1t6WngoRYNhz%2BVIJ21YOQfPBk6hKFqcu0nJVXVFFbapTbtK1b1Akm2Onr78%2B1ltuPzw4fKMP1MJILWKM4slpJGdLRYPwD4iTArdhKtqVbdlBXBezY8tg4vsip0TgJdAUYvo3n9KOj8ZgA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a54899442f7-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
764 B 21ms
20ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6InVoN213NzV1UWhxOVlicFg2b01ST0E9PSIsInZhbHVlIjoiOXNqY21uM3dtWUo3d2J2UUM0d1paelRhVHN0NGFEZjgyVGc5bk0ySVY5TmdWU285XC9CeXFuajNZUkx0ZTlwV1MiLCJtYWMiOiJjYjE4OTA4ZTI2MWM4ZjkyNGUxOGM4MDM4ZGUyNTJjODVhOWM4OGE3OTE4YzRkZmY3MzZmNGJhYjkzMTM1ZTBmIn0%3D; c=eyJpdiI6InE3K2VreDQySDlnM0xNbUpCdFBYTHc9PSIsInZhbHVlIjoiZXc2RlVEZ2lOV3BDeEtoUndZR2Z4Tkgyc1RUTU9NaFdOUkVzcW9udHhNTzRQNllFaXRIZm10ZTNQK0dcL241OUoiLCJtYWMiOiJlY2EwYzI0Y2RhYmM4NzQ4NjZjNGNlN2E5ODhlNTlkZjNjMGY0MDE2NjZlYmY0YzZhZGQ3ZjQyMGNjNWY3ZDJhIn0%3D; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3661
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dA%2F9pLLyGjAtHdBP8b05tQb6Z%2BXvzpnWPvEYw5OyOtW3%2FKTgNztgcoNg2omxVE2AYj0Vv89jW2gnRVROWD%2FXmglMjWDVMvoQC2lPYVN0aXpz2GWs7hpVyhlRkEZ%2FOVxsGy78BEG5c74nY90%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a54899742f7-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 8ms
7ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000049794a1-0060df28ef-12ed1804-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 52ms
51ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 29ms
24ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 31ms
26ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 17ms
13ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6InVoN213NzV1UWhxOVlicFg2b01ST0E9PSIsInZhbHVlIjoiOXNqY21uM3dtWUo3d2J2UUM0d1paelRhVHN0NGFEZjgyVGc5bk0ySVY5TmdWU285XC9CeXFuajNZUkx0ZTlwV1MiLCJtYWMiOiJjYjE4OTA4ZTI2MWM4ZjkyNGUxOGM4MDM4ZGUyNTJjODVhOWM4OGE3OTE4YzRkZmY3MzZmNGJhYjkzMTM1ZTBmIn0%3D; c=eyJpdiI6InE3K2VreDQySDlnM0xNbUpCdFBYTHc9PSIsInZhbHVlIjoiZXc2RlVEZ2lOV3BDeEtoUndZR2Z4Tkgyc1RUTU9NaFdOUkVzcW9udHhNTzRQNllFaXRIZm10ZTNQK0dcL241OUoiLCJtYWMiOiJlY2EwYzI0Y2RhYmM4NzQ4NjZjNGNlN2E5ODhlNTlkZjNjMGY0MDE2NjZlYmY0YzZhZGQ3ZjQyMGNjNWY3ZDJhIn0%3D; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3660
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:28:14 GMT
server: cloudflare
etag: "610d0ebe-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L7voQ7CTLzd4%2BP0f0y99AOCHuuEGODTqafaTycPr0wgrEmKE5fI%2Bj22kFnxNErVlHI3HoFYvRLwveo%2Bfg3ziIOIxXY%2F6HrhzC9fd9l%2FpTCj4ptlUqYOF%2BMSeQrklyAOwjw54nuhfIol1EN0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a54ea7142f7-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 31ms
26ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 31ms
26ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794ba-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 31ms
27ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b6-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 22ms
15ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bc-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 22ms
16ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794be-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 15ms
5ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 10ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bd-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 10ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bc-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bb-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 20ms
17ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 21ms
17ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b8-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 20ms
17ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a5-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 19ms
18ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 20ms
18ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a3-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 16ms
14ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6InVoN213NzV1UWhxOVlicFg2b01ST0E9PSIsInZhbHVlIjoiOXNqY21uM3dtWUo3d2J2UUM0d1paelRhVHN0NGFEZjgyVGc5bk0ySVY5TmdWU285XC9CeXFuajNZUkx0ZTlwV1MiLCJtYWMiOiJjYjE4OTA4ZTI2MWM4ZjkyNGUxOGM4MDM4ZGUyNTJjODVhOWM4OGE3OTE4YzRkZmY3MzZmNGJhYjkzMTM1ZTBmIn0%3D; c=eyJpdiI6InE3K2VreDQySDlnM0xNbUpCdFBYTHc9PSIsInZhbHVlIjoiZXc2RlVEZ2lOV3BDeEtoUndZR2Z4Tkgyc1RUTU9NaFdOUkVzcW9udHhNTzRQNllFaXRIZm10ZTNQK0dcL241OUoiLCJtYWMiOiJlY2EwYzI0Y2RhYmM4NzQ4NjZjNGNlN2E5ODhlNTlkZjNjMGY0MDE2NjZlYmY0YzZhZGQ3ZjQyMGNjNWY3ZDJhIn0%3D; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3660
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NyFtsijaYMOf1F8wYSjklSUYPuY%2BkhcbdpL%2B%2F5mjbciDWmbtheRy2s83TdbER%2FyMmrQrcI9akxwwVhSiIMgHv%2F74coMlFiRvBBBLVXpgKVldrv%2BWzH%2Fx3maIP2XSQU3eXRnzMHor3DDNchQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67a80a54ea7642f7-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 9ms
8ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6InVoN213NzV1UWhxOVlicFg2b01ST0E9PSIsInZhbHVlIjoiOXNqY21uM3dtWUo3d2J2UUM0d1paelRhVHN0NGFEZjgyVGc5bk0ySVY5TmdWU285XC9CeXFuajNZUkx0ZTlwV1MiLCJtYWMiOiJjYjE4OTA4ZTI2MWM4ZjkyNGUxOGM4MDM4ZGUyNTJjODVhOWM4OGE3OTE4YzRkZmY3MzZmNGJhYjkzMTM1ZTBmIn0%3D; c=eyJpdiI6InE3K2VreDQySDlnM0xNbUpCdFBYTHc9PSIsInZhbHVlIjoiZXc2RlVEZ2lOV3BDeEtoUndZR2Z4Tkgyc1RUTU9NaFdOUkVzcW9udHhNTzRQNllFaXRIZm10ZTNQK0dcL241OUoiLCJtYWMiOiJlY2EwYzI0Y2RhYmM4NzQ4NjZjNGNlN2E5ODhlNTlkZjNjMGY0MDE2NjZlYmY0YzZhZGQ3ZjQyMGNjNWY3ZDJhIn0%3D; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 03 Aug 2021 14:21:05 GMT
server: cloudflare
etag: W/"610950d1-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U7kFpLb30wEh%2FomaFCV0qcr0i2rh0uEcpJXou9rgyUb0yM73j035%2FSX9OgCQnHyy%2Be8SqyBHAHu%2F8U2Kn2iRuwxzG9yw6IIxb%2FEziVquAzZ1ChawfnDbT7NTERRGzO54UPEh9zwDI0um1n0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a54a9f642f7-FRA
vary: Accept-Encoding
expires: Sun, 08 Aug 2021 11:49:10 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 14ms
14ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6InVoN213NzV1UWhxOVlicFg2b01ST0E9PSIsInZhbHVlIjoiOXNqY21uM3dtWUo3d2J2UUM0d1paelRhVHN0NGFEZjgyVGc5bk0ySVY5TmdWU285XC9CeXFuajNZUkx0ZTlwV1MiLCJtYWMiOiJjYjE4OTA4ZTI2MWM4ZjkyNGUxOGM4MDM4ZGUyNTJjODVhOWM4OGE3OTE4YzRkZmY3MzZmNGJhYjkzMTM1ZTBmIn0%3D; c=eyJpdiI6InE3K2VreDQySDlnM0xNbUpCdFBYTHc9PSIsInZhbHVlIjoiZXc2RlVEZ2lOV3BDeEtoUndZR2Z4Tkgyc1RUTU9NaFdOUkVzcW9udHhNTzRQNllFaXRIZm10ZTNQK0dcL241OUoiLCJtYWMiOiJlY2EwYzI0Y2RhYmM4NzQ4NjZjNGNlN2E5ODhlNTlkZjNjMGY0MDE2NjZlYmY0YzZhZGQ3ZjQyMGNjNWY3ZDJhIn0%3D; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3660
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:36 GMT
server: cloudflare
etag: W/"610d0f4c-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kSNecpSSzHsKfzw%2B78Bre52mB6nGuIr70nlsHgA6I0MVtpsEbfjxcYLoSRd%2FkUV9F99gWY32hQjFfVBpPY%2Fb5C5ZfPKxOeAv7W5svuFL6y4Y818z%2Fr6uiXHebVK3VKMOhRb6xp%2BEDtFtfxo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a54ba1f42f7-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 28ms
28ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6InVoN213NzV1UWhxOVlicFg2b01ST0E9PSIsInZhbHVlIjoiOXNqY21uM3dtWUo3d2J2UUM0d1paelRhVHN0NGFEZjgyVGc5bk0ySVY5TmdWU285XC9CeXFuajNZUkx0ZTlwV1MiLCJtYWMiOiJjYjE4OTA4ZTI2MWM4ZjkyNGUxOGM4MDM4ZGUyNTJjODVhOWM4OGE3OTE4YzRkZmY3MzZmNGJhYjkzMTM1ZTBmIn0%3D; c=eyJpdiI6InE3K2VreDQySDlnM0xNbUpCdFBYTHc9PSIsInZhbHVlIjoiZXc2RlVEZ2lOV3BDeEtoUndZR2Z4Tkgyc1RUTU9NaFdOUkVzcW9udHhNTzRQNllFaXRIZm10ZTNQK0dcL241OUoiLCJtYWMiOiJlY2EwYzI0Y2RhYmM4NzQ4NjZjNGNlN2E5ODhlNTlkZjNjMGY0MDE2NjZlYmY0YzZhZGQ3ZjQyMGNjNWY3ZDJhIn0%3D; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4583
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y28vjM60zYT%2BHZfpmrnBYvEi7y6FNtZxOvGx9lLL5KqXHUEGekyCGkej1WP%2FybeGxvu31uzkidELj3JWnjXORtwj08Nas9MqeQZ4IRVUxKVq%2FQDA8iq7J%2BO6I8VOKXGt6rKz4EBUQo%2BJH90%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a54da4a42f7-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 8ms
7ms Script
application/javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx00000000000000495929e-0060df28ef-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 54ms
52ms Script
text/plain 18.195.123.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.123.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-123-247.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:10 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 155ms
50ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:10 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 17ms
15ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ebf9aea91580923f108d8e9c9fa03581c3c58fcd1ab8712d4ed593fbde60062

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Jul 2021 15:47:47 GMT
server: cloudflare
age: 4751
etag: W/"61041f23-9787"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U0llkAprlFpncSfSC102yj5%2Fs9JpUE3IhKHFLrVTZWZxJKG4Ftucm%2B15v2jbbMh1E7jVpE3lnpESaPZn76Az8SbB6DRW45ex5yTkONrKGRSDXdEaVnXDyKpnHshVRShgvtNOryFvvudyhfEM6w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a54eb454a67-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
41 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b3deb878ce829e6d07f02dab95a7f5777b48eedd93f1161b99a1a04703abda10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41864
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Aug 2021 11:49:10 GMT

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 56ms
46ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.44215402625085365
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 0b5c3fd856f341f408d3cb90bf233b776660747afe754e4f9122d03f1c6fe0f7

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:09 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 22ms
10ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a8f778-0060df3204-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 16ms
10ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593a6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:10 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 20ms
19ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593e6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:10 GMT

HEAD
H2 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 42ms
41ms Fetch
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
etag: 14869471898732562513
vary: Accept-Encoding, Origin
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private, max-age=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:10 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 49ms
48ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: a1fbda373da95f773b5e9cf77b696f572b027190c461b9c77ce655bdd60fd925

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:10 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 52ms
51ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

eedfe8b4a418259333debb66c8fad786e599fe85d50da01f061dabc5714ff316

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 58ms
51ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:10 GMT
Server: nginx/1.19.10
Etag: c4c0cf42-6ccf-4a38-9b3d-5204165bf018
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H2 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 22ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:10 GMT

GET
H2 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 23ms
18ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:10 GMT

GET
H2 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 20ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:10 GMT

GET
H2 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 22ms
18ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:10 GMT

GET
H2 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 22ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:10 GMT

GET
H3-29 200 locate Show response
tgfunnls.org/ 150 B
1 KB 90ms
90ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9444725fb48cd94db4b9c4e1544b3ace3c54ccd0d1a289f124d36b69c9d6a20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6InVoN213NzV1UWhxOVlicFg2b01ST0E9PSIsInZhbHVlIjoiOXNqY21uM3dtWUo3d2J2UUM0d1paelRhVHN0NGFEZjgyVGc5bk0ySVY5TmdWU285XC9CeXFuajNZUkx0ZTlwV1MiLCJtYWMiOiJjYjE4OTA4ZTI2MWM4ZjkyNGUxOGM4MDM4ZGUyNTJjODVhOWM4OGE3OTE4YzRkZmY3MzZmNGJhYjkzMTM1ZTBmIn0=
accept-language: en-US
sec-fetch-dest: empty
cookie: XSRF-TOKEN=eyJpdiI6InVoN213NzV1UWhxOVlicFg2b01ST0E9PSIsInZhbHVlIjoiOXNqY21uM3dtWUo3d2J2UUM0d1paelRhVHN0NGFEZjgyVGc5bk0ySVY5TmdWU285XC9CeXFuajNZUkx0ZTlwV1MiLCJtYWMiOiJjYjE4OTA4ZTI2MWM4ZjkyNGUxOGM4MDM4ZGUyNTJjODVhOWM4OGE3OTE4YzRkZmY3MzZmNGJhYjkzMTM1ZTBmIn0%3D; c=eyJpdiI6InE3K2VreDQySDlnM0xNbUpCdFBYTHc9PSIsInZhbHVlIjoiZXc2RlVEZ2lOV3BDeEtoUndZR2Z4Tkgyc1RUTU9NaFdOUkVzcW9udHhNTzRQNllFaXRIZm10ZTNQK0dcL241OUoiLCJtYWMiOiJlY2EwYzI0Y2RhYmM4NzQ4NjZjNGNlN2E5ODhlNTlkZjNjMGY0MDE2NjZlYmY0YzZhZGQ3ZjQyMGNjNWY3ZDJhIn0%3D; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6InVoN213NzV1UWhxOVlicFg2b01ST0E9PSIsInZhbHVlIjoiOXNqY21uM3dtWUo3d2J2UUM0d1paelRhVHN0NGFEZjgyVGc5bk0ySVY5TmdWU285XC9CeXFuajNZUkx0ZTlwV1MiLCJtYWMiOiJjYjE4OTA4ZTI2MWM4ZjkyNGUxOGM4MDM4ZGUyNTJjODVhOWM4OGE3OTE4YzRkZmY3MzZmNGJhYjkzMTM1ZTBmIn0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z7YLIU48SzKu6aREo2IubdZz0KNGGoDSPqMwXFAYpxZlPumUQgWh7cHMLmdhPQJYls53PQO9Ys0Xmo7w7FL5gThuz0MpR3%2B9N4OVBDtj4O43Hjx8tVoSFRVQ3AK%2FXTIvX%2Fc1SlGjsMoz7dA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InNZaXVFNng2UElNNFdnXC8zUzlnczR3PT0iLCJ2YWx1ZSI6IkFCVEduYVI3ODBUQmZacE1FQ1ExM1dVaU5xTXNTOUFyTFlJUDA5TFR1RUlBVkNJYnNsTnUxTjgyb1wvckg5K25wIiwibWFjIjoiNDIzZTI3MGExNGY2ZWUyMzMzYTI5MDQ0YWZlMWY4YzFiODRkYmEyNWE0MTdiM2Q2MTcxOWI1MGNjOTBiNDhmNiJ9; expires=Fri, 06-Aug-2021 13:49:10 GMT; Max-Age=7200; path=/ c=eyJpdiI6IkZKdVhrZnNOM2xVT0szUlo4eXFtYmc9PSIsInZhbHVlIjoiMFZQbmVHYjhrUFNGXC9JVUVPYVdYZUNaNmFsQlhtMzlaXC82YUZxU2xEWXBBRERucTRNNWJGVENIcWJKaWJkeGdWIiwibWFjIjoiMTcyZGI1MTJhZGM5YjU4ODFjMWYwNmFlZjY2MDJmZTI2MGZjNzdlYTA3ZTVmZDQ1YWYzNTU2NDE2M2I3ZDk0ZiJ9; expires=Fri, 06-Aug-2021 13:49:10 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a55bc7e42f7-FRA

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 31ms
31ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6InVoN213NzV1UWhxOVlicFg2b01ST0E9PSIsInZhbHVlIjoiOXNqY21uM3dtWUo3d2J2UUM0d1paelRhVHN0NGFEZjgyVGc5bk0ySVY5TmdWU285XC9CeXFuajNZUkx0ZTlwV1MiLCJtYWMiOiJjYjE4OTA4ZTI2MWM4ZjkyNGUxOGM4MDM4ZGUyNTJjODVhOWM4OGE3OTE4YzRkZmY3MzZmNGJhYjkzMTM1ZTBmIn0%3D; c=eyJpdiI6InE3K2VreDQySDlnM0xNbUpCdFBYTHc9PSIsInZhbHVlIjoiZXc2RlVEZ2lOV3BDeEtoUndZR2Z4Tkgyc1RUTU9NaFdOUkVzcW9udHhNTzRQNllFaXRIZm10ZTNQK0dcL241OUoiLCJtYWMiOiJlY2EwYzI0Y2RhYmM4NzQ4NjZjNGNlN2E5ODhlNTlkZjNjMGY0MDE2NjZlYmY0YzZhZGQ3ZjQyMGNjNWY3ZDJhIn0%3D; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2313
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:55:13 GMT
server: cloudflare
etag: "610d1511-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0n1jshSndMvmw8MiJS3o%2F%2Bj8QcCw4YYvPnETnA1Gu3CgOIAjF2nFjds3ORBCiuE3HerqAn4v7DaMKyIDotVzJNVBjmlmm1wBNt7MIfoqMZLmK7l79kdaQDMRgbyx4f1QdHMHxWkq2QFmKz0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a55ccac42f7-FRA

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 46ms
46ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:10 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 47ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:10 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK 2e1ea11f-3009-4f42-a135-525f4d32c5a5
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/2e1ea11f-3009-4f42-a135-525f4d32c5a5
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 18ms
17ms Image
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

caf7ecf5748d7e3e027c4c06c569b3a6fb8f0f78f0dc3ff8c888b2299747e496

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51136
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:10 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2129
date: Fri, 06 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 62ms
55ms Script
application/javascript 13.224.96.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d4261e9b3b427b4faba85d775a6dbd131cf86cbd42945ba05ae2ebad8f8f36e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:48:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 52
etag: W/4e117f3a38c123981a4b3509540d1697
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: Fr_IwQk142Rh4Pf3NHkrHMZ1EwDCXF-S5aY1B9Yz_XVncD7onQfWGg==
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 182ms
180ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6InNZaXVFNng2UElNNFdnXC8zUzlnczR3PT0iLCJ2YWx1ZSI6IkFCVEduYVI3ODBUQmZacE1FQ1ExM1dVaU5xTXNTOUFyTFlJUDA5TFR1RUlBVkNJYnNsTnUxTjgyb1wvckg5K25wIiwibWFjIjoiNDIzZTI3MGExNGY2ZWUyMzMzYTI5MDQ0YWZlMWY4YzFiODRkYmEyNWE0MTdiM2Q2MTcxOWI1MGNjOTBiNDhmNiJ9
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0; XSRF-TOKEN=eyJpdiI6InNZaXVFNng2UElNNFdnXC8zUzlnczR3PT0iLCJ2YWx1ZSI6IkFCVEduYVI3ODBUQmZacE1FQ1ExM1dVaU5xTXNTOUFyTFlJUDA5TFR1RUlBVkNJYnNsTnUxTjgyb1wvckg5K25wIiwibWFjIjoiNDIzZTI3MGExNGY2ZWUyMzMzYTI5MDQ0YWZlMWY4YzFiODRkYmEyNWE0MTdiM2Q2MTcxOWI1MGNjOTBiNDhmNiJ9; c=eyJpdiI6IkZKdVhrZnNOM2xVT0szUlo4eXFtYmc9PSIsInZhbHVlIjoiMFZQbmVHYjhrUFNGXC9JVUVPYVdYZUNaNmFsQlhtMzlaXC82YUZxU2xEWXBBRERucTRNNWJGVENIcWJKaWJkeGdWIiwibWFjIjoiMTcyZGI1MTJhZGM5YjU4ODFjMWYwNmFlZjY2MDJmZTI2MGZjNzdlYTA3ZTVmZDQ1YWYzNTU2NDE2M2I3ZDk0ZiJ9
content-length: 188
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6InNZaXVFNng2UElNNFdnXC8zUzlnczR3PT0iLCJ2YWx1ZSI6IkFCVEduYVI3ODBUQmZacE1FQ1ExM1dVaU5xTXNTOUFyTFlJUDA5TFR1RUlBVkNJYnNsTnUxTjgyb1wvckg5K25wIiwibWFjIjoiNDIzZTI3MGExNGY2ZWUyMzMzYTI5MDQ0YWZlMWY4YzFiODRkYmEyNWE0MTdiM2Q2MTcxOWI1MGNjOTBiNDhmNiJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P3%2BcOi44a5strQUfIMA8qh4KdvDcOTyVq7Y%2Bj1bGVavLu09%2F3V5BNHo5JWEwZ7qknm028E9s%2F%2BcDruL5Mrx%2B%2FaE2pC1%2FzFN94SFGMfHVJy5Ndfxe%2F2%2FpuOe3oxCaxsdW9E724cHdeBZmVRA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IktUeENOTlFxK3RiNFYxZmxKajhjbEE9PSIsInZhbHVlIjoiWjM1ZDJwOVAxV1wvcUpSb2NFbW9aXC9lWUZnUFpqNE1yY1kzZmRiNlFRd2g5ZzQ1Q0d0ZFNkaitzYWxjOHRpZWJjIiwibWFjIjoiZjQxN2E5NDE2NGU0MDkzY2ZlMDNlMGE5NDVmNjdiNjhmYWM4ZWI4NGQ5M2Q0MjkxNDkwMDNiZmZiYmFjM2VkZSJ9; expires=Fri, 06-Aug-2021 13:49:10 GMT; Max-Age=7200; path=/ c=eyJpdiI6IjFUZnlhMGdLbkV3aURDYTZIRFY1NXc9PSIsInZhbHVlIjoiSGplM3phWW9WdytNUDZ0U2MwdzZLU3pobEdNTEhDcWxJcWhiZXRIc2dsdWU3QlFEbjJ6RFFESk1zbXQ1TndzNiIsIm1hYyI6IjEyOTM4MDliMzg4MmQ5OTBlZjJlNTg5NDdjNDllM2MyNjEwYzc2NTRlNTU0OGVjZWEzM2IxMTNiMTU2ZTE5YjQifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:10 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a569ed742f7-FRA

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 49ms
48ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:10 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 47ms
47ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:10 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 tag-18c0c42595158c9943ee0260eecc4fc3.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/ 214 KB
61 KB 49ms
49ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.44215402625085365
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: b6a6463b285c1fdc27b7022ff01564762e81117074a3f3781cc931fe389afc70

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:09 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-f3a3"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62371
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 121ms
121ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D300A6AF58D106D85594CDBFBAA2B13D7&h=ce01f3e9beb7bdefb21b49b643350b73&t=false&r=0.22608817787550595

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:10 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 14ms
13ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=222053866&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1200015648&gjid=1830129487&cid=764459664.1628250551&tid=UA-192660002-1&_gid=1416830450.1628250551&_r=1&gtm=2wg840MSK8GMG&z=435843039

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-192660002-1&cid=764459664.1628250551&jid=1200015648&gjid=1830129487&_gid=1416830450.1628250551&_u=YEBAAEAAAAAAAC~&z=1912646576

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 06 Aug 2021 11:49:10 GMT
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 63ms
63ms Script
application/javascript 13.224.96.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77465
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: ZyNeznkzwInNP9UCzlHzQ_I052v0U3NtnHaD3CmrdKjqL2xQbp7hcw==

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 49ms
48ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.4340124704475121&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 18ms
17ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-192660002-1&cid=764459664.1628250551&jid=1200015648&_u=YEBAAEAAAAAAAC~&z=1054210627

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 18ms
17ms Image
image/gif 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-192660002-1&cid=764459664.1628250551&jid=1200015648&_u=YEBAAEAAAAAAAC~&z=1054210627

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 66ms
65ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.7149882740003788
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 9502 2 KB
1 KB 56ms
56ms Document
text/html 13.224.96.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-92.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: jtxg-DRgDCqsirinYeBz7tGt_Xg1ndELxR6AZYcM9RNtavvFmDhyow==
age: 1683161

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 59ms
57ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-133"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js
cdn.pushcrew.com/js/ 248 KB
70 KB 127ms
126ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Fri, 06 Aug 2021 12:19:11 GMT

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 48ms
48ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:11 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 49ms
49ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:11 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 186ms
186ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6fc128063cf45c984813e3e18f129b75e23985b266ef3ccf44d9f115ce64961

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0; _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _ga=GA1.1.764459664.1628250551; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; XSRF-TOKEN=eyJpdiI6IktUeENOTlFxK3RiNFYxZmxKajhjbEE9PSIsInZhbHVlIjoiWjM1ZDJwOVAxV1wvcUpSb2NFbW9aXC9lWUZnUFpqNE1yY1kzZmRiNlFRd2g5ZzQ1Q0d0ZFNkaitzYWxjOHRpZWJjIiwibWFjIjoiZjQxN2E5NDE2NGU0MDkzY2ZlMDNlMGE5NDVmNjdiNjhmYWM4ZWI4NGQ5M2Q0MjkxNDkwMDNiZmZiYmFjM2VkZSJ9; c=eyJpdiI6IjFUZnlhMGdLbkV3aURDYTZIRFY1NXc9PSIsInZhbHVlIjoiSGplM3phWW9WdytNUDZ0U2MwdzZLU3pobEdNTEhDcWxJcWhiZXRIc2dsdWU3QlFEbjJ6RFFESk1zbXQ1TndzNiIsIm1hYyI6IjEyOTM4MDliMzg4MmQ5OTBlZjJlNTg5NDdjNDllM2MyNjEwYzc2NTRlNTU0OGVjZWEzM2IxMTNiMTU2ZTE5YjQifQ%3D%3D; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Ing1OERFeUk0ZzNhUW1yYVVsVzFBWlE9PSIsInZhbHVlIjoiRld5V0czeG9VYmdweEtnS2ZldTl6M25wOGh5OFlna21CMkp5Z25UN3ZsRllnSnNhdVdjWTUzamk0UlpDOGFaMCIsIm1hYyI6ImY5OTJkMjdjNWNlMzViNzBhOTljNGFmNTlmMmNlZjdmYTAxNmFlNmFhYTM2YzdiZGI5ODM1NWM5ZTIyZGU5YjIifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:11 GMT; Max-Age=7200; path=/ c=eyJpdiI6IjQ3c3ZFemNKTzhadThYY2gyWVdcL3BRPT0iLCJ2YWx1ZSI6IlZtXC9GQjhmWm53bnpjQUhvUDBTXC9KUFdLYzhcL0VHVzYxRTRhdXpGa3FuS1JEUlwvaDNsM08xM1RnR1FwYU9KNTFqIiwibWFjIjoiNjI4ODliYjFiNDZlNTcyMzhlNWZiZGNiNWM2M2Q0ZGZhYjQyMjUzM2E3ZmUzZmMwNmJiNWNjMzI0ZmM0NWMzMiJ9; expires=Fri, 06-Aug-2021 13:49:11 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 1
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UDnQ1%2BBBFLztlNNND0nYDRKoara79ayn8ZrwdQIB6I1AaT4yln%2Bvgw5vNXYZVfojFi0jIfjb9Y5yKq5dAp59F3BZILj9%2BuM%2F%2BKtpR5IDt%2F9kF%2Bq41PzjmM%2F%2BcxiEXxZGgfWL0JmRlZ45G2s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67a80a591d8042f7-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 60ms
60ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 06 Aug 2021 11:49:11 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 15ms
14ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0; _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _ga=GA1.1.764459664.1628250551; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6Ing1OERFeUk0ZzNhUW1yYVVsVzFBWlE9PSIsInZhbHVlIjoiRld5V0czeG9VYmdweEtnS2ZldTl6M25wOGh5OFlna21CMkp5Z25UN3ZsRllnSnNhdVdjWTUzamk0UlpDOGFaMCIsIm1hYyI6ImY5OTJkMjdjNWNlMzViNzBhOTljNGFmNTlmMmNlZjdmYTAxNmFlNmFhYTM2YzdiZGI5ODM1NWM5ZTIyZGU5YjIifQ%3D%3D; c=eyJpdiI6IjQ3c3ZFemNKTzhadThYY2gyWVdcL3BRPT0iLCJ2YWx1ZSI6IlZtXC9GQjhmWm53bnpjQUhvUDBTXC9KUFdLYzhcL0VHVzYxRTRhdXpGa3FuS1JEUlwvaDNsM08xM1RnR1FwYU9KNTFqIiwibWFjIjoiNjI4ODliYjFiNDZlNTcyMzhlNWZiZGNiNWM2M2Q0ZGZhYjQyMjUzM2E3ZmUzZmMwNmJiNWNjMzI0ZmM0NWMzMiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3662
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Ba1s8rtcIGMZJV%2F%2Fy35h8it9XF%2Bn56ZDr5%2BhswDiyhtcWXKlv2PdnMrJSZ5%2BoScYoBCAULPSYy3x%2BbuPPp9R38yRfq2OdTT9FXPicJ%2FtZ9Vb7piGaUBFWHi4zzqQN8LXYSinl3%2FyInt6BEw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a5a58e842f7-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
765 B 15ms
14ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0; _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _ga=GA1.1.764459664.1628250551; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6Ing1OERFeUk0ZzNhUW1yYVVsVzFBWlE9PSIsInZhbHVlIjoiRld5V0czeG9VYmdweEtnS2ZldTl6M25wOGh5OFlna21CMkp5Z25UN3ZsRllnSnNhdVdjWTUzamk0UlpDOGFaMCIsIm1hYyI6ImY5OTJkMjdjNWNlMzViNzBhOTljNGFmNTlmMmNlZjdmYTAxNmFlNmFhYTM2YzdiZGI5ODM1NWM5ZTIyZGU5YjIifQ%3D%3D; c=eyJpdiI6IjQ3c3ZFemNKTzhadThYY2gyWVdcL3BRPT0iLCJ2YWx1ZSI6IlZtXC9GQjhmWm53bnpjQUhvUDBTXC9KUFdLYzhcL0VHVzYxRTRhdXpGa3FuS1JEUlwvaDNsM08xM1RnR1FwYU9KNTFqIiwibWFjIjoiNjI4ODliYjFiNDZlNTcyMzhlNWZiZGNiNWM2M2Q0ZGZhYjQyMjUzM2E3ZmUzZmMwNmJiNWNjMzI0ZmM0NWMzMiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3662
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=31uEztZ%2BY6%2BqsNbi99Ac53NkaKemy%2FnwPqAbK0qBT3n5KJ1NF1MTcFvZqmaC36Zk7IXOiddLBmfRRZlsXFWksFjXbHB2Y%2FpWjKhy6JzbNS0ts5Why%2BwwvorF70z%2Fyq0KTMmjfQxmjXFmtHQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a5a58ea42f7-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 7ms
7ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000049794a1-0060df28ef-12ed1804-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 52ms
51ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 33ms
28ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 34ms
29ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 36ms
31ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0; _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _ga=GA1.1.764459664.1628250551; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6Ing1OERFeUk0ZzNhUW1yYVVsVzFBWlE9PSIsInZhbHVlIjoiRld5V0czeG9VYmdweEtnS2ZldTl6M25wOGh5OFlna21CMkp5Z25UN3ZsRllnSnNhdVdjWTUzamk0UlpDOGFaMCIsIm1hYyI6ImY5OTJkMjdjNWNlMzViNzBhOTljNGFmNTlmMmNlZjdmYTAxNmFlNmFhYTM2YzdiZGI5ODM1NWM5ZTIyZGU5YjIifQ%3D%3D; c=eyJpdiI6IjQ3c3ZFemNKTzhadThYY2gyWVdcL3BRPT0iLCJ2YWx1ZSI6IlZtXC9GQjhmWm53bnpjQUhvUDBTXC9KUFdLYzhcL0VHVzYxRTRhdXpGa3FuS1JEUlwvaDNsM08xM1RnR1FwYU9KNTFqIiwibWFjIjoiNjI4ODliYjFiNDZlNTcyMzhlNWZiZGNiNWM2M2Q0ZGZhYjQyMjUzM2E3ZmUzZmMwNmJiNWNjMzI0ZmM0NWMzMiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3661
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:28:14 GMT
server: cloudflare
etag: "610d0ebe-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IBrhQxKRl1HmseXtfhJiphy%2FxlW9kRFzcHRU6DAnW6nVAtSMxPrWpI6TCpzhvDrelWQpMeEmpcJ7K4B2UvqGRGzVdZb7EDWcV4KJvVcPXBIYAg8na2leWjeJnINOTftTWxqgIsv%2FUn3eYS8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a5ab9f842f7-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 34ms
29ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 34ms
29ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794ba-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 34ms
29ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b6-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 16ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bc-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 16ms
8ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794be-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 13ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 13ms
10ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bd-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 13ms
10ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 13ms
11ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bc-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 13ms
12ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bb-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 14ms
12ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 13ms
13ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b8-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 16ms
13ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a5-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 17ms
13ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 15ms
13ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a3-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 14ms
12ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0; _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _ga=GA1.1.764459664.1628250551; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6Ing1OERFeUk0ZzNhUW1yYVVsVzFBWlE9PSIsInZhbHVlIjoiRld5V0czeG9VYmdweEtnS2ZldTl6M25wOGh5OFlna21CMkp5Z25UN3ZsRllnSnNhdVdjWTUzamk0UlpDOGFaMCIsIm1hYyI6ImY5OTJkMjdjNWNlMzViNzBhOTljNGFmNTlmMmNlZjdmYTAxNmFlNmFhYTM2YzdiZGI5ODM1NWM5ZTIyZGU5YjIifQ%3D%3D; c=eyJpdiI6IjQ3c3ZFemNKTzhadThYY2gyWVdcL3BRPT0iLCJ2YWx1ZSI6IlZtXC9GQjhmWm53bnpjQUhvUDBTXC9KUFdLYzhcL0VHVzYxRTRhdXpGa3FuS1JEUlwvaDNsM08xM1RnR1FwYU9KNTFqIiwibWFjIjoiNjI4ODliYjFiNDZlNTcyMzhlNWZiZGNiNWM2M2Q0ZGZhYjQyMjUzM2E3ZmUzZmMwNmJiNWNjMzI0ZmM0NWMzMiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3661
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6%2FJv4cr6n0v9TJf2m%2BnBwGFEpACx8MFUgweL5oHGGlhuIpvJP%2BtKhQMWOAHK1STnoaeDIw78DrDfyPmH1K%2FkGcl%2F%2F7Vg9lLvWZGgWZL1pP%2FdO%2BK6WLM2nJza6S6OnXpJIc67mp4w1YhSLqI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67a80a5ab9fc42f7-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 8ms
8ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0; _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _ga=GA1.1.764459664.1628250551; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6Ing1OERFeUk0ZzNhUW1yYVVsVzFBWlE9PSIsInZhbHVlIjoiRld5V0czeG9VYmdweEtnS2ZldTl6M25wOGh5OFlna21CMkp5Z25UN3ZsRllnSnNhdVdjWTUzamk0UlpDOGFaMCIsIm1hYyI6ImY5OTJkMjdjNWNlMzViNzBhOTljNGFmNTlmMmNlZjdmYTAxNmFlNmFhYTM2YzdiZGI5ODM1NWM5ZTIyZGU5YjIifQ%3D%3D; c=eyJpdiI6IjQ3c3ZFemNKTzhadThYY2gyWVdcL3BRPT0iLCJ2YWx1ZSI6IlZtXC9GQjhmWm53bnpjQUhvUDBTXC9KUFdLYzhcL0VHVzYxRTRhdXpGa3FuS1JEUlwvaDNsM08xM1RnR1FwYU9KNTFqIiwibWFjIjoiNjI4ODliYjFiNDZlNTcyMzhlNWZiZGNiNWM2M2Q0ZGZhYjQyMjUzM2E3ZmUzZmMwNmJiNWNjMzI0ZmM0NWMzMiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 03 Aug 2021 14:21:05 GMT
server: cloudflare
etag: W/"610950d1-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8DE7IfXBw5rPdkwT33Qc2GiIPK10Flw%2FQGdiijZ8JsnKcO7Tc5zAb2JK0wdkMvXAfmJ93KwtAJHTDmNzX9txHcVFo%2B4WBpXfO6OcKGA1mxhHkxI1E2riMnte5clr3sSb88JVUgsJwf%2FZOnA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a5a794142f7-FRA
vary: Accept-Encoding
expires: Sun, 08 Aug 2021 11:49:11 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 13ms
12ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0; _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _ga=GA1.1.764459664.1628250551; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6Ing1OERFeUk0ZzNhUW1yYVVsVzFBWlE9PSIsInZhbHVlIjoiRld5V0czeG9VYmdweEtnS2ZldTl6M25wOGh5OFlna21CMkp5Z25UN3ZsRllnSnNhdVdjWTUzamk0UlpDOGFaMCIsIm1hYyI6ImY5OTJkMjdjNWNlMzViNzBhOTljNGFmNTlmMmNlZjdmYTAxNmFlNmFhYTM2YzdiZGI5ODM1NWM5ZTIyZGU5YjIifQ%3D%3D; c=eyJpdiI6IjQ3c3ZFemNKTzhadThYY2gyWVdcL3BRPT0iLCJ2YWx1ZSI6IlZtXC9GQjhmWm53bnpjQUhvUDBTXC9KUFdLYzhcL0VHVzYxRTRhdXpGa3FuS1JEUlwvaDNsM08xM1RnR1FwYU9KNTFqIiwibWFjIjoiNjI4ODliYjFiNDZlNTcyMzhlNWZiZGNiNWM2M2Q0ZGZhYjQyMjUzM2E3ZmUzZmMwNmJiNWNjMzI0ZmM0NWMzMiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3661
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:36 GMT
server: cloudflare
etag: W/"610d0f4c-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2doFKkE2x5wHmgCcKrmWK2ZGBfFhoViw08zFeMZo9BcMwHCTgVRLa0TsEVBiNYhaHccplgUPNYfEqGGwIJGk7r6nBYS021DLO5vwOtVGFXKeje8By%2BYEhYdx3Lf6QkztNaOpNgByTF2RNus%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a5a898542f7-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 30ms
29ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0; _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _ga=GA1.1.764459664.1628250551; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6Ing1OERFeUk0ZzNhUW1yYVVsVzFBWlE9PSIsInZhbHVlIjoiRld5V0czeG9VYmdweEtnS2ZldTl6M25wOGh5OFlna21CMkp5Z25UN3ZsRllnSnNhdVdjWTUzamk0UlpDOGFaMCIsIm1hYyI6ImY5OTJkMjdjNWNlMzViNzBhOTljNGFmNTlmMmNlZjdmYTAxNmFlNmFhYTM2YzdiZGI5ODM1NWM5ZTIyZGU5YjIifQ%3D%3D; c=eyJpdiI6IjQ3c3ZFemNKTzhadThYY2gyWVdcL3BRPT0iLCJ2YWx1ZSI6IlZtXC9GQjhmWm53bnpjQUhvUDBTXC9KUFdLYzhcL0VHVzYxRTRhdXpGa3FuS1JEUlwvaDNsM08xM1RnR1FwYU9KNTFqIiwibWFjIjoiNjI4ODliYjFiNDZlNTcyMzhlNWZiZGNiNWM2M2Q0ZGZhYjQyMjUzM2E3ZmUzZmMwNmJiNWNjMzI0ZmM0NWMzMiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4584
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FwyWREO4afkAAmLQnCAgOx%2FAohQMcpMMxA2G2OlfRdFHawoCwMmd1XgUSPyuJBcxudWf6E1raQ9WjO4F%2BQ77R1pLtiR1iw%2BIkHKZnZhpJfC6l%2BKd3v9eLyNegbO4vr2bMXlVUn8%2FtmLSYtQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a5aa9d242f7-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 8ms
8ms Script
application/javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx00000000000000495929e-0060df28ef-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
635 B 54ms
51ms Script
text/plain 18.195.123.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.123.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-123-247.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:11 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 153ms
52ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:11 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 21ms
19ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ebf9aea91580923f108d8e9c9fa03581c3c58fcd1ab8712d4ed593fbde60062

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Jul 2021 15:47:47 GMT
server: cloudflare
age: 4752
etag: W/"61041f23-9787"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fWddrSkCnTVc9Pb6fyddd4vzyEJcHROVaObE9ZroJpmPrj84jQVSouV1GW8qoA%2FCl%2F1qEvuQw21aCzpOA%2B8WAKjEDza5bTlYtXF%2BEF%2F7%2FHB%2Fy5IyHrgNBqgdeaeAktgCWzsHgk0YEo8J6pMnTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a5abcfc4401-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
41 KB 21ms
19ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ee25e98eb177cc22fba819b261e53fdcdb837d1ca65533dbc186fa9f1f9550a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41863
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Aug 2021 11:49:11 GMT

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 51ms
49ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.3022835954663259
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 37b7bea27fe009c1dab67b1db7daa8c0e2620a19f27142c158600bd5289e9907

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:11 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 15ms
14ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593e6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 15ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a8f778-0060df3204-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 13ms
5ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593a6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:11 GMT

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 19ms
18ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0; _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _ga=GA1.1.764459664.1628250551; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6Ing1OERFeUk0ZzNhUW1yYVVsVzFBWlE9PSIsInZhbHVlIjoiRld5V0czeG9VYmdweEtnS2ZldTl6M25wOGh5OFlna21CMkp5Z25UN3ZsRllnSnNhdVdjWTUzamk0UlpDOGFaMCIsIm1hYyI6ImY5OTJkMjdjNWNlMzViNzBhOTljNGFmNTlmMmNlZjdmYTAxNmFlNmFhYTM2YzdiZGI5ODM1NWM5ZTIyZGU5YjIifQ%3D%3D; c=eyJpdiI6IjQ3c3ZFemNKTzhadThYY2gyWVdcL3BRPT0iLCJ2YWx1ZSI6IlZtXC9GQjhmWm53bnpjQUhvUDBTXC9KUFdLYzhcL0VHVzYxRTRhdXpGa3FuS1JEUlwvaDNsM08xM1RnR1FwYU9KNTFqIiwibWFjIjoiNjI4ODliYjFiNDZlNTcyMzhlNWZiZGNiNWM2M2Q0ZGZhYjQyMjUzM2E3ZmUzZmMwNmJiNWNjMzI0ZmM0NWMzMiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2314
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:55:13 GMT
server: cloudflare
etag: "610d1511-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8uRrJIVujJkPJdg1viwE5R81vT3kuAm9CzLBMtm2SDdGzUX%2FH6A5BxD1z8lZh0mzbdwczDtMacHjOpSv4YUj8gTJ%2Fg99alDiuzxBgEjf9tmGOuPDTOf7b5B37zs62W1g9AkoNsHaLOTBGok%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a5b2b2042f7-FRA

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 30ms
30ms Fetch
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 14869471898732562513
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 06 Aug 2021 11:49:11 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 48ms
47ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 9135637f1b30687bdedbfd7bcdb69c53fe94f18a1f16a38625cf265d6181b8d8

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:11 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 65ms
65ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

09d8382c5772cdec26c96438ba56dd6131e038a237f8483d26e609ae0910aa73

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 59ms
58ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:11 GMT
Server: nginx/1.19.10
Etag: ff870866-3beb-47b5-bde6-5f7718cb8565
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 17ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:11 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 18ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:11 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 19ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:11 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 17ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:11 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 18ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:11 GMT

GET
H3-29 200 locate Show response
tgfunnls.org/ 141 B
1 KB 117ms
116ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6ffea4eb17e3268759f83f8abca64a9ed7755ff19d8d6b05e7aa354ae6d4f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6Ing1OERFeUk0ZzNhUW1yYVVsVzFBWlE9PSIsInZhbHVlIjoiRld5V0czeG9VYmdweEtnS2ZldTl6M25wOGh5OFlna21CMkp5Z25UN3ZsRllnSnNhdVdjWTUzamk0UlpDOGFaMCIsIm1hYyI6ImY5OTJkMjdjNWNlMzViNzBhOTljNGFmNTlmMmNlZjdmYTAxNmFlNmFhYTM2YzdiZGI5ODM1NWM5ZTIyZGU5YjIifQ==
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0; _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _ga=GA1.1.764459664.1628250551; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6Ing1OERFeUk0ZzNhUW1yYVVsVzFBWlE9PSIsInZhbHVlIjoiRld5V0czeG9VYmdweEtnS2ZldTl6M25wOGh5OFlna21CMkp5Z25UN3ZsRllnSnNhdVdjWTUzamk0UlpDOGFaMCIsIm1hYyI6ImY5OTJkMjdjNWNlMzViNzBhOTljNGFmNTlmMmNlZjdmYTAxNmFlNmFhYTM2YzdiZGI5ODM1NWM5ZTIyZGU5YjIifQ%3D%3D; c=eyJpdiI6IjQ3c3ZFemNKTzhadThYY2gyWVdcL3BRPT0iLCJ2YWx1ZSI6IlZtXC9GQjhmWm53bnpjQUhvUDBTXC9KUFdLYzhcL0VHVzYxRTRhdXpGa3FuS1JEUlwvaDNsM08xM1RnR1FwYU9KNTFqIiwibWFjIjoiNjI4ODliYjFiNDZlNTcyMzhlNWZiZGNiNWM2M2Q0ZGZhYjQyMjUzM2E3ZmUzZmMwNmJiNWNjMzI0ZmM0NWMzMiJ9
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6Ing1OERFeUk0ZzNhUW1yYVVsVzFBWlE9PSIsInZhbHVlIjoiRld5V0czeG9VYmdweEtnS2ZldTl6M25wOGh5OFlna21CMkp5Z25UN3ZsRllnSnNhdVdjWTUzamk0UlpDOGFaMCIsIm1hYyI6ImY5OTJkMjdjNWNlMzViNzBhOTljNGFmNTlmMmNlZjdmYTAxNmFlNmFhYTM2YzdiZGI5ODM1NWM5ZTIyZGU5YjIifQ==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bgd0aDTwnTmaHdUSqS2JAyFPwqLsdv1t1jmEKq0vPDxsXc2kyFF4Y5QLw%2F60cUPn3BbEOuIxtzWsr0bfUpN2blow5fpgvNXGNDFnSQovqgL7OX%2FxLSM4tvswPo8JzidbIvviusOeHr8o5jY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InZXa05ad0VsRE8wNHZSNG9CdHhLXC9RPT0iLCJ2YWx1ZSI6IjFJc2tqQ1k0Qkg3RDJKTFJiRXFlM3lDNlpYTm1uaGFWdXJ6a0VaNGlPckRRV3luSjhndlphQUVvaEJra0M5bFwvIiwibWFjIjoiMGU3YzI4YjM5NGYyODgzY2M4YTM0ZjRjMDE2ZDI3OGJkN2EzN2Q4OGIyY2UzN2ExOTA4ZWRlZDg2ZGEyZmE5ZCJ9; expires=Fri, 06-Aug-2021 13:49:11 GMT; Max-Age=7200; path=/ c=eyJpdiI6Ikd3UHNvcFNiRXRPYThqazJYZExWemc9PSIsInZhbHVlIjoiMk9lb0lkZGUxTFgzQlhqck1sOXN3ZGsxUHV3Y2FrMWF4Qnh4VXFucE9oR29YUGVNN0J6NllpcFVEcXNTUjRMOCIsIm1hYyI6IjU3NWM4YjMyMWQzMzEyMjY5ZDMwNjJmOTRjMDFiNDIwZTBiMzBlYzM3Mzg1Nzk2ZGUwOWY3YjBkZGQwZGNkYjkifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:11 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a5b9c3742f7-FRA

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

caf7ecf5748d7e3e027c4c06c569b3a6fb8f0f78f0dc3ff8c888b2299747e496

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51136
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:11 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2130
date: Fri, 06 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 73ms
73ms Script
application/javascript 13.224.96.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d4261e9b3b427b4faba85d775a6dbd131cf86cbd42945ba05ae2ebad8f8f36e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:48:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 53
etag: W/4e117f3a38c123981a4b3509540d1697
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: sCVAZo4zap3MquFNZ8N3fyIAh5sxCv2zAJNAJ_iOvrfBxK5R7TxQtw==
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)

GET
BLOB 200
OK 93661b57-64b4-4fbf-8392-e60f8c2678f5
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/93661b57-64b4-4fbf-8392-e60f8c2678f5
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 37ms
37ms Image
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 84ms
83ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:11 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.3022835954663259
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: b6a6463b285c1fdc27b7022ff01564762e81117074a3f3781cc931fe389afc70

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-f3a3"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62371
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 121ms
121ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D300A6AF58D106D85594CDBFBAA2B13D7&h=ce01f3e9beb7bdefb21b49b643350b73&t=false&r=0.05909180192245933

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:11 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 49ms
49ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:11 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 185ms
185ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6InZXa05ad0VsRE8wNHZSNG9CdHhLXC9RPT0iLCJ2YWx1ZSI6IjFJc2tqQ1k0Qkg3RDJKTFJiRXFlM3lDNlpYTm1uaGFWdXJ6a0VaNGlPckRRV3luSjhndlphQUVvaEJra0M5bFwvIiwibWFjIjoiMGU3YzI4YjM5NGYyODgzY2M4YTM0ZjRjMDE2ZDI3OGJkN2EzN2Q4OGIyY2UzN2ExOTA4ZWRlZDg2ZGEyZmE5ZCJ9
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250550.0; _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _ga=GA1.1.764459664.1628250551; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6InZXa05ad0VsRE8wNHZSNG9CdHhLXC9RPT0iLCJ2YWx1ZSI6IjFJc2tqQ1k0Qkg3RDJKTFJiRXFlM3lDNlpYTm1uaGFWdXJ6a0VaNGlPckRRV3luSjhndlphQUVvaEJra0M5bFwvIiwibWFjIjoiMGU3YzI4YjM5NGYyODgzY2M4YTM0ZjRjMDE2ZDI3OGJkN2EzN2Q4OGIyY2UzN2ExOTA4ZWRlZDg2ZGEyZmE5ZCJ9; c=eyJpdiI6Ikd3UHNvcFNiRXRPYThqazJYZExWemc9PSIsInZhbHVlIjoiMk9lb0lkZGUxTFgzQlhqck1sOXN3ZGsxUHV3Y2FrMWF4Qnh4VXFucE9oR29YUGVNN0J6NllpcFVEcXNTUjRMOCIsIm1hYyI6IjU3NWM4YjMyMWQzMzEyMjY5ZDMwNjJmOTRjMDFiNDIwZTBiMzBlYzM3Mzg1Nzk2ZGUwOWY3YjBkZGQwZGNkYjkifQ%3D%3D
content-length: 179
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6InZXa05ad0VsRE8wNHZSNG9CdHhLXC9RPT0iLCJ2YWx1ZSI6IjFJc2tqQ1k0Qkg3RDJKTFJiRXFlM3lDNlpYTm1uaGFWdXJ6a0VaNGlPckRRV3luSjhndlphQUVvaEJra0M5bFwvIiwibWFjIjoiMGU3YzI4YjM5NGYyODgzY2M4YTM0ZjRjMDE2ZDI3OGJkN2EzN2Q4OGIyY2UzN2ExOTA4ZWRlZDg2ZGEyZmE5ZCJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fZPz59%2FMJxMNxkqoXpjLoLJ8kYQ9rG23%2FjILmmMv%2B%2FzdTNau6Hy9ujLwXfHedf0je8A8wLtEOcQ6p0ABjOR6%2FJGFiYb2zRGhnnYIvpTHwHfdDCEn9HtwrMbnmUb1rVnO8VjXlL7t6ZMu%2B8s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjV3VmxYbkFmMllKZDlmK2U0QzlzNVE9PSIsInZhbHVlIjoiOHorVmxXcFIzM3F3MEdqNk1wRTVXbEs1d0I2bEdpWWx1TnV4TldRWnlrajJEc1dsQW5HeWxLK21pRkgzWm5KbyIsIm1hYyI6IjAzMjk4ZmZlZDRmMzA5MTYwMTM3NmNlMDY0NTViMjc0YmJhYTQwY2E4MmM0MjNkYjIyMWYzZGY0OTUxZjM2OGUifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:11 GMT; Max-Age=7200; path=/ c=eyJpdiI6IkNlZGptWkg2M0FxTHE2NEMzMHdlemc9PSIsInZhbHVlIjoibHRiT2psTDRhUG5XUkVYNlZ5UGpiTHpPcmc5Q3ZUZnpzZFwvOGFWNlBqcGhncmF0enFCTUNQMStHNWRRN25XNSsiLCJtYWMiOiI0MzQ5OGE2NDI3MDZlMGM3NjBiYzBjM2Q5ODgxYjE4NTIxOTA4OWE5NDg4MjA4ODBkM2Q0ZWI5NTFlOGQ4MDQxIn0%3D; expires=Fri, 06-Aug-2021 13:49:11 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a5c5e6942f7-FRA

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 47ms
46ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:11 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 47ms
46ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:11 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 62ms
62ms Script
application/javascript 13.224.96.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77466
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: t2LDnm06p0tu8WAn6aT1W9rRDgBmBkD_UQEaedrsiHmQV-ABt1aHuQ==

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 42ms
41ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=447206872&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=764459664.1628250551&tid=UA-192660002-1&_gid=1416830450.1628250551&gtm=2wg840MSK8GMG&z=228584055

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 05:58:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 21031
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 1F72 2 KB
1 KB 56ms
55ms Document
text/html 13.224.96.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-92.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: tnecEpZrPinXDMxx8sofqatsUPiGmQI3FPN7aMC7pFFu6ZNZi7yjuA==
age: 1683161

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 50ms
50ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.7741857890955735&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 49ms
49ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.6227906056366976
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:10 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 51ms
50ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-133"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js Show response
cdn.pushcrew.com/js/ 248 KB
70 KB 128ms
128ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a74b97179203cf3de9b255635c3927c34791cabfe69261cc8d1235c13315e78

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Fri, 06 Aug 2021 12:19:11 GMT

POST
H/1.1 200
OK add
tagdataxrt.com/log/ 12 B
597 B 50ms
50ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:12 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 47ms
46ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:12 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 53ms
52ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 06 Aug 2021 11:49:12 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 177ms
175ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5d6a5b79c0fa0420a3879661c260615497f1ef7bc32e340195a4481b35c1fef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250551.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IjV3VmxYbkFmMllKZDlmK2U0QzlzNVE9PSIsInZhbHVlIjoiOHorVmxXcFIzM3F3MEdqNk1wRTVXbEs1d0I2bEdpWWx1TnV4TldRWnlrajJEc1dsQW5HeWxLK21pRkgzWm5KbyIsIm1hYyI6IjAzMjk4ZmZlZDRmMzA5MTYwMTM3NmNlMDY0NTViMjc0YmJhYTQwY2E4MmM0MjNkYjIyMWYzZGY0OTUxZjM2OGUifQ%3D%3D; c=eyJpdiI6IkNlZGptWkg2M0FxTHE2NEMzMHdlemc9PSIsInZhbHVlIjoibHRiT2psTDRhUG5XUkVYNlZ5UGpiTHpPcmc5Q3ZUZnpzZFwvOGFWNlBqcGhncmF0enFCTUNQMStHNWRRN25XNSsiLCJtYWMiOiI0MzQ5OGE2NDI3MDZlMGM3NjBiYzBjM2Q5ODgxYjE4NTIxOTA4OWE5NDg4MjA4ODBkM2Q0ZWI5NTFlOGQ4MDQxIn0%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Im85VEZnY0ZYWlIwb2w4WmprQ2IxMkE9PSIsInZhbHVlIjoiY29xd1wvd2g4NXZ5VjFkUWVkaGNxVFgxQzNrdXBwdHdsa3NBWGVFUFBOZHFQN2NoWXlcL1VQeUQ0NzYzMWtkV0Q5IiwibWFjIjoiZTc1ZWQ2OWNkZDM2MTEwNmJkNTFkMDA2ZGI2ZTliNWZkN2Y0YmY3YTVhZDc0MWM0MGY0OTZiMzllYWMxZjhlOCJ9; expires=Fri, 06-Aug-2021 13:49:12 GMT; Max-Age=7200; path=/ c=eyJpdiI6ImxcL2J4dDRzbkRiMmhtTEJBamZtbTN3PT0iLCJ2YWx1ZSI6Imp2cVFPVVNBcmZ3eGNzSktKT2VxdHJySytIcjVmVlNMaFB5WVpcL2JtVlhrbGVma0lpN2FkcHJ2eFQ5eTV5ZXNcLyIsIm1hYyI6ImI0ZGU1NDg4MTE3NjVjMjFkMzE2ZTU2ZTIzYTIzMjlkMGM4OTczNGFmYTFjNzllZTZhNWU0ODE1NjZmYWZkODkifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:12 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 2
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VPxnZGzJBL3Q1VGQBUUiOY%2FmXC6%2BEXQeBiQCva0lbkd1aX9DURNmMwz38CTZ%2Br%2Bk2SEgGH3zZGpYlg5evXm0XpXjBMhrdUTx1yrkRgEObjv8Fa5aspdMNEhrvurPN6Vln2Ps9CPajFCedDw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67a80a5f3dfb42f7-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 13ms
12ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250551.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6Im85VEZnY0ZYWlIwb2w4WmprQ2IxMkE9PSIsInZhbHVlIjoiY29xd1wvd2g4NXZ5VjFkUWVkaGNxVFgxQzNrdXBwdHdsa3NBWGVFUFBOZHFQN2NoWXlcL1VQeUQ0NzYzMWtkV0Q5IiwibWFjIjoiZTc1ZWQ2OWNkZDM2MTEwNmJkNTFkMDA2ZGI2ZTliNWZkN2Y0YmY3YTVhZDc0MWM0MGY0OTZiMzllYWMxZjhlOCJ9; c=eyJpdiI6ImxcL2J4dDRzbkRiMmhtTEJBamZtbTN3PT0iLCJ2YWx1ZSI6Imp2cVFPVVNBcmZ3eGNzSktKT2VxdHJySytIcjVmVlNMaFB5WVpcL2JtVlhrbGVma0lpN2FkcHJ2eFQ5eTV5ZXNcLyIsIm1hYyI6ImI0ZGU1NDg4MTE3NjVjMjFkMzE2ZTU2ZTIzYTIzMjlkMGM4OTczNGFmYTFjNzllZTZhNWU0ODE1NjZmYWZkODkifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3663
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AF4FZlnEfu8eHKo8ZpuSaQOSIKHMZdmCMuzlgJDkkLH9SWo83g9UCqEu5v6k9Iiv3THk%2FRSX3H%2B3%2FffuefCeqhrHQc%2BrfyQ8%2BnydAGWv6U0gKKGRIyN4%2FdSrb%2Bhz2AOqGNp%2F3BFDQvo73XI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a60690642f7-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
760 B 14ms
13ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250551.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6Im85VEZnY0ZYWlIwb2w4WmprQ2IxMkE9PSIsInZhbHVlIjoiY29xd1wvd2g4NXZ5VjFkUWVkaGNxVFgxQzNrdXBwdHdsa3NBWGVFUFBOZHFQN2NoWXlcL1VQeUQ0NzYzMWtkV0Q5IiwibWFjIjoiZTc1ZWQ2OWNkZDM2MTEwNmJkNTFkMDA2ZGI2ZTliNWZkN2Y0YmY3YTVhZDc0MWM0MGY0OTZiMzllYWMxZjhlOCJ9; c=eyJpdiI6ImxcL2J4dDRzbkRiMmhtTEJBamZtbTN3PT0iLCJ2YWx1ZSI6Imp2cVFPVVNBcmZ3eGNzSktKT2VxdHJySytIcjVmVlNMaFB5WVpcL2JtVlhrbGVma0lpN2FkcHJ2eFQ5eTV5ZXNcLyIsIm1hYyI6ImI0ZGU1NDg4MTE3NjVjMjFkMzE2ZTU2ZTIzYTIzMjlkMGM4OTczNGFmYTFjNzllZTZhNWU0ODE1NjZmYWZkODkifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3663
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OBBgtviIbxDZYRDmls3gJpcTFAIavzkeg0Jn1o0n%2FbNLmVyC%2B4qdgLkXkn8ewsH7i2SNpzmEwTZULAWRkoT9KF%2BNdjREXaN4yhRdvD2KYHJWbVKXs00Tz4urG2nsp01IJqQ54HsuZsSMiJQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a60690e42f7-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 9ms
7ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000049794a1-0060df28ef-12ed1804-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 52ms
51ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 36ms
28ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 36ms
28ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 40ms
34ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250551.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6Im85VEZnY0ZYWlIwb2w4WmprQ2IxMkE9PSIsInZhbHVlIjoiY29xd1wvd2g4NXZ5VjFkUWVkaGNxVFgxQzNrdXBwdHdsa3NBWGVFUFBOZHFQN2NoWXlcL1VQeUQ0NzYzMWtkV0Q5IiwibWFjIjoiZTc1ZWQ2OWNkZDM2MTEwNmJkNTFkMDA2ZGI2ZTliNWZkN2Y0YmY3YTVhZDc0MWM0MGY0OTZiMzllYWMxZjhlOCJ9; c=eyJpdiI6ImxcL2J4dDRzbkRiMmhtTEJBamZtbTN3PT0iLCJ2YWx1ZSI6Imp2cVFPVVNBcmZ3eGNzSktKT2VxdHJySytIcjVmVlNMaFB5WVpcL2JtVlhrbGVma0lpN2FkcHJ2eFQ5eTV5ZXNcLyIsIm1hYyI6ImI0ZGU1NDg4MTE3NjVjMjFkMzE2ZTU2ZTIzYTIzMjlkMGM4OTczNGFmYTFjNzllZTZhNWU0ODE1NjZmYWZkODkifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3662
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:28:14 GMT
server: cloudflare
etag: "610d0ebe-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n428GzZQXrl%2Bjp8WI5TQz1bC2qeEPl3VwPIiq39rzhtBHMktjSjTnjf55ntRH0Ja2pK0WrIomU01j7GbhXo4b2rtO7sGY3gRmtoDmwBdRhlMoK%2FQZTRjNIGXZiNFfI30JhMdO7MgXNXJW9Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a60ca3042f7-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 36ms
29ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 37ms
30ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794ba-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 37ms
30ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b6-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 42ms
31ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bc-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 43ms
32ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794be-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 33ms
31ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 38ms
4ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 13ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bd-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 12ms
9ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 12ms
9ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bc-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 13ms
11ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bb-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 12ms
11ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b8-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
5ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a5-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 10ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 9ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a3-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 22ms
17ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250551.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6Im85VEZnY0ZYWlIwb2w4WmprQ2IxMkE9PSIsInZhbHVlIjoiY29xd1wvd2g4NXZ5VjFkUWVkaGNxVFgxQzNrdXBwdHdsa3NBWGVFUFBOZHFQN2NoWXlcL1VQeUQ0NzYzMWtkV0Q5IiwibWFjIjoiZTc1ZWQ2OWNkZDM2MTEwNmJkNTFkMDA2ZGI2ZTliNWZkN2Y0YmY3YTVhZDc0MWM0MGY0OTZiMzllYWMxZjhlOCJ9; c=eyJpdiI6ImxcL2J4dDRzbkRiMmhtTEJBamZtbTN3PT0iLCJ2YWx1ZSI6Imp2cVFPVVNBcmZ3eGNzSktKT2VxdHJySytIcjVmVlNMaFB5WVpcL2JtVlhrbGVma0lpN2FkcHJ2eFQ5eTV5ZXNcLyIsIm1hYyI6ImI0ZGU1NDg4MTE3NjVjMjFkMzE2ZTU2ZTIzYTIzMjlkMGM4OTczNGFmYTFjNzllZTZhNWU0ODE1NjZmYWZkODkifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3662
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7hfiobe2N52QEiBhU7cEoN5kH4oGVL0MQbL1hBGsBXco6DmEI9QvifzhX5CIT%2FF%2ByzjX4SbR1wfwZhgfxXxQoOsCohPV%2F04AswXQzSyNa6FmyxBopvnYWAXx37qQAML25mz0c7wOuw0q9Ww%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67a80a60da3342f7-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 9ms
8ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250551.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6Im85VEZnY0ZYWlIwb2w4WmprQ2IxMkE9PSIsInZhbHVlIjoiY29xd1wvd2g4NXZ5VjFkUWVkaGNxVFgxQzNrdXBwdHdsa3NBWGVFUFBOZHFQN2NoWXlcL1VQeUQ0NzYzMWtkV0Q5IiwibWFjIjoiZTc1ZWQ2OWNkZDM2MTEwNmJkNTFkMDA2ZGI2ZTliNWZkN2Y0YmY3YTVhZDc0MWM0MGY0OTZiMzllYWMxZjhlOCJ9; c=eyJpdiI6ImxcL2J4dDRzbkRiMmhtTEJBamZtbTN3PT0iLCJ2YWx1ZSI6Imp2cVFPVVNBcmZ3eGNzSktKT2VxdHJySytIcjVmVlNMaFB5WVpcL2JtVlhrbGVma0lpN2FkcHJ2eFQ5eTV5ZXNcLyIsIm1hYyI6ImI0ZGU1NDg4MTE3NjVjMjFkMzE2ZTU2ZTIzYTIzMjlkMGM4OTczNGFmYTFjNzllZTZhNWU0ODE1NjZmYWZkODkifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 03 Aug 2021 14:21:05 GMT
server: cloudflare
etag: W/"610950d1-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m2ggAa6dgGTKn%2Bn1EBJtsSmHdnoU%2BHIDtFcMj2EqelJ7O%2FDWKDL%2FN%2BtSaxfWndmHQquSGh5BdrdZLUt5gybKbAcCvTXCF6ogEYJEEwPHNEZvwLar%2FuZGRclV0I2nLjAimezhhOaOecm0Ayk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a60897742f7-FRA
vary: Accept-Encoding
expires: Sun, 08 Aug 2021 11:49:12 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 18ms
18ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250551.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6Im85VEZnY0ZYWlIwb2w4WmprQ2IxMkE9PSIsInZhbHVlIjoiY29xd1wvd2g4NXZ5VjFkUWVkaGNxVFgxQzNrdXBwdHdsa3NBWGVFUFBOZHFQN2NoWXlcL1VQeUQ0NzYzMWtkV0Q5IiwibWFjIjoiZTc1ZWQ2OWNkZDM2MTEwNmJkNTFkMDA2ZGI2ZTliNWZkN2Y0YmY3YTVhZDc0MWM0MGY0OTZiMzllYWMxZjhlOCJ9; c=eyJpdiI6ImxcL2J4dDRzbkRiMmhtTEJBamZtbTN3PT0iLCJ2YWx1ZSI6Imp2cVFPVVNBcmZ3eGNzSktKT2VxdHJySytIcjVmVlNMaFB5WVpcL2JtVlhrbGVma0lpN2FkcHJ2eFQ5eTV5ZXNcLyIsIm1hYyI6ImI0ZGU1NDg4MTE3NjVjMjFkMzE2ZTU2ZTIzYTIzMjlkMGM4OTczNGFmYTFjNzllZTZhNWU0ODE1NjZmYWZkODkifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3662
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:36 GMT
server: cloudflare
etag: W/"610d0f4c-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BU1BsNtKbvzDJdHUWP6w%2BdwjC0XO867jD9lDQztryugcwl2rQ3FxS5jPFovAvD7sUhHwBmJZTaifb9JIWIJ92QapPPZX%2F6THHCbXr4wKZ%2FymYZN%2FVDCZ0tQIyQbiRzzRrKArjpzZEhi14Pc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a60999e42f7-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 27ms
26ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250551.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6Im85VEZnY0ZYWlIwb2w4WmprQ2IxMkE9PSIsInZhbHVlIjoiY29xd1wvd2g4NXZ5VjFkUWVkaGNxVFgxQzNrdXBwdHdsa3NBWGVFUFBOZHFQN2NoWXlcL1VQeUQ0NzYzMWtkV0Q5IiwibWFjIjoiZTc1ZWQ2OWNkZDM2MTEwNmJkNTFkMDA2ZGI2ZTliNWZkN2Y0YmY3YTVhZDc0MWM0MGY0OTZiMzllYWMxZjhlOCJ9; c=eyJpdiI6ImxcL2J4dDRzbkRiMmhtTEJBamZtbTN3PT0iLCJ2YWx1ZSI6Imp2cVFPVVNBcmZ3eGNzSktKT2VxdHJySytIcjVmVlNMaFB5WVpcL2JtVlhrbGVma0lpN2FkcHJ2eFQ5eTV5ZXNcLyIsIm1hYyI6ImI0ZGU1NDg4MTE3NjVjMjFkMzE2ZTU2ZTIzYTIzMjlkMGM4OTczNGFmYTFjNzllZTZhNWU0ODE1NjZmYWZkODkifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4585
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W6Roo9JDznq9u911L8ycE3WBfnZjkQ2WLskYAh%2BFNB7RNKSS%2FkR4R6DWOCS5zV4m5tVW168MvvrjXYBEyI7qAtXHBZNQWEgQV73VnK0iqDvcHVy4WwFb%2B%2F8EOI95sX8WDCJ1TWFwaEKhES4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a60ba0142f7-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 19ms
19ms Script
application/javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx00000000000000495929e-0060df28ef-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
635 B 64ms
60ms Script
text/plain 18.195.123.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.123.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-123-247.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:12 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 164ms
54ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:12 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 20ms
16ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ebf9aea91580923f108d8e9c9fa03581c3c58fcd1ab8712d4ed593fbde60062

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Jul 2021 15:47:47 GMT
server: cloudflare
age: 4753
etag: W/"61041f23-9787"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OqkKvbBH1zXWJraCMR7SH55AU7uM8V78%2F8nhE0AB5kSImKFYfAekkOgOt8ESmbP5DGSJ5bAcSBHHT3yZx1MfgaMfvwD40Kki6%2F6fij%2BAoS32MKV3li6hlXL0z1%2Fzp6EMW%2FMp8HNGBfHv%2BHCxKw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a60de174401-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
41 KB 26ms
22ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dcee980bbbbf68353e831640176489edd21be0d2410c05ff397906e8f53e75bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41864
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Aug 2021 11:49:12 GMT

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 64ms
60ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.4151770694004344
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 3783d1eb18a7be2b9348b20f2c4ab48bde6f78c71a0851c72a224145b4f40da1

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:12 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 9ms
7ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593e6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 41ms
30ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a8f778-0060df3204-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 34ms
23ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593a6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:12 GMT

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 45ms
43ms Fetch
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 14869471898732562513
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 06 Aug 2021 11:49:12 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 51ms
50ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: a2bafcccfa14fc2d5eb1c98c0aea3a31f45e5b66a6dd95af91b15ac8af0fa17e

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:12 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 85ms
85ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

6c54397118604e3a9ad44956e8b9fadad8bf076f7c56a72e5547855434d0f0b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 80ms
80ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:12 GMT
Server: nginx/1.19.10
Etag: 4933b005-b270-4a93-a9e0-2e0e8a8fd1f7
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 22ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:12 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 23ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:12 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 23ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:12 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 25ms
19ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:12 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 26ms
19ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:12 GMT

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 42ms
42ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250551.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6Im85VEZnY0ZYWlIwb2w4WmprQ2IxMkE9PSIsInZhbHVlIjoiY29xd1wvd2g4NXZ5VjFkUWVkaGNxVFgxQzNrdXBwdHdsa3NBWGVFUFBOZHFQN2NoWXlcL1VQeUQ0NzYzMWtkV0Q5IiwibWFjIjoiZTc1ZWQ2OWNkZDM2MTEwNmJkNTFkMDA2ZGI2ZTliNWZkN2Y0YmY3YTVhZDc0MWM0MGY0OTZiMzllYWMxZjhlOCJ9; c=eyJpdiI6ImxcL2J4dDRzbkRiMmhtTEJBamZtbTN3PT0iLCJ2YWx1ZSI6Imp2cVFPVVNBcmZ3eGNzSktKT2VxdHJySytIcjVmVlNMaFB5WVpcL2JtVlhrbGVma0lpN2FkcHJ2eFQ5eTV5ZXNcLyIsIm1hYyI6ImI0ZGU1NDg4MTE3NjVjMjFkMzE2ZTU2ZTIzYTIzMjlkMGM4OTczNGFmYTFjNzllZTZhNWU0ODE1NjZmYWZkODkifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2315
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:55:13 GMT
server: cloudflare
etag: "610d1511-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kAmnfr7hwsNSIwl%2BnP7oSf24zGAaLpy0hJBJf2UYgYZhPuAGDcOpWuhYu1Uwy%2BEV6VMu2zVnsgDXqZOVvepX4aRzi%2BICJOX6Kgb0yb1wBUMRY7nE1M7sqjyVcLNH9qzZU23zDCnTk8ZT6DI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a619be542f7-FRA

GET
H3-29 200 locate Show response
tgfunnls.org/ 150 B
1 KB 105ms
104ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9444725fb48cd94db4b9c4e1544b3ace3c54ccd0d1a289f124d36b69c9d6a20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6Im85VEZnY0ZYWlIwb2w4WmprQ2IxMkE9PSIsInZhbHVlIjoiY29xd1wvd2g4NXZ5VjFkUWVkaGNxVFgxQzNrdXBwdHdsa3NBWGVFUFBOZHFQN2NoWXlcL1VQeUQ0NzYzMWtkV0Q5IiwibWFjIjoiZTc1ZWQ2OWNkZDM2MTEwNmJkNTFkMDA2ZGI2ZTliNWZkN2Y0YmY3YTVhZDc0MWM0MGY0OTZiMzllYWMxZjhlOCJ9
accept-language: en-US
sec-fetch-dest: empty
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250551.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6Im85VEZnY0ZYWlIwb2w4WmprQ2IxMkE9PSIsInZhbHVlIjoiY29xd1wvd2g4NXZ5VjFkUWVkaGNxVFgxQzNrdXBwdHdsa3NBWGVFUFBOZHFQN2NoWXlcL1VQeUQ0NzYzMWtkV0Q5IiwibWFjIjoiZTc1ZWQ2OWNkZDM2MTEwNmJkNTFkMDA2ZGI2ZTliNWZkN2Y0YmY3YTVhZDc0MWM0MGY0OTZiMzllYWMxZjhlOCJ9; c=eyJpdiI6ImxcL2J4dDRzbkRiMmhtTEJBamZtbTN3PT0iLCJ2YWx1ZSI6Imp2cVFPVVNBcmZ3eGNzSktKT2VxdHJySytIcjVmVlNMaFB5WVpcL2JtVlhrbGVma0lpN2FkcHJ2eFQ5eTV5ZXNcLyIsIm1hYyI6ImI0ZGU1NDg4MTE3NjVjMjFkMzE2ZTU2ZTIzYTIzMjlkMGM4OTczNGFmYTFjNzllZTZhNWU0ODE1NjZmYWZkODkifQ%3D%3D
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6Im85VEZnY0ZYWlIwb2w4WmprQ2IxMkE9PSIsInZhbHVlIjoiY29xd1wvd2g4NXZ5VjFkUWVkaGNxVFgxQzNrdXBwdHdsa3NBWGVFUFBOZHFQN2NoWXlcL1VQeUQ0NzYzMWtkV0Q5IiwibWFjIjoiZTc1ZWQ2OWNkZDM2MTEwNmJkNTFkMDA2ZGI2ZTliNWZkN2Y0YmY3YTVhZDc0MWM0MGY0OTZiMzllYWMxZjhlOCJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nVpWSQL213ITlFDT8gNpkUUAn4fb4L0JBe8Ug8gkrcxIkb7%2F2u7vO2Mq2ekdUjRvz8zqCskcZ7Cl%2FGV9bSsnuz56NEl%2FIQTQ2LyWdwi%2F9rGf%2Fo953R2KZgPBnU9m4ZeH0KO2b5wu7VdG2XE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IkJmSUxYemFzOTdcL1wvZit5M1h3T1wvU0E9PSIsInZhbHVlIjoiMU1MVkV4bndEd3kyZit1aDZnNlhCbmc0VXh1V04ycDlocU1td055OE8wVUlJQ2ZKREs3S3hHb1Z1dDN3N1A4QiIsIm1hYyI6ImI5YzhmZTQwODg3ZTQxNDE5NzE2NTFkMmFlNzBkMWQyYTY0NjFjZDEwYjI5YzMyYWYwYWQyMGE4MjMxYWI5NzAifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:12 GMT; Max-Age=7200; path=/ c=eyJpdiI6Ijl2VWdtcjJwN2FjVUVzaEx0OFk4QXc9PSIsInZhbHVlIjoiSVJ5blBBK1plYTZLUkp3dGhWNHlteDRsM2pSZzlDQXRubXJrNjI4MWdJMm5YcXdPcm5Ydk1lS2FnTG14QlZGVyIsIm1hYyI6IjY1Yzc1MjIzYmJlZjM0MmVjMzU2YjhkN2Y0MWIyOTAzMzZlNDg2MzhiMWYwZGJiNzE4Y2RkY2RmMTA5NWQ0ZWIifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:12 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a620d1142f7-FRA

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 47ms
47ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:12 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 47ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:12 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK cd9f14d8-948b-47b0-a430-0cef379cab8e
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/cd9f14d8-948b-47b0-a430-0cef379cab8e
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 14ms
14ms Image
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 16ms
14ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dae34939244e213c68b00452772818739ff77e23eefc25acc3a141fa1f506648

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51136
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:12 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2131
date: Fri, 06 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 93ms
93ms Script
application/javascript 13.224.96.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d4261e9b3b427b4faba85d775a6dbd131cf86cbd42945ba05ae2ebad8f8f36e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:48:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 54
etag: W/4e117f3a38c123981a4b3509540d1697
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: sqfqnGL6tFj_7-S7C4h6KyiDEXZmJYPotlr0C9lSjMg5j8ESuOlupQ==
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.4151770694004344
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: b6a6463b285c1fdc27b7022ff01564762e81117074a3f3781cc931fe389afc70

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:11 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-f3a3"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62371
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 122ms
121ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D300A6AF58D106D85594CDBFBAA2B13D7&h=ce01f3e9beb7bdefb21b49b643350b73&t=false&r=0.3579598987031458

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:12 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 47ms
46ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:12 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 86ms
86ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:12 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 158ms
158ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6IkJmSUxYemFzOTdcL1wvZit5M1h3T1wvU0E9PSIsInZhbHVlIjoiMU1MVkV4bndEd3kyZit1aDZnNlhCbmc0VXh1V04ycDlocU1td055OE8wVUlJQ2ZKREs3S3hHb1Z1dDN3N1A4QiIsIm1hYyI6ImI5YzhmZTQwODg3ZTQxNDE5NzE2NTFkMmFlNzBkMWQyYTY0NjFjZDEwYjI5YzMyYWYwYWQyMGE4MjMxYWI5NzAifQ==
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250551.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IkJmSUxYemFzOTdcL1wvZit5M1h3T1wvU0E9PSIsInZhbHVlIjoiMU1MVkV4bndEd3kyZit1aDZnNlhCbmc0VXh1V04ycDlocU1td055OE8wVUlJQ2ZKREs3S3hHb1Z1dDN3N1A4QiIsIm1hYyI6ImI5YzhmZTQwODg3ZTQxNDE5NzE2NTFkMmFlNzBkMWQyYTY0NjFjZDEwYjI5YzMyYWYwYWQyMGE4MjMxYWI5NzAifQ%3D%3D; c=eyJpdiI6Ijl2VWdtcjJwN2FjVUVzaEx0OFk4QXc9PSIsInZhbHVlIjoiSVJ5blBBK1plYTZLUkp3dGhWNHlteDRsM2pSZzlDQXRubXJrNjI4MWdJMm5YcXdPcm5Ydk1lS2FnTG14QlZGVyIsIm1hYyI6IjY1Yzc1MjIzYmJlZjM0MmVjMzU2YjhkN2Y0MWIyOTAzMzZlNDg2MzhiMWYwZGJiNzE4Y2RkY2RmMTA5NWQ0ZWIifQ%3D%3D
content-length: 188
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IkJmSUxYemFzOTdcL1wvZit5M1h3T1wvU0E9PSIsInZhbHVlIjoiMU1MVkV4bndEd3kyZit1aDZnNlhCbmc0VXh1V04ycDlocU1td055OE8wVUlJQ2ZKREs3S3hHb1Z1dDN3N1A4QiIsIm1hYyI6ImI5YzhmZTQwODg3ZTQxNDE5NzE2NTFkMmFlNzBkMWQyYTY0NjFjZDEwYjI5YzMyYWYwYWQyMGE4MjMxYWI5NzAifQ==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7AnKJdOa%2BcJLDYlTq6K5R5mc6M0TtTiZql6C6P40yZDeOTLzs3C4UFV64LsNJwUMjcQwO2uZOqv2EGFshrTXeYu%2BTJrEMY6ZNyvMnJrubZmXbci0wINVcMtVOvRbhaDUOYgfSO64xa3ltvA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlJEa1BpU2oyUTFSZjIyYmwxcUUxNXc9PSIsInZhbHVlIjoiQWlcL3JIbldIdGNmVVJsS3ZYNTh1dWpZQXo4bXhQRnVDM3BLZEdMQVFNUVNQY2M2Z2Z1Q01CU2VRN3Nic2dHZmwiLCJtYWMiOiI1ZmM1Y2U3YTNjY2QzM2NiYTBlZTBlYjM3Y2Q3N2VkODZjYWVkOGRkY2Q2MzUyNzc1ZGQ3NjRiZDkyZDY3ZWZjIn0%3D; expires=Fri, 06-Aug-2021 13:49:12 GMT; Max-Age=7200; path=/ c=eyJpdiI6IjQ1YzY4MXJiWTBqdnd1RHhkMWVobEE9PSIsInZhbHVlIjoiSFwvbzBYNmM3WERGbEtSMlh0WEdKZURYMTdoZ3A2WTVvMGtzR3ZjWmRTdisreFluSFp3bzVwZnNFRGc5Zng3Z0UiLCJtYWMiOiIyNjRjYzA3MmVlNDIxMTQ2YmY4NDQ4MDM5YjM4NTU2ZGUwNGNiZjBiMWM1MTUzZjdjMWFkZmU1Y2E0YWQxYmVlIn0%3D; expires=Fri, 06-Aug-2021 13:49:12 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a63282942f7-FRA

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=508670847&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=764459664.1628250551&tid=UA-192660002-1&_gid=1416830450.1628250551&gtm=2wg840MSK8GMG&z=618049681

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 05:58:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 21032
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 62ms
61ms Script
application/javascript 13.224.96.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77467
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: WRz6Cl7iSxqKxMjkzC2axRs5h8mYJnEIrc4Tp6gQY1eTp51ht9gfPw==

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 50ms
50ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.917102945096198&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 48ms
48ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.3124421661317811
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 92B4 2 KB
1 KB 55ms
55ms Document
text/html 13.224.96.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-92.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: jYkCROgVocbSOWAHb4GfqtMmDnPetsA33ABaHwJbkogbmwno9TRQBg==
age: 1683162

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 49ms
49ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-133"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 52ms
51ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:13 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 46ms
46ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:13 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js
cdn.pushcrew.com/js/ 248 KB
70 KB 128ms
127ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Fri, 06 Aug 2021 12:19:13 GMT

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 172ms
172ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e0a9243721fc18c5c0b23af98626346a69df804837e496c03ba537bc54eb9d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250552.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlJEa1BpU2oyUTFSZjIyYmwxcUUxNXc9PSIsInZhbHVlIjoiQWlcL3JIbldIdGNmVVJsS3ZYNTh1dWpZQXo4bXhQRnVDM3BLZEdMQVFNUVNQY2M2Z2Z1Q01CU2VRN3Nic2dHZmwiLCJtYWMiOiI1ZmM1Y2U3YTNjY2QzM2NiYTBlZTBlYjM3Y2Q3N2VkODZjYWVkOGRkY2Q2MzUyNzc1ZGQ3NjRiZDkyZDY3ZWZjIn0%3D; c=eyJpdiI6IjQ1YzY4MXJiWTBqdnd1RHhkMWVobEE9PSIsInZhbHVlIjoiSFwvbzBYNmM3WERGbEtSMlh0WEdKZURYMTdoZ3A2WTVvMGtzR3ZjWmRTdisreFluSFp3bzVwZnNFRGc5Zng3Z0UiLCJtYWMiOiIyNjRjYzA3MmVlNDIxMTQ2YmY4NDQ4MDM5YjM4NTU2ZGUwNGNiZjBiMWM1MTUzZjdjMWFkZmU1Y2E0YWQxYmVlIn0%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlFKUTh0YTQ0XC84Zm9uRFV6ZjlVd3JnPT0iLCJ2YWx1ZSI6IkZwXC96ZHZETUVER3dneDBFMWMyZ3NEaU9ZMUtZcFlqMHp5aTRpaStpTDYwR0UzcjgzRkZJSzdFQTBTNTVzNDJVIiwibWFjIjoiOThiNGJlNjA5YzdiZGNiMjFhZjYxYWQ1MzY4MTBlOGQxYzUxZDAwYmRkOWQ0ZTE4ODI4NDliOThmMTcxYzgxMSJ9; expires=Fri, 06-Aug-2021 13:49:13 GMT; Max-Age=7200; path=/ c=eyJpdiI6ImtwY0ZJUloxdUtkOVViY2JZYXUyQVE9PSIsInZhbHVlIjoiMk5qRGpJT2ZhSmkyUkdBNmtFcE8wN01lR1pGWDY5OTR0am9rbitXNlk0UGJSNzZrbGpBZGxoQ2cyd3VnY1VGdyIsIm1hYyI6ImU2MTUxYTI3YzgwNzBlODM2NjA2NTBjNWRkNzA2NTQwNDk0MTRhYTAzMGJmYmRjOTM0MzMyYjdhNGRmODQ2ZWIifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:13 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 2
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N2a7Mr799Oskj1ca%2BvSofNXPxDhOmXG5tarYjUZy5CXzrn9bfETK1mb5l0oMFGlw%2BpSOCFslxWTZb9UbTObW%2BUK9TLzgI8HNG9BUw2e40HdwFEP2%2B%2B3LM41h6tZdpRxBuhr6WqrxRM6FKkc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67a80a652d3442f7-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 47ms
47ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 06 Aug 2021 11:49:13 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 18ms
17ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250552.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlFKUTh0YTQ0XC84Zm9uRFV6ZjlVd3JnPT0iLCJ2YWx1ZSI6IkZwXC96ZHZETUVER3dneDBFMWMyZ3NEaU9ZMUtZcFlqMHp5aTRpaStpTDYwR0UzcjgzRkZJSzdFQTBTNTVzNDJVIiwibWFjIjoiOThiNGJlNjA5YzdiZGNiMjFhZjYxYWQ1MzY4MTBlOGQxYzUxZDAwYmRkOWQ0ZTE4ODI4NDliOThmMTcxYzgxMSJ9; c=eyJpdiI6ImtwY0ZJUloxdUtkOVViY2JZYXUyQVE9PSIsInZhbHVlIjoiMk5qRGpJT2ZhSmkyUkdBNmtFcE8wN01lR1pGWDY5OTR0am9rbitXNlk0UGJSNzZrbGpBZGxoQ2cyd3VnY1VGdyIsIm1hYyI6ImU2MTUxYTI3YzgwNzBlODM2NjA2NTBjNWRkNzA2NTQwNDk0MTRhYTAzMGJmYmRjOTM0MzMyYjdhNGRmODQ2ZWIifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3664
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gJE6mhq5y1PIy5RSWGSqRIExrr9i8YBxoQCUNPWpVoEtkmZJND%2FohPMBMob%2BPhpwsu9nEHHJ53oKg6dIzumjxuWVrPzZ3IUsuS6lxYldXeQLJtPDZkMTjrZeHrYJ4UD3hve9WWU%2BEPj34gg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a66586042f7-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
760 B 13ms
12ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250552.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlFKUTh0YTQ0XC84Zm9uRFV6ZjlVd3JnPT0iLCJ2YWx1ZSI6IkZwXC96ZHZETUVER3dneDBFMWMyZ3NEaU9ZMUtZcFlqMHp5aTRpaStpTDYwR0UzcjgzRkZJSzdFQTBTNTVzNDJVIiwibWFjIjoiOThiNGJlNjA5YzdiZGNiMjFhZjYxYWQ1MzY4MTBlOGQxYzUxZDAwYmRkOWQ0ZTE4ODI4NDliOThmMTcxYzgxMSJ9; c=eyJpdiI6ImtwY0ZJUloxdUtkOVViY2JZYXUyQVE9PSIsInZhbHVlIjoiMk5qRGpJT2ZhSmkyUkdBNmtFcE8wN01lR1pGWDY5OTR0am9rbitXNlk0UGJSNzZrbGpBZGxoQ2cyd3VnY1VGdyIsIm1hYyI6ImU2MTUxYTI3YzgwNzBlODM2NjA2NTBjNWRkNzA2NTQwNDk0MTRhYTAzMGJmYmRjOTM0MzMyYjdhNGRmODQ2ZWIifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3664
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y6rraG8aQiIRWz2ldbihu300uII96JiZ4QvMb9uM4Thg7wg%2FrvErVo16PuVjKxEkcWbnT%2BasBLK%2FWhf3wpfkurQg6n7qUTWmlyvcTwoxnm1N%2Ftaa3yubws2ieYQWw5CDIkMYE4KlFYcVsAM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a66586242f7-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 9ms
8ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000049794a1-0060df28ef-12ed1804-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 53ms
53ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 27ms
23ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 28ms
23ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 21ms
17ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250552.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlFKUTh0YTQ0XC84Zm9uRFV6ZjlVd3JnPT0iLCJ2YWx1ZSI6IkZwXC96ZHZETUVER3dneDBFMWMyZ3NEaU9ZMUtZcFlqMHp5aTRpaStpTDYwR0UzcjgzRkZJSzdFQTBTNTVzNDJVIiwibWFjIjoiOThiNGJlNjA5YzdiZGNiMjFhZjYxYWQ1MzY4MTBlOGQxYzUxZDAwYmRkOWQ0ZTE4ODI4NDliOThmMTcxYzgxMSJ9; c=eyJpdiI6ImtwY0ZJUloxdUtkOVViY2JZYXUyQVE9PSIsInZhbHVlIjoiMk5qRGpJT2ZhSmkyUkdBNmtFcE8wN01lR1pGWDY5OTR0am9rbitXNlk0UGJSNzZrbGpBZGxoQ2cyd3VnY1VGdyIsIm1hYyI6ImU2MTUxYTI3YzgwNzBlODM2NjA2NTBjNWRkNzA2NTQwNDk0MTRhYTAzMGJmYmRjOTM0MzMyYjdhNGRmODQ2ZWIifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3663
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:28:14 GMT
server: cloudflare
etag: "610d0ebe-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CMK9h22ES%2BDKggMeC2UNZ3cVIkJThFlXPfNsqEUcfYsTHY%2FHj6RY29GyBVle3c5TPY6blkDQJ6B%2BLdtuj3in552mRySy8P9DrsnpFHKA%2BmISbNPAs48PPpWzyVhBEJ3vZ8mm4vJsnF%2BpRRU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a66a94b42f7-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 28ms
23ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 28ms
24ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794ba-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 29ms
24ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b6-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 16ms
15ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bc-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 17ms
17ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794be-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 13ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 14ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 12ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bd-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 13ms
9ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
9ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bc-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
10ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bb-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
5ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b8-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a5-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 8ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 8ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a3-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 22ms
20ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250552.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlFKUTh0YTQ0XC84Zm9uRFV6ZjlVd3JnPT0iLCJ2YWx1ZSI6IkZwXC96ZHZETUVER3dneDBFMWMyZ3NEaU9ZMUtZcFlqMHp5aTRpaStpTDYwR0UzcjgzRkZJSzdFQTBTNTVzNDJVIiwibWFjIjoiOThiNGJlNjA5YzdiZGNiMjFhZjYxYWQ1MzY4MTBlOGQxYzUxZDAwYmRkOWQ0ZTE4ODI4NDliOThmMTcxYzgxMSJ9; c=eyJpdiI6ImtwY0ZJUloxdUtkOVViY2JZYXUyQVE9PSIsInZhbHVlIjoiMk5qRGpJT2ZhSmkyUkdBNmtFcE8wN01lR1pGWDY5OTR0am9rbitXNlk0UGJSNzZrbGpBZGxoQ2cyd3VnY1VGdyIsIm1hYyI6ImU2MTUxYTI3YzgwNzBlODM2NjA2NTBjNWRkNzA2NTQwNDk0MTRhYTAzMGJmYmRjOTM0MzMyYjdhNGRmODQ2ZWIifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3663
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lf6yIlh3L9B%2FElUoMWYa0S6ST0%2F8E40g%2BmLDSvtKp1zU1jxVIJxmewAUnIpH9%2B9G%2FlmvdFb7RwcxcrYku1quZ2XFthxmy6LSvb%2BLjbp%2FVCISGXvlU4qGUL7An1eVl4PuwAd031rUIIBG9JA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67a80a66a94f42f7-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 11ms
11ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250552.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlFKUTh0YTQ0XC84Zm9uRFV6ZjlVd3JnPT0iLCJ2YWx1ZSI6IkZwXC96ZHZETUVER3dneDBFMWMyZ3NEaU9ZMUtZcFlqMHp5aTRpaStpTDYwR0UzcjgzRkZJSzdFQTBTNTVzNDJVIiwibWFjIjoiOThiNGJlNjA5YzdiZGNiMjFhZjYxYWQ1MzY4MTBlOGQxYzUxZDAwYmRkOWQ0ZTE4ODI4NDliOThmMTcxYzgxMSJ9; c=eyJpdiI6ImtwY0ZJUloxdUtkOVViY2JZYXUyQVE9PSIsInZhbHVlIjoiMk5qRGpJT2ZhSmkyUkdBNmtFcE8wN01lR1pGWDY5OTR0am9rbitXNlk0UGJSNzZrbGpBZGxoQ2cyd3VnY1VGdyIsIm1hYyI6ImU2MTUxYTI3YzgwNzBlODM2NjA2NTBjNWRkNzA2NTQwNDk0MTRhYTAzMGJmYmRjOTM0MzMyYjdhNGRmODQ2ZWIifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 03 Aug 2021 14:21:05 GMT
server: cloudflare
etag: W/"610950d1-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=49eZ9Ir1CGlyg%2BNGRteHLhKowkbs6zHoYoWIflicu2dy%2FBLQaE2AZxqgxbAwnt8bOVmF9uZvwm2wlDra9mjjzW2Dkbz52RYEtdcjJTT8VQHnUlf%2F%2FG%2FY07MsmxO9BOaP4R40JFW%2BoZN4c2k%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a6668a942f7-FRA
vary: Accept-Encoding
expires: Sun, 08 Aug 2021 11:49:13 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 14ms
14ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250552.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlFKUTh0YTQ0XC84Zm9uRFV6ZjlVd3JnPT0iLCJ2YWx1ZSI6IkZwXC96ZHZETUVER3dneDBFMWMyZ3NEaU9ZMUtZcFlqMHp5aTRpaStpTDYwR0UzcjgzRkZJSzdFQTBTNTVzNDJVIiwibWFjIjoiOThiNGJlNjA5YzdiZGNiMjFhZjYxYWQ1MzY4MTBlOGQxYzUxZDAwYmRkOWQ0ZTE4ODI4NDliOThmMTcxYzgxMSJ9; c=eyJpdiI6ImtwY0ZJUloxdUtkOVViY2JZYXUyQVE9PSIsInZhbHVlIjoiMk5qRGpJT2ZhSmkyUkdBNmtFcE8wN01lR1pGWDY5OTR0am9rbitXNlk0UGJSNzZrbGpBZGxoQ2cyd3VnY1VGdyIsIm1hYyI6ImU2MTUxYTI3YzgwNzBlODM2NjA2NTBjNWRkNzA2NTQwNDk0MTRhYTAzMGJmYmRjOTM0MzMyYjdhNGRmODQ2ZWIifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3663
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:36 GMT
server: cloudflare
etag: W/"610d0f4c-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f4iuCwgmL4GWLKxnwIJPEvletur7pXHlFMlv2HjbpO1DMdJbSqaR9H%2B8ejjWhTwWJXK3LLkF%2Bi%2FN89WePhVfh2mDV5rEuRay4GTeWa1e7qnR73qajplCFX%2FP%2FvRd30t%2FG5yWk9g9HmTJFNU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a6688dd42f7-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 25ms
25ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250552.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlFKUTh0YTQ0XC84Zm9uRFV6ZjlVd3JnPT0iLCJ2YWx1ZSI6IkZwXC96ZHZETUVER3dneDBFMWMyZ3NEaU9ZMUtZcFlqMHp5aTRpaStpTDYwR0UzcjgzRkZJSzdFQTBTNTVzNDJVIiwibWFjIjoiOThiNGJlNjA5YzdiZGNiMjFhZjYxYWQ1MzY4MTBlOGQxYzUxZDAwYmRkOWQ0ZTE4ODI4NDliOThmMTcxYzgxMSJ9; c=eyJpdiI6ImtwY0ZJUloxdUtkOVViY2JZYXUyQVE9PSIsInZhbHVlIjoiMk5qRGpJT2ZhSmkyUkdBNmtFcE8wN01lR1pGWDY5OTR0am9rbitXNlk0UGJSNzZrbGpBZGxoQ2cyd3VnY1VGdyIsIm1hYyI6ImU2MTUxYTI3YzgwNzBlODM2NjA2NTBjNWRkNzA2NTQwNDk0MTRhYTAzMGJmYmRjOTM0MzMyYjdhNGRmODQ2ZWIifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4586
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CPr05U9M4WnU88UyJHOrJTyU3A%2B0zchPcBd8zOrr%2B4cNyku4HxsxdTCoCkSrw1Qg4ladKQJLu%2FawB7NCATyR1%2BC%2BFfrsWczL0iWYtOJsYrPP%2BuzS%2BvGAljgJjn2El6sX1SzEf7Xi0yG%2BM48%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a66992142f7-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 9ms
9ms Script
application/javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx00000000000000495929e-0060df28ef-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 54ms
52ms Script
text/plain 18.195.123.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.123.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-123-247.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:13 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 161ms
60ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:13 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 19ms
17ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ebf9aea91580923f108d8e9c9fa03581c3c58fcd1ab8712d4ed593fbde60062

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Jul 2021 15:47:47 GMT
server: cloudflare
age: 4754
etag: W/"61041f23-9787"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TN7TRQMwC60X7uGdRs%2FXR3MOpMf5e5qZpE6UWNwehZdmBaTOwuw%2FMzLjIznXauxCy0%2FtA259tb6u1PWEWWRHjGm5fdHoLzpsbRTb2buEbZcy001WolVl7Brzt%2F9LhLtsJkzV40Xv5fDHkrxguA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a66adff4401-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
41 KB 19ms
18ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ee25e98eb177cc22fba819b261e53fdcdb837d1ca65533dbc186fa9f1f9550a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41863
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Aug 2021 11:49:13 GMT

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 51ms
49ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.985415037477454
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 5b0018e4471e2e87b8b8f5138782da3d95be0edd36b99c34092ace265aac65ec

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:13 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 8ms
7ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593e6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 16ms
15ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a8f778-0060df3204-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 18ms
16ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593a6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:13 GMT

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 42ms
41ms Fetch
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 14869471898732562513
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 06 Aug 2021 11:49:13 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 56ms
51ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 0f34593733037882ade7c623b968e22ebfe42ef38adaf8a56d738c50a6059798

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:13 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 53ms
50ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

cade11eef5a332967fa44ea8056efc5f4d548e813cd9751bc56146158d518a45

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 48ms
48ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:13 GMT
Server: nginx/1.19.10
Etag: 64ee107f-0a6f-4796-85ea-0f5ed898ce3f
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 15ms
14ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:13 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 16ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:13 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 16ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:13 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 18ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:13 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 15ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:13 GMT

GET
H3-29 200 locate Show response
tgfunnls.org/ 150 B
1 KB 105ms
105ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9444725fb48cd94db4b9c4e1544b3ace3c54ccd0d1a289f124d36b69c9d6a20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6IlFKUTh0YTQ0XC84Zm9uRFV6ZjlVd3JnPT0iLCJ2YWx1ZSI6IkZwXC96ZHZETUVER3dneDBFMWMyZ3NEaU9ZMUtZcFlqMHp5aTRpaStpTDYwR0UzcjgzRkZJSzdFQTBTNTVzNDJVIiwibWFjIjoiOThiNGJlNjA5YzdiZGNiMjFhZjYxYWQ1MzY4MTBlOGQxYzUxZDAwYmRkOWQ0ZTE4ODI4NDliOThmMTcxYzgxMSJ9
accept-language: en-US
sec-fetch-dest: empty
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250552.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlFKUTh0YTQ0XC84Zm9uRFV6ZjlVd3JnPT0iLCJ2YWx1ZSI6IkZwXC96ZHZETUVER3dneDBFMWMyZ3NEaU9ZMUtZcFlqMHp5aTRpaStpTDYwR0UzcjgzRkZJSzdFQTBTNTVzNDJVIiwibWFjIjoiOThiNGJlNjA5YzdiZGNiMjFhZjYxYWQ1MzY4MTBlOGQxYzUxZDAwYmRkOWQ0ZTE4ODI4NDliOThmMTcxYzgxMSJ9; c=eyJpdiI6ImtwY0ZJUloxdUtkOVViY2JZYXUyQVE9PSIsInZhbHVlIjoiMk5qRGpJT2ZhSmkyUkdBNmtFcE8wN01lR1pGWDY5OTR0am9rbitXNlk0UGJSNzZrbGpBZGxoQ2cyd3VnY1VGdyIsIm1hYyI6ImU2MTUxYTI3YzgwNzBlODM2NjA2NTBjNWRkNzA2NTQwNDk0MTRhYTAzMGJmYmRjOTM0MzMyYjdhNGRmODQ2ZWIifQ%3D%3D
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IlFKUTh0YTQ0XC84Zm9uRFV6ZjlVd3JnPT0iLCJ2YWx1ZSI6IkZwXC96ZHZETUVER3dneDBFMWMyZ3NEaU9ZMUtZcFlqMHp5aTRpaStpTDYwR0UzcjgzRkZJSzdFQTBTNTVzNDJVIiwibWFjIjoiOThiNGJlNjA5YzdiZGNiMjFhZjYxYWQ1MzY4MTBlOGQxYzUxZDAwYmRkOWQ0ZTE4ODI4NDliOThmMTcxYzgxMSJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bZwxmYAXAksnQlznijBmjKbXQMb3b6FvFuSIWV5vIFpiyq3snL3cwOa236NWZpHujR6zBraKvdPtumfeYxFKEbh6Z6gXGzItyZNl3B9XNbP7%2BGyPCqg%2FFnJx0xLjEPDN2Be7PKw5mVid8OU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Ik8yWFJWM2E3VHE5QW1XT0xRbTRpaFE9PSIsInZhbHVlIjoiRVZQcFwvbjNXUHpSNXhNUHczVUJWM09wZUFETWp0eDVjVGtuXC91RWowSm8xRnVLRTFQM1VlZDlaQW9XcTVYYlhBIiwibWFjIjoiZTM1NWE4NWYwZWQ1MTJkYThiMWUwMmVhNDUxOWVkZDI0NDE5Y2MzMjljNGIzNzU1ZTdkZWU5YWJlMjUyYTIzMiJ9; expires=Fri, 06-Aug-2021 13:49:13 GMT; Max-Age=7200; path=/ c=eyJpdiI6Im05dFwvMU5Dd2dHREhaTGsreTV0V1F3PT0iLCJ2YWx1ZSI6InpDYlRJQ1VFNDB6ajBBT0cyblN2T3RtMGVCTGx5em5EVzRzOExBa294TzFkblFNM0dacm5VOFhEUHRKZ241NFIiLCJtYWMiOiIwM2E4NGRjMjRhNjdkZDhkNjc1MzA3ZGNkYWNlZTQyZDM0ODgzZTFlNWZkOWU0NjY0MjQyMGU0NDFiNzY2YjRjIn0%3D; expires=Fri, 06-Aug-2021 13:49:13 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a677b9d42f7-FRA

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 13ms
13ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250552.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlFKUTh0YTQ0XC84Zm9uRFV6ZjlVd3JnPT0iLCJ2YWx1ZSI6IkZwXC96ZHZETUVER3dneDBFMWMyZ3NEaU9ZMUtZcFlqMHp5aTRpaStpTDYwR0UzcjgzRkZJSzdFQTBTNTVzNDJVIiwibWFjIjoiOThiNGJlNjA5YzdiZGNiMjFhZjYxYWQ1MzY4MTBlOGQxYzUxZDAwYmRkOWQ0ZTE4ODI4NDliOThmMTcxYzgxMSJ9; c=eyJpdiI6ImtwY0ZJUloxdUtkOVViY2JZYXUyQVE9PSIsInZhbHVlIjoiMk5qRGpJT2ZhSmkyUkdBNmtFcE8wN01lR1pGWDY5OTR0am9rbitXNlk0UGJSNzZrbGpBZGxoQ2cyd3VnY1VGdyIsIm1hYyI6ImU2MTUxYTI3YzgwNzBlODM2NjA2NTBjNWRkNzA2NTQwNDk0MTRhYTAzMGJmYmRjOTM0MzMyYjdhNGRmODQ2ZWIifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2316
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:55:13 GMT
server: cloudflare
etag: "610d1511-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r6mUk8WpxK85dvfv6DO9ysom02vSnjf92gFe3OGibUYLmEhscESGyHQpzbBfdrKBDoNX%2BW7aSi%2F7Lcr5dbEw2sMP95xiDcHI4v%2BjlZ9c8eSf6eAOvXXMEPxDBW%2B7ZaZNUQURImlrP9wVSFI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a677ba042f7-FRA

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 51ms
51ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:13 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 49ms
48ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:13 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK c7c3eb69-5431-465e-9d37-06244ff88e17
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/c7c3eb69-5431-465e-9d37-06244ff88e17
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 22ms
22ms Image
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

caf7ecf5748d7e3e027c4c06c569b3a6fb8f0f78f0dc3ff8c888b2299747e496

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51136
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:13 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2132
date: Fri, 06 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 55ms
55ms Script
application/javascript 13.224.96.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d4261e9b3b427b4faba85d775a6dbd131cf86cbd42945ba05ae2ebad8f8f36e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:48:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 55
etag: W/4e117f3a38c123981a4b3509540d1697
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: pyv3i5enruAOsRbsKA-fvoAZt26auJq7N_ZhZ1_KqK6sFwMSMOaY5g==
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 51ms
51ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:13 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 48ms
46ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:13 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.985415037477454
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: b6a6463b285c1fdc27b7022ff01564762e81117074a3f3781cc931fe389afc70

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-f3a3"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62371
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 121ms
121ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D300A6AF58D106D85594CDBFBAA2B13D7&h=ce01f3e9beb7bdefb21b49b643350b73&t=false&r=0.53207026173659

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:13 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 195ms
195ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6Ik8yWFJWM2E3VHE5QW1XT0xRbTRpaFE9PSIsInZhbHVlIjoiRVZQcFwvbjNXUHpSNXhNUHczVUJWM09wZUFETWp0eDVjVGtuXC91RWowSm8xRnVLRTFQM1VlZDlaQW9XcTVYYlhBIiwibWFjIjoiZTM1NWE4NWYwZWQ1MTJkYThiMWUwMmVhNDUxOWVkZDI0NDE5Y2MzMjljNGIzNzU1ZTdkZWU5YWJlMjUyYTIzMiJ9
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250552.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6Ik8yWFJWM2E3VHE5QW1XT0xRbTRpaFE9PSIsInZhbHVlIjoiRVZQcFwvbjNXUHpSNXhNUHczVUJWM09wZUFETWp0eDVjVGtuXC91RWowSm8xRnVLRTFQM1VlZDlaQW9XcTVYYlhBIiwibWFjIjoiZTM1NWE4NWYwZWQ1MTJkYThiMWUwMmVhNDUxOWVkZDI0NDE5Y2MzMjljNGIzNzU1ZTdkZWU5YWJlMjUyYTIzMiJ9; c=eyJpdiI6Im05dFwvMU5Dd2dHREhaTGsreTV0V1F3PT0iLCJ2YWx1ZSI6InpDYlRJQ1VFNDB6ajBBT0cyblN2T3RtMGVCTGx5em5EVzRzOExBa294TzFkblFNM0dacm5VOFhEUHRKZ241NFIiLCJtYWMiOiIwM2E4NGRjMjRhNjdkZDhkNjc1MzA3ZGNkYWNlZTQyZDM0ODgzZTFlNWZkOWU0NjY0MjQyMGU0NDFiNzY2YjRjIn0%3D
content-length: 188
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6Ik8yWFJWM2E3VHE5QW1XT0xRbTRpaFE9PSIsInZhbHVlIjoiRVZQcFwvbjNXUHpSNXhNUHczVUJWM09wZUFETWp0eDVjVGtuXC91RWowSm8xRnVLRTFQM1VlZDlaQW9XcTVYYlhBIiwibWFjIjoiZTM1NWE4NWYwZWQ1MTJkYThiMWUwMmVhNDUxOWVkZDI0NDE5Y2MzMjljNGIzNzU1ZTdkZWU5YWJlMjUyYTIzMiJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dms%2FNdTbtkQCTIPVqj0oo0gNOX1pOjyaijvZaoi2XglVBLhv08gVG3bmrSh8sHzKrhdCBfWr%2Fn%2ForjsO%2FIJOQ7Uw02l9KtdLn6l7F%2FhC6yk8OnRxYwmvNcmpO%2FYrAsGQ0CmEmXKSyM721vU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Ijd4eDJ4eWtcL3hVR0tjUnhKQ0J2K1RRPT0iLCJ2YWx1ZSI6IjJZekNlK24yN0pFZHZEMkNMOEhaRUFveElhZGVmTXlhQlh0MFM4VzN5QUlwb2VTcldWeDd6UUNudExKdXNaK0QiLCJtYWMiOiIxY2IzYzJmYzY2NzlhZTU0MTc0NTg5YmM5MmI4YWE5ODk5Yjg1ZWQ5NzhhMzZjNTZhZmFlNWM3N2EwOWFhYjVkIn0%3D; expires=Fri, 06-Aug-2021 13:49:13 GMT; Max-Age=7200; path=/ c=eyJpdiI6IkZDZ1d0dDEzRUNoWVdhc0lIZWNzYlE9PSIsInZhbHVlIjoibFN6XC85QlRsZXZCVW9tWDk5dVZOT2U4VEFCZzVPZVJWTDh1Q3dHbFg3S3Y4a2l5b05pMEtndGlETW9SYXAxWjgiLCJtYWMiOiI5MDJmYzY2MmY3MGVkNDU0ZTlkMTM3MGRjZDg4ODI0Nzk1NmRhMWM5MzM2OTVmMzEwZmYxOGU2NzZiZWFmMWI1In0%3D; expires=Fri, 06-Aug-2021 13:49:13 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a682d6142f7-FRA

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=1377289548&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=764459664.1628250551&tid=UA-192660002-1&_gid=1416830450.1628250551&gtm=2wg840MSK8GMG&z=1229365237

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 05:58:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 21033
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 62ms
61ms Script
application/javascript 13.224.96.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77468
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: 2vT0yDSN8quSknukLRBu_ILsVxIZKNhlVgFYFW-qHgwNoNxe8Ce0sg==

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 49ms
48ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.6369837113560919&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame CD39 2 KB
1 KB 56ms
55ms Document
text/html 13.224.96.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-92.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: IN1s8BgnbMf4c0BW6NVLpgUeUa-A5x5lqrXxM02LjePBuR7P7naGuA==
age: 1683163

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 49ms
49ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.2631230214319169
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 49ms
48ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:12 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-133"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js
cdn.pushcrew.com/js/ 248 KB
70 KB 127ms
127ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Fri, 06 Aug 2021 12:19:13 GMT

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 48ms
48ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:13 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 54ms
53ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:14 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 175ms
175ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf813550d8e75720bb693c8df692b20956d1ccafc9202944ddb366948cc75c63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250553.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6Ijd4eDJ4eWtcL3hVR0tjUnhKQ0J2K1RRPT0iLCJ2YWx1ZSI6IjJZekNlK24yN0pFZHZEMkNMOEhaRUFveElhZGVmTXlhQlh0MFM4VzN5QUlwb2VTcldWeDd6UUNudExKdXNaK0QiLCJtYWMiOiIxY2IzYzJmYzY2NzlhZTU0MTc0NTg5YmM5MmI4YWE5ODk5Yjg1ZWQ5NzhhMzZjNTZhZmFlNWM3N2EwOWFhYjVkIn0%3D; c=eyJpdiI6IkZDZ1d0dDEzRUNoWVdhc0lIZWNzYlE9PSIsInZhbHVlIjoibFN6XC85QlRsZXZCVW9tWDk5dVZOT2U4VEFCZzVPZVJWTDh1Q3dHbFg3S3Y4a2l5b05pMEtndGlETW9SYXAxWjgiLCJtYWMiOiI5MDJmYzY2MmY3MGVkNDU0ZTlkMTM3MGRjZDg4ODI0Nzk1NmRhMWM5MzM2OTVmMzEwZmYxOGU2NzZiZWFmMWI1In0%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImZFS01HaDVJSEZUdXA4alFXbDVZMlE9PSIsInZhbHVlIjoiN1pzb3U0TVd5cXlXejA3OUNIcDRNZE94MWhUS0I2S3BIQXBHVEs3bVA3VkQ5NzI2ZktXK1FNTDh0c3BVOHFGUSIsIm1hYyI6IjUxMTAyOGFmNzgwOWJhOWU3ODU2MTQwNzFiYjdlN2UwZjQ3NGZhNjBlMGQ5OGUxYWZmYjExN2Q3MDdiOGIzYTIifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:14 GMT; Max-Age=7200; path=/ c=eyJpdiI6IjduNzhOb25vazJXZzZ6UlN0dDRUZWc9PSIsInZhbHVlIjoiTk9Wd0Zsa1wvZFN0cEdLWEhRXC80NDRTcWFwWWNnMzNtSW9MQ1N2MHIzYjhKSXBrWm1TSEZCZzZ1XC9EWmpWTzk1ZiIsIm1hYyI6IjY1ODU1ZTFhMDRjZTQ2NjhiYmRkOWFjMGI0Yzg1ODA3YmQ3OTI1ZjQzZjcwNDNiOGU2YThmZTM5YTI0YmIyMmMifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:14 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 3
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EevK10lZ0utaOQBq2NIHE28z4OC3hxsy4rrBtpfcl697NosTwMuQZeKDsJYB3FlQZJs4hxUvTKswP41UGZ%2BnNwqHnCm110DUCdZcIOfz%2FQZkYasuFFcNRbJaRWJvOWxjyy7iiio5pNPczFw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67a80a6adccc42f7-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 46ms
46ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 06 Aug 2021 11:49:14 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 15ms
15ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250553.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6ImZFS01HaDVJSEZUdXA4alFXbDVZMlE9PSIsInZhbHVlIjoiN1pzb3U0TVd5cXlXejA3OUNIcDRNZE94MWhUS0I2S3BIQXBHVEs3bVA3VkQ5NzI2ZktXK1FNTDh0c3BVOHFGUSIsIm1hYyI6IjUxMTAyOGFmNzgwOWJhOWU3ODU2MTQwNzFiYjdlN2UwZjQ3NGZhNjBlMGQ5OGUxYWZmYjExN2Q3MDdiOGIzYTIifQ%3D%3D; c=eyJpdiI6IjduNzhOb25vazJXZzZ6UlN0dDRUZWc9PSIsInZhbHVlIjoiTk9Wd0Zsa1wvZFN0cEdLWEhRXC80NDRTcWFwWWNnMzNtSW9MQ1N2MHIzYjhKSXBrWm1TSEZCZzZ1XC9EWmpWTzk1ZiIsIm1hYyI6IjY1ODU1ZTFhMDRjZTQ2NjhiYmRkOWFjMGI0Yzg1ODA3YmQ3OTI1ZjQzZjcwNDNiOGU2YThmZTM5YTI0YmIyMmMifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3665
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L%2BnD%2FSpOJXarPOeSvLNw0ypXJGy9biInF55Y9fv55S6TkdakUtcGpUz40x5pcUpm6imh0R7PzHZPrPdOirCllMVgMPUZG0UiQutUcX7COXDHbHKR8oZbvb20bkgCrcD69klM1EcCwolq3kw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a6bf81242f7-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
758 B 15ms
14ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250553.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6ImZFS01HaDVJSEZUdXA4alFXbDVZMlE9PSIsInZhbHVlIjoiN1pzb3U0TVd5cXlXejA3OUNIcDRNZE94MWhUS0I2S3BIQXBHVEs3bVA3VkQ5NzI2ZktXK1FNTDh0c3BVOHFGUSIsIm1hYyI6IjUxMTAyOGFmNzgwOWJhOWU3ODU2MTQwNzFiYjdlN2UwZjQ3NGZhNjBlMGQ5OGUxYWZmYjExN2Q3MDdiOGIzYTIifQ%3D%3D; c=eyJpdiI6IjduNzhOb25vazJXZzZ6UlN0dDRUZWc9PSIsInZhbHVlIjoiTk9Wd0Zsa1wvZFN0cEdLWEhRXC80NDRTcWFwWWNnMzNtSW9MQ1N2MHIzYjhKSXBrWm1TSEZCZzZ1XC9EWmpWTzk1ZiIsIm1hYyI6IjY1ODU1ZTFhMDRjZTQ2NjhiYmRkOWFjMGI0Yzg1ODA3YmQ3OTI1ZjQzZjcwNDNiOGU2YThmZTM5YTI0YmIyMmMifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3665
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3K1nDre0cgsljPb1d%2F2WW9p6Yy7ZWaURRr7gKciZoWnDrzRK2RGpuhgbbOfTjU2E3p92MFp6qI6%2BJ9zGgcnxf9ctEV9b1MvWnLPqngBpPW3udJRRK971DLEZI630Iq6H5OVjMQakrVbBVj0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a6bf81842f7-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 12ms
11ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000049794a1-0060df28ef-12ed1804-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 52ms
52ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 26ms
23ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 26ms
23ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 15ms
13ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250553.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6ImZFS01HaDVJSEZUdXA4alFXbDVZMlE9PSIsInZhbHVlIjoiN1pzb3U0TVd5cXlXejA3OUNIcDRNZE94MWhUS0I2S3BIQXBHVEs3bVA3VkQ5NzI2ZktXK1FNTDh0c3BVOHFGUSIsIm1hYyI6IjUxMTAyOGFmNzgwOWJhOWU3ODU2MTQwNzFiYjdlN2UwZjQ3NGZhNjBlMGQ5OGUxYWZmYjExN2Q3MDdiOGIzYTIifQ%3D%3D; c=eyJpdiI6IjduNzhOb25vazJXZzZ6UlN0dDRUZWc9PSIsInZhbHVlIjoiTk9Wd0Zsa1wvZFN0cEdLWEhRXC80NDRTcWFwWWNnMzNtSW9MQ1N2MHIzYjhKSXBrWm1TSEZCZzZ1XC9EWmpWTzk1ZiIsIm1hYyI6IjY1ODU1ZTFhMDRjZTQ2NjhiYmRkOWFjMGI0Yzg1ODA3YmQ3OTI1ZjQzZjcwNDNiOGU2YThmZTM5YTI0YmIyMmMifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3664
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:28:14 GMT
server: cloudflare
etag: "610d0ebe-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QwYF7WJrszf2C9%2F1d8sIm5teLr13jVo7qNT%2BwgtyKsdaa6GCPnLnqX2S3mixIMZvFhy6xkld897LmFNROlQkxY%2BaCCF5lJ6rir3jZTKxovK4s%2BBrwL9Rne9bCMK8Q82THsE4QNj6Gotkrag%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a6c592842f7-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 27ms
23ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 27ms
24ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794ba-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 27ms
24ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b6-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 26ms
26ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bc-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 27ms
26ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794be-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 13ms
5ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 13ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 10ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bd-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 8ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bc-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bb-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b8-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a5-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 8ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 8ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a3-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 16ms
14ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250553.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6ImZFS01HaDVJSEZUdXA4alFXbDVZMlE9PSIsInZhbHVlIjoiN1pzb3U0TVd5cXlXejA3OUNIcDRNZE94MWhUS0I2S3BIQXBHVEs3bVA3VkQ5NzI2ZktXK1FNTDh0c3BVOHFGUSIsIm1hYyI6IjUxMTAyOGFmNzgwOWJhOWU3ODU2MTQwNzFiYjdlN2UwZjQ3NGZhNjBlMGQ5OGUxYWZmYjExN2Q3MDdiOGIzYTIifQ%3D%3D; c=eyJpdiI6IjduNzhOb25vazJXZzZ6UlN0dDRUZWc9PSIsInZhbHVlIjoiTk9Wd0Zsa1wvZFN0cEdLWEhRXC80NDRTcWFwWWNnMzNtSW9MQ1N2MHIzYjhKSXBrWm1TSEZCZzZ1XC9EWmpWTzk1ZiIsIm1hYyI6IjY1ODU1ZTFhMDRjZTQ2NjhiYmRkOWFjMGI0Yzg1ODA3YmQ3OTI1ZjQzZjcwNDNiOGU2YThmZTM5YTI0YmIyMmMifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3664
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MEpJgbbk58d%2Bs%2BcUve7upNJFPwHnmXlbxqhNR8FLQUS1NurM8hAw%2B%2BTRlLn9YOtEWzRUQ24ZQbB0m3pPER3rbYMFh%2B01wXhlHFHOeiWXzQ2z3GWuVewwvZL2NepXX0EbslNb7WqVlF1ZycQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67a80a6c593442f7-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 9ms
9ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250553.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6ImZFS01HaDVJSEZUdXA4alFXbDVZMlE9PSIsInZhbHVlIjoiN1pzb3U0TVd5cXlXejA3OUNIcDRNZE94MWhUS0I2S3BIQXBHVEs3bVA3VkQ5NzI2ZktXK1FNTDh0c3BVOHFGUSIsIm1hYyI6IjUxMTAyOGFmNzgwOWJhOWU3ODU2MTQwNzFiYjdlN2UwZjQ3NGZhNjBlMGQ5OGUxYWZmYjExN2Q3MDdiOGIzYTIifQ%3D%3D; c=eyJpdiI6IjduNzhOb25vazJXZzZ6UlN0dDRUZWc9PSIsInZhbHVlIjoiTk9Wd0Zsa1wvZFN0cEdLWEhRXC80NDRTcWFwWWNnMzNtSW9MQ1N2MHIzYjhKSXBrWm1TSEZCZzZ1XC9EWmpWTzk1ZiIsIm1hYyI6IjY1ODU1ZTFhMDRjZTQ2NjhiYmRkOWFjMGI0Yzg1ODA3YmQ3OTI1ZjQzZjcwNDNiOGU2YThmZTM5YTI0YmIyMmMifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 03 Aug 2021 14:21:05 GMT
server: cloudflare
etag: W/"610950d1-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SVfzpk%2FrCM8meyS2lgAxBcLY41gVV3JO2sz0Wto9T0p5NPr5U3NwCihdzgFnSyyoH5tlDmDY5wZaPFZtp0tIHf6wjBOFfGsG%2BSSHGCsKUeEFL57KCt0%2BAdiW%2Fezq5yKg8g21JW14HO1rGQQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a6c185b42f7-FRA
vary: Accept-Encoding
expires: Sun, 08 Aug 2021 11:49:14 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 15ms
15ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250553.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6ImZFS01HaDVJSEZUdXA4alFXbDVZMlE9PSIsInZhbHVlIjoiN1pzb3U0TVd5cXlXejA3OUNIcDRNZE94MWhUS0I2S3BIQXBHVEs3bVA3VkQ5NzI2ZktXK1FNTDh0c3BVOHFGUSIsIm1hYyI6IjUxMTAyOGFmNzgwOWJhOWU3ODU2MTQwNzFiYjdlN2UwZjQ3NGZhNjBlMGQ5OGUxYWZmYjExN2Q3MDdiOGIzYTIifQ%3D%3D; c=eyJpdiI6IjduNzhOb25vazJXZzZ6UlN0dDRUZWc9PSIsInZhbHVlIjoiTk9Wd0Zsa1wvZFN0cEdLWEhRXC80NDRTcWFwWWNnMzNtSW9MQ1N2MHIzYjhKSXBrWm1TSEZCZzZ1XC9EWmpWTzk1ZiIsIm1hYyI6IjY1ODU1ZTFhMDRjZTQ2NjhiYmRkOWFjMGI0Yzg1ODA3YmQ3OTI1ZjQzZjcwNDNiOGU2YThmZTM5YTI0YmIyMmMifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3664
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:36 GMT
server: cloudflare
etag: W/"610d0f4c-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jz%2FineRKo6yqR%2B4xfO7hvoTtyYBIALXIDSsYC%2FMvLxqj71gK7Ra%2FXTzW01SnsdWKb1az56qyExlj6TcwzNFuISqLEiMRIEfMfkALWA%2F0JJGDwC8t%2FXEGOK6JuKdarK8sIcnHBXYzb%2Fp4NbQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a6c289e42f7-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 34ms
34ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250553.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6ImZFS01HaDVJSEZUdXA4alFXbDVZMlE9PSIsInZhbHVlIjoiN1pzb3U0TVd5cXlXejA3OUNIcDRNZE94MWhUS0I2S3BIQXBHVEs3bVA3VkQ5NzI2ZktXK1FNTDh0c3BVOHFGUSIsIm1hYyI6IjUxMTAyOGFmNzgwOWJhOWU3ODU2MTQwNzFiYjdlN2UwZjQ3NGZhNjBlMGQ5OGUxYWZmYjExN2Q3MDdiOGIzYTIifQ%3D%3D; c=eyJpdiI6IjduNzhOb25vazJXZzZ6UlN0dDRUZWc9PSIsInZhbHVlIjoiTk9Wd0Zsa1wvZFN0cEdLWEhRXC80NDRTcWFwWWNnMzNtSW9MQ1N2MHIzYjhKSXBrWm1TSEZCZzZ1XC9EWmpWTzk1ZiIsIm1hYyI6IjY1ODU1ZTFhMDRjZTQ2NjhiYmRkOWFjMGI0Yzg1ODA3YmQ3OTI1ZjQzZjcwNDNiOGU2YThmZTM5YTI0YmIyMmMifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4587
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CWgOM8gMMR%2B6TT1o%2BoXFB4voBvzjMLkIxaDzoSJSQZs%2BSFou%2BjiJ3A1z1fWkE8%2Fnutr0dxymLwu8hxBye5TRpWXWZsNbcpZahx%2FcxBU8Q%2Fm6VO34PmyRI9T7WbdlyyKuR0GQH8UPoxp8ld4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a6c48f342f7-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 9ms
8ms Script
application/javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx00000000000000495929e-0060df28ef-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 56ms
54ms Script
text/plain 18.195.123.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.123.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-123-247.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:14 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 151ms
50ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:14 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 28ms
26ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ebf9aea91580923f108d8e9c9fa03581c3c58fcd1ab8712d4ed593fbde60062

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Jul 2021 15:47:47 GMT
server: cloudflare
age: 4755
etag: W/"61041f23-9787"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ikxuJK98MYbRHbkgYJrXrYsBZ9khDRMoL4m11uvjkhOLwKgIS93RfXT7PNf7oLYv%2BENtIoqqX4J6%2FhWqctVPP5v%2Fc0pKyo3nojL%2FOlWc3nSNmGDIJlXVimKU8IgqieryvPYiHxJ8gXKa8XOs5A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a6c5eeb4401-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
41 KB 27ms
25ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b3deb878ce829e6d07f02dab95a7f5777b48eedd93f1161b99a1a04703abda10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41864
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Aug 2021 11:49:14 GMT

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 51ms
49ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.6954902621811501
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 77f8dbab5495e38da3aead65485004af16e18df3c3b78cc64c8382ac322f8393

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:14 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 18ms
18ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a8f778-0060df3204-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 18ms
18ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593a6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:14 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 8ms
7ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593e6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:14 GMT

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 49ms
49ms Fetch
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 14869471898732562513
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 06 Aug 2021 11:49:14 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 47ms
46ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: c764917fe61546271bab405b8113681cf919813010510b0f55e20fe388eb3615

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:14 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 51ms
50ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

9f69162569abdf757a9d8faadf388cdd8074914933626c7631b1d6ff3464d7c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 47ms
47ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:14 GMT
Server: nginx/1.19.10
Etag: cfb7e831-10f5-4948-98cd-29376e9dcfe4
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 17ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:14 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 16ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:14 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 17ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:14 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 17ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:14 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 18ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:14 GMT

GET
H3-29 200 locate Show response
tgfunnls.org/ 150 B
1 KB 138ms
138ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9444725fb48cd94db4b9c4e1544b3ace3c54ccd0d1a289f124d36b69c9d6a20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6ImZFS01HaDVJSEZUdXA4alFXbDVZMlE9PSIsInZhbHVlIjoiN1pzb3U0TVd5cXlXejA3OUNIcDRNZE94MWhUS0I2S3BIQXBHVEs3bVA3VkQ5NzI2ZktXK1FNTDh0c3BVOHFGUSIsIm1hYyI6IjUxMTAyOGFmNzgwOWJhOWU3ODU2MTQwNzFiYjdlN2UwZjQ3NGZhNjBlMGQ5OGUxYWZmYjExN2Q3MDdiOGIzYTIifQ==
accept-language: en-US
sec-fetch-dest: empty
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250553.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6ImZFS01HaDVJSEZUdXA4alFXbDVZMlE9PSIsInZhbHVlIjoiN1pzb3U0TVd5cXlXejA3OUNIcDRNZE94MWhUS0I2S3BIQXBHVEs3bVA3VkQ5NzI2ZktXK1FNTDh0c3BVOHFGUSIsIm1hYyI6IjUxMTAyOGFmNzgwOWJhOWU3ODU2MTQwNzFiYjdlN2UwZjQ3NGZhNjBlMGQ5OGUxYWZmYjExN2Q3MDdiOGIzYTIifQ%3D%3D; c=eyJpdiI6IjduNzhOb25vazJXZzZ6UlN0dDRUZWc9PSIsInZhbHVlIjoiTk9Wd0Zsa1wvZFN0cEdLWEhRXC80NDRTcWFwWWNnMzNtSW9MQ1N2MHIzYjhKSXBrWm1TSEZCZzZ1XC9EWmpWTzk1ZiIsIm1hYyI6IjY1ODU1ZTFhMDRjZTQ2NjhiYmRkOWFjMGI0Yzg1ODA3YmQ3OTI1ZjQzZjcwNDNiOGU2YThmZTM5YTI0YmIyMmMifQ%3D%3D
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6ImZFS01HaDVJSEZUdXA4alFXbDVZMlE9PSIsInZhbHVlIjoiN1pzb3U0TVd5cXlXejA3OUNIcDRNZE94MWhUS0I2S3BIQXBHVEs3bVA3VkQ5NzI2ZktXK1FNTDh0c3BVOHFGUSIsIm1hYyI6IjUxMTAyOGFmNzgwOWJhOWU3ODU2MTQwNzFiYjdlN2UwZjQ3NGZhNjBlMGQ5OGUxYWZmYjExN2Q3MDdiOGIzYTIifQ==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gaa56KDSNprXBUxQzvmbrE%2Fvz1Eu4jXKlwskObWbqXM0NkvhTGftzJU9pSfq1vsOG24t57pLV%2FcT1vOTnd0SLcN4qYDgvq4y4EqUDBWVaWpNzR22%2FKMxctnKX8nkSObZkv16PEP0Kfb%2BmlI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IkdcLzNQYUVHclkyMmxPZ3lKNHZNa1lRPT0iLCJ2YWx1ZSI6IldUVTJFdkFKc1VDbG9ya2pHbGpZOCtrVlEwQjl4RHNlbktMVVJrcGZiZVFTeWNBK21WdXE0XC9WVVZkT0xkV0lPIiwibWFjIjoiNjVmZWE2MjYzMTBiNDczYmYyYmRkNDAzNDJmODBjN2RlZGRkN2I2ZTViNWE5OGNkNDhkMWNhN2Y5NjdmYTk5ZCJ9; expires=Fri, 06-Aug-2021 13:49:14 GMT; Max-Age=7200; path=/ c=eyJpdiI6Ik10WUUycW9oaEE0ekdXWWJoeGxSQlE9PSIsInZhbHVlIjoic0hmbzhNXC90eWE2cXpiRHgrOWlGdVdEcEdjdXI3T2x5VVhCbXAxYUZwY2lTU1V3d080OWVRYlBsdlZKZnlKOVwvIiwibWFjIjoiMTU1MTdhMDhiNTYzNzllMWIwZDViMDRmMmJjMDI2ZDBmZTljMDZkNWVhMjI5NmY0YzJiYjU0YTQwZjQ5Yzg1MSJ9; expires=Fri, 06-Aug-2021 13:49:14 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a6d3be142f7-FRA

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 16ms
15ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250553.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6ImZFS01HaDVJSEZUdXA4alFXbDVZMlE9PSIsInZhbHVlIjoiN1pzb3U0TVd5cXlXejA3OUNIcDRNZE94MWhUS0I2S3BIQXBHVEs3bVA3VkQ5NzI2ZktXK1FNTDh0c3BVOHFGUSIsIm1hYyI6IjUxMTAyOGFmNzgwOWJhOWU3ODU2MTQwNzFiYjdlN2UwZjQ3NGZhNjBlMGQ5OGUxYWZmYjExN2Q3MDdiOGIzYTIifQ%3D%3D; c=eyJpdiI6IjduNzhOb25vazJXZzZ6UlN0dDRUZWc9PSIsInZhbHVlIjoiTk9Wd0Zsa1wvZFN0cEdLWEhRXC80NDRTcWFwWWNnMzNtSW9MQ1N2MHIzYjhKSXBrWm1TSEZCZzZ1XC9EWmpWTzk1ZiIsIm1hYyI6IjY1ODU1ZTFhMDRjZTQ2NjhiYmRkOWFjMGI0Yzg1ODA3YmQ3OTI1ZjQzZjcwNDNiOGU2YThmZTM5YTI0YmIyMmMifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2317
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:55:13 GMT
server: cloudflare
etag: "610d1511-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=emt%2FizSgp0VPVNXEJMWS6dt19DEWtODKIoxi8LYkrIjjrv8Tq16JD7uzd9WLCq1Jihx%2BgCXTn4CwBtR%2FU%2BL77MAVJI7NbHO%2BHkEqUwgrKLglgzbJtftyjHA5%2B0wIJ3VS9c5xeEIf4Dnsvjk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a6d3be542f7-FRA

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 47ms
46ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:14 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 47ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:14 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK cda52764-960c-44ba-b44b-4a0bce65c88e
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/cda52764-960c-44ba-b44b-4a0bce65c88e
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 26ms
26ms Image
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

de85b8ee97824c5e846f3000562fd9b83fc14b62da6e812fbad4c9ad49eb0458

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51134
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:14 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2133
date: Fri, 06 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 55ms
55ms Script
application/javascript 13.224.96.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d4261e9b3b427b4faba85d775a6dbd131cf86cbd42945ba05ae2ebad8f8f36e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:48:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 56
etag: W/4e117f3a38c123981a4b3509540d1697
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: NGKeXpelFp1w5korOuRU-NUggNcsOZ6e-MIr0LNMZ0GHD3_a3fhZoA==
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 47ms
46ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:14 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 47ms
47ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:14 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 tag-18c0c42595158c9943ee0260eecc4fc3.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/ 214 KB
61 KB 51ms
50ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.6954902621811501
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: b6a6463b285c1fdc27b7022ff01564762e81117074a3f3781cc931fe389afc70

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-f3a3"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62371
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 136ms
135ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D300A6AF58D106D85594CDBFBAA2B13D7&h=ce01f3e9beb7bdefb21b49b643350b73&t=false&r=0.5550228337443286

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:14 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=1924215948&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=764459664.1628250551&tid=UA-192660002-1&_gid=1416830450.1628250551&gtm=2wg840MSK8GMG&z=1850607648

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 05:58:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 21034
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 62ms
61ms Script
application/javascript 13.224.96.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77469
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: vSEfNGLErWi8lnIDE8nhjCHilJzO5FZ2O7QAnQ5x68XN_FoHI1mkuw==

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 168ms
167ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6IkdcLzNQYUVHclkyMmxPZ3lKNHZNa1lRPT0iLCJ2YWx1ZSI6IldUVTJFdkFKc1VDbG9ya2pHbGpZOCtrVlEwQjl4RHNlbktMVVJrcGZiZVFTeWNBK21WdXE0XC9WVVZkT0xkV0lPIiwibWFjIjoiNjVmZWE2MjYzMTBiNDczYmYyYmRkNDAzNDJmODBjN2RlZGRkN2I2ZTViNWE5OGNkNDhkMWNhN2Y5NjdmYTk5ZCJ9
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250554.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IkdcLzNQYUVHclkyMmxPZ3lKNHZNa1lRPT0iLCJ2YWx1ZSI6IldUVTJFdkFKc1VDbG9ya2pHbGpZOCtrVlEwQjl4RHNlbktMVVJrcGZiZVFTeWNBK21WdXE0XC9WVVZkT0xkV0lPIiwibWFjIjoiNjVmZWE2MjYzMTBiNDczYmYyYmRkNDAzNDJmODBjN2RlZGRkN2I2ZTViNWE5OGNkNDhkMWNhN2Y5NjdmYTk5ZCJ9; c=eyJpdiI6Ik10WUUycW9oaEE0ekdXWWJoeGxSQlE9PSIsInZhbHVlIjoic0hmbzhNXC90eWE2cXpiRHgrOWlGdVdEcEdjdXI3T2x5VVhCbXAxYUZwY2lTU1V3d080OWVRYlBsdlZKZnlKOVwvIiwibWFjIjoiMTU1MTdhMDhiNTYzNzllMWIwZDViMDRmMmJjMDI2ZDBmZTljMDZkNWVhMjI5NmY0YzJiYjU0YTQwZjQ5Yzg1MSJ9
content-length: 188
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IkdcLzNQYUVHclkyMmxPZ3lKNHZNa1lRPT0iLCJ2YWx1ZSI6IldUVTJFdkFKc1VDbG9ya2pHbGpZOCtrVlEwQjl4RHNlbktMVVJrcGZiZVFTeWNBK21WdXE0XC9WVVZkT0xkV0lPIiwibWFjIjoiNjVmZWE2MjYzMTBiNDczYmYyYmRkNDAzNDJmODBjN2RlZGRkN2I2ZTViNWE5OGNkNDhkMWNhN2Y5NjdmYTk5ZCJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q2PWsR5TJ8tgjE0upfozkHAaFkf0Akjq97YmJe7i%2Fq9K5HfQy0BySe7tEm%2BbVuwbVuNDxoolaQ98tqiO03qU%2FIYXtqnOzKx%2F%2Bi0jYyJqI%2B4VuxKeLpR0VcQuFClOS8IA9tVU3EmDT4VNuaw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjJFVGRCY1A4QmtLQ210Ym5GRzlocEE9PSIsInZhbHVlIjoiM2hcL3VzblBvUHZ5QW91VnZmcFVqazBHRXpCMXkxMXkzeDhENVArbTQraDB5SFZ6SVdTczRyTUZiWmY4SDRKTXUiLCJtYWMiOiI5MjA0OGQwZmQ5YWUxZTViYjFlYmUwODk0MGI1MWFhMzUwYWI0Mjc1MjY5OWM0ZWVhMjMxMTVmZjhiZWNmMmI3In0%3D; expires=Fri, 06-Aug-2021 13:49:14 GMT; Max-Age=7200; path=/ c=eyJpdiI6IkttSUQyeFhBNDk4eVhRRFhIb1wvZFFRPT0iLCJ2YWx1ZSI6InR0VmNzaTc2NjNLcG1nQTd0YlVVZ2V4dndDTW5hYzlMSUFRWm1lamNCOGZvOVwvTUZ5bmFhdlpOTjVUcnc4UjYzIiwibWFjIjoiZWQzOGU0YjNhOWQ0ZGVjYzk2ZmMwZTZhYWY5NzZkZjE4YWZhMmZiZmFkZWJmOWIzNDVkYjNkMTRmMTRiNTVkNSJ9; expires=Fri, 06-Aug-2021 13:49:14 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a6e1e9542f7-FRA

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 49ms
48ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.09270219327298057&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 49ms
48ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.636982922351319
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:13 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 8ABA 2 KB
1 KB 55ms
55ms Document
text/html 13.224.96.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-92.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: qPFCQ21jHUMOJEU62NCyvd-e-1d3ym8ntqo3_A0RfQzWnDfTvhXfvA==
age: 1683164

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 53ms
53ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-133"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js Show response
cdn.pushcrew.com/js/ 248 KB
70 KB 126ms
126ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a74b97179203cf3de9b255635c3927c34791cabfe69261cc8d1235c13315e78

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:14 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Fri, 06 Aug 2021 12:19:14 GMT

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 48ms
47ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:14 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 49ms
49ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:14 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 47ms
46ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 06 Aug 2021 11:49:14 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 213ms
213ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04e4e6aeb698d9c7f8b1bb575f777bf89b9a9b0da0fec0059d32a8ad671de94a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250554.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IjJFVGRCY1A4QmtLQ210Ym5GRzlocEE9PSIsInZhbHVlIjoiM2hcL3VzblBvUHZ5QW91VnZmcFVqazBHRXpCMXkxMXkzeDhENVArbTQraDB5SFZ6SVdTczRyTUZiWmY4SDRKTXUiLCJtYWMiOiI5MjA0OGQwZmQ5YWUxZTViYjFlYmUwODk0MGI1MWFhMzUwYWI0Mjc1MjY5OWM0ZWVhMjMxMTVmZjhiZWNmMmI3In0%3D; c=eyJpdiI6IkttSUQyeFhBNDk4eVhRRFhIb1wvZFFRPT0iLCJ2YWx1ZSI6InR0VmNzaTc2NjNLcG1nQTd0YlVVZ2V4dndDTW5hYzlMSUFRWm1lamNCOGZvOVwvTUZ5bmFhdlpOTjVUcnc4UjYzIiwibWFjIjoiZWQzOGU0YjNhOWQ0ZGVjYzk2ZmMwZTZhYWY5NzZkZjE4YWZhMmZiZmFkZWJmOWIzNDVkYjNkMTRmMTRiNTVkNSJ9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlwvSExKVHNiVG4zaE94MGJXYjgyWG5RPT0iLCJ2YWx1ZSI6ImllYUswWkhwemJGeW42ZFpsK2lnTVFcL0I3ZnlaTUc0RDVJYnBOUWZzWXRkb2JBN2JUUE9GZXh1eUhqTnZhQkVsIiwibWFjIjoiZDM2N2VmOTJlMTYxMjA5NDNhZmVkYzFiZmZmNjNhNDRmZGQ3MGI3NDEwOTM2NzMyYzc2MDZmNDY1YjY5NTRhZSJ9; expires=Fri, 06-Aug-2021 13:49:15 GMT; Max-Age=7200; path=/ c=eyJpdiI6Ilp2WGlZS003OFdWRXRWdklcL1ZaeDVBPT0iLCJ2YWx1ZSI6InRVUHJMcnFFQWF6b2F1TllhZmxnK3hnK01oeTNMSHNMRW9EVEVUV1FjVkxGUURiYWtcL1h1RTJUN1NZdHZhelZZIiwibWFjIjoiZDJkMGQyMGY2N2YzYWRmNDkyNzQxMTY0MWZkNTVlOTM2N2VmMjc5ZDFmMDk1ODNlNGRjNzkzMWExMjIzZjMyZCJ9; expires=Fri, 06-Aug-2021 13:49:15 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 1
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KGMprULoRJSLld7mi09Ai1X6DwQv%2B0T90zzpRuWpT317Ptg4TLDXdkA6UtPM88bU3ZnxCC%2FX3n%2BhzV9rmKZei9bMTeQnjeES8V025XWLgfamvkRIzl9IGm80oSOxFBPJhd6jGEpTs%2BEXzTI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67a80a709daa42f7-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 17ms
17ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250554.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlwvSExKVHNiVG4zaE94MGJXYjgyWG5RPT0iLCJ2YWx1ZSI6ImllYUswWkhwemJGeW42ZFpsK2lnTVFcL0I3ZnlaTUc0RDVJYnBOUWZzWXRkb2JBN2JUUE9GZXh1eUhqTnZhQkVsIiwibWFjIjoiZDM2N2VmOTJlMTYxMjA5NDNhZmVkYzFiZmZmNjNhNDRmZGQ3MGI3NDEwOTM2NzMyYzc2MDZmNDY1YjY5NTRhZSJ9; c=eyJpdiI6Ilp2WGlZS003OFdWRXRWdklcL1ZaeDVBPT0iLCJ2YWx1ZSI6InRVUHJMcnFFQWF6b2F1TllhZmxnK3hnK01oeTNMSHNMRW9EVEVUV1FjVkxGUURiYWtcL1h1RTJUN1NZdHZhelZZIiwibWFjIjoiZDJkMGQyMGY2N2YzYWRmNDkyNzQxMTY0MWZkNTVlOTM2N2VmMjc5ZDFmMDk1ODNlNGRjNzkzMWExMjIzZjMyZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3666
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=COM%2BYODfZN69DPnBFJKL9OsSAZmRNmf99%2F8GEv6%2FmAVwUbGNKLmXzJq9UwzqRtjGUiNhSN8bTx7Atr0tdkJ9slFwmVRuNBOOm2W61pcTFogFLB%2B3H%2FO%2Fu2HLWj3Wj2%2F14rLp7hL81hiTiNQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a71f94842f7-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
764 B 18ms
17ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250554.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlwvSExKVHNiVG4zaE94MGJXYjgyWG5RPT0iLCJ2YWx1ZSI6ImllYUswWkhwemJGeW42ZFpsK2lnTVFcL0I3ZnlaTUc0RDVJYnBOUWZzWXRkb2JBN2JUUE9GZXh1eUhqTnZhQkVsIiwibWFjIjoiZDM2N2VmOTJlMTYxMjA5NDNhZmVkYzFiZmZmNjNhNDRmZGQ3MGI3NDEwOTM2NzMyYzc2MDZmNDY1YjY5NTRhZSJ9; c=eyJpdiI6Ilp2WGlZS003OFdWRXRWdklcL1ZaeDVBPT0iLCJ2YWx1ZSI6InRVUHJMcnFFQWF6b2F1TllhZmxnK3hnK01oeTNMSHNMRW9EVEVUV1FjVkxGUURiYWtcL1h1RTJUN1NZdHZhelZZIiwibWFjIjoiZDJkMGQyMGY2N2YzYWRmNDkyNzQxMTY0MWZkNTVlOTM2N2VmMjc5ZDFmMDk1ODNlNGRjNzkzMWExMjIzZjMyZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3666
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=30uFPSaomS%2BsH4nPf0C%2BJEA6q%2BVWKPmIpI6UVoaS9%2FLMU5kFIFhW%2F2i2VN2U8uW2HtWtyScq6oopMXYGIQryjbrxpG67l53IQNdx6526QOIJNBUdZhb6KGEMFLGQfPiY91NfXqqWNquZtXc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a71f94a42f7-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 25ms
24ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000049794a1-0060df28ef-12ed1804-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 51ms
50ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 29ms
25ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 30ms
25ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 16ms
13ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250554.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlwvSExKVHNiVG4zaE94MGJXYjgyWG5RPT0iLCJ2YWx1ZSI6ImllYUswWkhwemJGeW42ZFpsK2lnTVFcL0I3ZnlaTUc0RDVJYnBOUWZzWXRkb2JBN2JUUE9GZXh1eUhqTnZhQkVsIiwibWFjIjoiZDM2N2VmOTJlMTYxMjA5NDNhZmVkYzFiZmZmNjNhNDRmZGQ3MGI3NDEwOTM2NzMyYzc2MDZmNDY1YjY5NTRhZSJ9; c=eyJpdiI6Ilp2WGlZS003OFdWRXRWdklcL1ZaeDVBPT0iLCJ2YWx1ZSI6InRVUHJMcnFFQWF6b2F1TllhZmxnK3hnK01oeTNMSHNMRW9EVEVUV1FjVkxGUURiYWtcL1h1RTJUN1NZdHZhelZZIiwibWFjIjoiZDJkMGQyMGY2N2YzYWRmNDkyNzQxMTY0MWZkNTVlOTM2N2VmMjc5ZDFmMDk1ODNlNGRjNzkzMWExMjIzZjMyZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3665
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:28:14 GMT
server: cloudflare
etag: "610d0ebe-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ah14hwH5GsmaToy%2Bq2gN1gGT38oPN6WGeDkak4xND1r%2FAmMPhXRtjOIapFh7TpNaq6eGu7MK2hTwvWsdZ7TFWzqu%2B3w2xN1zxd0QnJSqgjhFlCJXUDOshQuftj%2BXcQtoc9z94nMJL877JsY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a725a5742f7-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 30ms
26ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 31ms
27ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794ba-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 31ms
27ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b6-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 29ms
29ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bc-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 30ms
29ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794be-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 14ms
5ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 14ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 12ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bd-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 9ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bc-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bb-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b8-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a5-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 8ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 8ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a3-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 17ms
15ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250554.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlwvSExKVHNiVG4zaE94MGJXYjgyWG5RPT0iLCJ2YWx1ZSI6ImllYUswWkhwemJGeW42ZFpsK2lnTVFcL0I3ZnlaTUc0RDVJYnBOUWZzWXRkb2JBN2JUUE9GZXh1eUhqTnZhQkVsIiwibWFjIjoiZDM2N2VmOTJlMTYxMjA5NDNhZmVkYzFiZmZmNjNhNDRmZGQ3MGI3NDEwOTM2NzMyYzc2MDZmNDY1YjY5NTRhZSJ9; c=eyJpdiI6Ilp2WGlZS003OFdWRXRWdklcL1ZaeDVBPT0iLCJ2YWx1ZSI6InRVUHJMcnFFQWF6b2F1TllhZmxnK3hnK01oeTNMSHNMRW9EVEVUV1FjVkxGUURiYWtcL1h1RTJUN1NZdHZhelZZIiwibWFjIjoiZDJkMGQyMGY2N2YzYWRmNDkyNzQxMTY0MWZkNTVlOTM2N2VmMjc5ZDFmMDk1ODNlNGRjNzkzMWExMjIzZjMyZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3665
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VEQQ790KKUErwdCP4DWF0YDt9QY0Vnxc3PTyOvB6Es%2F2LopUE6%2BtLDXxSRRw%2BRtAhf5U70kYUu06P%2BCrowKvkcu7XV7%2BXv4vPmkAf3DdCH5l3%2BjcFT6D%2BerovBXQVhvbu22xR7jr%2B3FwLjk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67a80a725a5b42f7-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 9ms
9ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250554.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlwvSExKVHNiVG4zaE94MGJXYjgyWG5RPT0iLCJ2YWx1ZSI6ImllYUswWkhwemJGeW42ZFpsK2lnTVFcL0I3ZnlaTUc0RDVJYnBOUWZzWXRkb2JBN2JUUE9GZXh1eUhqTnZhQkVsIiwibWFjIjoiZDM2N2VmOTJlMTYxMjA5NDNhZmVkYzFiZmZmNjNhNDRmZGQ3MGI3NDEwOTM2NzMyYzc2MDZmNDY1YjY5NTRhZSJ9; c=eyJpdiI6Ilp2WGlZS003OFdWRXRWdklcL1ZaeDVBPT0iLCJ2YWx1ZSI6InRVUHJMcnFFQWF6b2F1TllhZmxnK3hnK01oeTNMSHNMRW9EVEVUV1FjVkxGUURiYWtcL1h1RTJUN1NZdHZhelZZIiwibWFjIjoiZDJkMGQyMGY2N2YzYWRmNDkyNzQxMTY0MWZkNTVlOTM2N2VmMjc5ZDFmMDk1ODNlNGRjNzkzMWExMjIzZjMyZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 03 Aug 2021 14:21:05 GMT
server: cloudflare
etag: W/"610950d1-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0xd%2B%2FElOxhYGIue5Vvq2ph22O4RdB62ndg7IMbypEzSH75z71G8tI2Ai0JNaVhYdiMQAuZAvbCo75A0ipEn%2FM7YGVt%2FMZsX%2B2QY04zIH1jFSr16XYZUVgxjCL2rwFMP3vj23kHHGYR1NrWg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a7229d942f7-FRA
vary: Accept-Encoding
expires: Sun, 08 Aug 2021 11:49:15 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 17ms
17ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250554.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlwvSExKVHNiVG4zaE94MGJXYjgyWG5RPT0iLCJ2YWx1ZSI6ImllYUswWkhwemJGeW42ZFpsK2lnTVFcL0I3ZnlaTUc0RDVJYnBOUWZzWXRkb2JBN2JUUE9GZXh1eUhqTnZhQkVsIiwibWFjIjoiZDM2N2VmOTJlMTYxMjA5NDNhZmVkYzFiZmZmNjNhNDRmZGQ3MGI3NDEwOTM2NzMyYzc2MDZmNDY1YjY5NTRhZSJ9; c=eyJpdiI6Ilp2WGlZS003OFdWRXRWdklcL1ZaeDVBPT0iLCJ2YWx1ZSI6InRVUHJMcnFFQWF6b2F1TllhZmxnK3hnK01oeTNMSHNMRW9EVEVUV1FjVkxGUURiYWtcL1h1RTJUN1NZdHZhelZZIiwibWFjIjoiZDJkMGQyMGY2N2YzYWRmNDkyNzQxMTY0MWZkNTVlOTM2N2VmMjc5ZDFmMDk1ODNlNGRjNzkzMWExMjIzZjMyZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3665
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:36 GMT
server: cloudflare
etag: W/"610d0f4c-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LUpGMgcygLqbUItYt8HXcExBabnO2HjcOE1%2BxXSJxrWZSGJkTTReBA6kIxJIoK%2FyRyp%2FqxFptuy1igrMJWDpPZx%2BMAMX%2F2CeMUYW%2FYDjw3KnCpc0C0giL1SpW5whz3hv8%2FiHXlN%2F6MjDUOQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a723a0242f7-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 35ms
34ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250554.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlwvSExKVHNiVG4zaE94MGJXYjgyWG5RPT0iLCJ2YWx1ZSI6ImllYUswWkhwemJGeW42ZFpsK2lnTVFcL0I3ZnlaTUc0RDVJYnBOUWZzWXRkb2JBN2JUUE9GZXh1eUhqTnZhQkVsIiwibWFjIjoiZDM2N2VmOTJlMTYxMjA5NDNhZmVkYzFiZmZmNjNhNDRmZGQ3MGI3NDEwOTM2NzMyYzc2MDZmNDY1YjY5NTRhZSJ9; c=eyJpdiI6Ilp2WGlZS003OFdWRXRWdklcL1ZaeDVBPT0iLCJ2YWx1ZSI6InRVUHJMcnFFQWF6b2F1TllhZmxnK3hnK01oeTNMSHNMRW9EVEVUV1FjVkxGUURiYWtcL1h1RTJUN1NZdHZhelZZIiwibWFjIjoiZDJkMGQyMGY2N2YzYWRmNDkyNzQxMTY0MWZkNTVlOTM2N2VmMjc5ZDFmMDk1ODNlNGRjNzkzMWExMjIzZjMyZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4588
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AZwz7u5LMLqYVRtEgauz1Tr3FjUvNwM4hIZi1v0oqqz9k37RSqsQVc%2Bz7hjAZJar5Thcv72XiAd1u%2FA9DaCFWFr9M2KQr5tMUNA1U%2Fa2o3uBCepGHmX7U262SHcz8dHwHa8j9OBVURnMMkc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a724a4442f7-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 12ms
8ms Script
application/javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx00000000000000495929e-0060df28ef-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
635 B 58ms
56ms Script
text/plain 18.195.123.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.123.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-123-247.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:15 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 152ms
51ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:15 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 15ms
13ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ebf9aea91580923f108d8e9c9fa03581c3c58fcd1ab8712d4ed593fbde60062

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Jul 2021 15:47:47 GMT
server: cloudflare
age: 4756
etag: W/"61041f23-9787"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z8C8n11GeSuTueo2nbBuNWPgITJ1KvqOVUNfGnksoSG751Vruzz8CB8vmaD79bDBazM4A9OavtDEMbfl7j%2BOrKjnDOLt%2B7%2FLZjkls55kTwSat3DuM0sNEYw%2BS04vshbcdIfX%2BBLj5x9mqvSPIg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a725eb34401-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
41 KB 17ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b3deb878ce829e6d07f02dab95a7f5777b48eedd93f1161b99a1a04703abda10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41864
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Aug 2021 11:49:15 GMT

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 51ms
49ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.7324621119717412
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 45b6476263eb6d717b684a3143a81653fc7eb4bd6cede6b54540c6f2730c74a0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:15 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 23ms
22ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a8f778-0060df3204-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 23ms
23ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593a6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:15 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 9ms
8ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593e6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:15 GMT

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 38ms
36ms Fetch
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 14869471898732562513
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 06 Aug 2021 11:49:15 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 51ms
47ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 8a2498140d9cf7a5fa3043f4cf5422ba165cd3a313c1e585e600d316a4371b87

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:15 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 62ms
57ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

a2b9bb594c7c3d5964fb1312c97f772f8aad239763eae1a564f8155ec40b7a1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 50ms
47ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:15 GMT
Server: nginx/1.19.10
Etag: 4c5c7c07-45f4-42c6-9349-964855cc0832
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 18ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:15 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 16ms
14ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:15 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 17ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:15 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 18ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:15 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 24ms
23ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:15 GMT

GET
H3-29 200 locate Show response
tgfunnls.org/ 141 B
1 KB 105ms
104ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6ffea4eb17e3268759f83f8abca64a9ed7755ff19d8d6b05e7aa354ae6d4f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6IlwvSExKVHNiVG4zaE94MGJXYjgyWG5RPT0iLCJ2YWx1ZSI6ImllYUswWkhwemJGeW42ZFpsK2lnTVFcL0I3ZnlaTUc0RDVJYnBOUWZzWXRkb2JBN2JUUE9GZXh1eUhqTnZhQkVsIiwibWFjIjoiZDM2N2VmOTJlMTYxMjA5NDNhZmVkYzFiZmZmNjNhNDRmZGQ3MGI3NDEwOTM2NzMyYzc2MDZmNDY1YjY5NTRhZSJ9
accept-language: en-US
sec-fetch-dest: empty
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250554.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlwvSExKVHNiVG4zaE94MGJXYjgyWG5RPT0iLCJ2YWx1ZSI6ImllYUswWkhwemJGeW42ZFpsK2lnTVFcL0I3ZnlaTUc0RDVJYnBOUWZzWXRkb2JBN2JUUE9GZXh1eUhqTnZhQkVsIiwibWFjIjoiZDM2N2VmOTJlMTYxMjA5NDNhZmVkYzFiZmZmNjNhNDRmZGQ3MGI3NDEwOTM2NzMyYzc2MDZmNDY1YjY5NTRhZSJ9; c=eyJpdiI6Ilp2WGlZS003OFdWRXRWdklcL1ZaeDVBPT0iLCJ2YWx1ZSI6InRVUHJMcnFFQWF6b2F1TllhZmxnK3hnK01oeTNMSHNMRW9EVEVUV1FjVkxGUURiYWtcL1h1RTJUN1NZdHZhelZZIiwibWFjIjoiZDJkMGQyMGY2N2YzYWRmNDkyNzQxMTY0MWZkNTVlOTM2N2VmMjc5ZDFmMDk1ODNlNGRjNzkzMWExMjIzZjMyZCJ9
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IlwvSExKVHNiVG4zaE94MGJXYjgyWG5RPT0iLCJ2YWx1ZSI6ImllYUswWkhwemJGeW42ZFpsK2lnTVFcL0I3ZnlaTUc0RDVJYnBOUWZzWXRkb2JBN2JUUE9GZXh1eUhqTnZhQkVsIiwibWFjIjoiZDM2N2VmOTJlMTYxMjA5NDNhZmVkYzFiZmZmNjNhNDRmZGQ3MGI3NDEwOTM2NzMyYzc2MDZmNDY1YjY5NTRhZSJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=548NPxIYYwhBDtlTcPkubGQrbg0WQrrJKDNJ8PKnsYm5jEYFhmb0IujRbxqCjLBAiZ7KhSsc6vukz9rWPtZnmRmn6K%2F4z2pKC7eyETRwsPgykgDLNtDZgcg%2B3K4MPlxZOMLRIKt6d7rDpWk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InhxWjE1MW9RUEhJV1wvUkZKOUhqMyt3PT0iLCJ2YWx1ZSI6Ik5STm9Jb1NxazUxamJuUzBNenJSTkUyb1BWbVNMZDVaWGt5cFAzNGo3NlE2cm9jTXdWVFp3azhvZHp3OVF0OG0iLCJtYWMiOiI5MmExMjZkYWViN2UyNWU1YzY2MTc0M2Y2YzU3MTU4MWQ5YWFkNTUxZTYwN2RlYzkzMGIxZWQyOTY5MThjNGQyIn0%3D; expires=Fri, 06-Aug-2021 13:49:15 GMT; Max-Age=7200; path=/ c=eyJpdiI6IlJYNVdtcCtGSWZIYUpMYXhhRStlOHc9PSIsInZhbHVlIjoiU3RMeTZybDJSMnh3Z1dvXC9CeUJFd0NCWFwvZVYzV21GblRkNERCYld6Sno1aEpJdmIzUVVQeGkwXC9acDkrM09CbiIsIm1hYyI6IjM2ODJlZTg0Njk2ZDY0OTIwMTY4YzViZjE3ZGZlYTI1MjFjNDdlYzE3ZjQwOWQxYWJmZjRhZDdlNTVlMzkzNjEifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:15 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a730c2542f7-FRA

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 17ms
16ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250554.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IlwvSExKVHNiVG4zaE94MGJXYjgyWG5RPT0iLCJ2YWx1ZSI6ImllYUswWkhwemJGeW42ZFpsK2lnTVFcL0I3ZnlaTUc0RDVJYnBOUWZzWXRkb2JBN2JUUE9GZXh1eUhqTnZhQkVsIiwibWFjIjoiZDM2N2VmOTJlMTYxMjA5NDNhZmVkYzFiZmZmNjNhNDRmZGQ3MGI3NDEwOTM2NzMyYzc2MDZmNDY1YjY5NTRhZSJ9; c=eyJpdiI6Ilp2WGlZS003OFdWRXRWdklcL1ZaeDVBPT0iLCJ2YWx1ZSI6InRVUHJMcnFFQWF6b2F1TllhZmxnK3hnK01oeTNMSHNMRW9EVEVUV1FjVkxGUURiYWtcL1h1RTJUN1NZdHZhelZZIiwibWFjIjoiZDJkMGQyMGY2N2YzYWRmNDkyNzQxMTY0MWZkNTVlOTM2N2VmMjc5ZDFmMDk1ODNlNGRjNzkzMWExMjIzZjMyZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2318
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:55:13 GMT
server: cloudflare
etag: "610d1511-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jAU%2Bhcucyg3RWLMiCbwlcLw33WYB%2BiNnKjToDPWfOZn5S0HXCq5XMssOChOeTsVRQF7XlZlmP96lAeIPN1eLI%2Bf5RXt6xv7EVpSovKSbkoABVIGH7xC0a5ENp4OehtLH5ouTm2sy6PlCc5k%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a730c2c42f7-FRA

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dae34939244e213c68b00452772818739ff77e23eefc25acc3a141fa1f506648

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51136
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:15 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2134
date: Fri, 06 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 55ms
55ms Script
application/javascript 13.224.96.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d4261e9b3b427b4faba85d775a6dbd131cf86cbd42945ba05ae2ebad8f8f36e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:48:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 57
etag: W/4e117f3a38c123981a4b3509540d1697
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: b4TVw0CVghAKMvtjSOX3Xws9qeBGGKXES4EoPunWh6mrolxbCOnKaA==
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.7324621119717412
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: b6a6463b285c1fdc27b7022ff01564762e81117074a3f3781cc931fe389afc70

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-f3a3"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62371
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 121ms
121ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D300A6AF58D106D85594CDBFBAA2B13D7&h=ce01f3e9beb7bdefb21b49b643350b73&t=false&r=0.36327548524913733

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:15 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 46ms
46ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:15 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 47ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:15 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK 240fbab6-4de1-426b-b786-2975684f6508
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/240fbab6-4de1-426b-b786-2975684f6508
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 15ms
15ms Image
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 46ms
46ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:15 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 47ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:15 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=47907302&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=764459664.1628250551&tid=UA-192660002-1&_gid=1416830450.1628250551&gtm=2wg840MSK8GMG&z=1655122336

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 05:58:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 21035
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 164ms
164ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6InhxWjE1MW9RUEhJV1wvUkZKOUhqMyt3PT0iLCJ2YWx1ZSI6Ik5STm9Jb1NxazUxamJuUzBNenJSTkUyb1BWbVNMZDVaWGt5cFAzNGo3NlE2cm9jTXdWVFp3azhvZHp3OVF0OG0iLCJtYWMiOiI5MmExMjZkYWViN2UyNWU1YzY2MTc0M2Y2YzU3MTU4MWQ5YWFkNTUxZTYwN2RlYzkzMGIxZWQyOTY5MThjNGQyIn0=
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250554.0; XSRF-TOKEN=eyJpdiI6InhxWjE1MW9RUEhJV1wvUkZKOUhqMyt3PT0iLCJ2YWx1ZSI6Ik5STm9Jb1NxazUxamJuUzBNenJSTkUyb1BWbVNMZDVaWGt5cFAzNGo3NlE2cm9jTXdWVFp3azhvZHp3OVF0OG0iLCJtYWMiOiI5MmExMjZkYWViN2UyNWU1YzY2MTc0M2Y2YzU3MTU4MWQ5YWFkNTUxZTYwN2RlYzkzMGIxZWQyOTY5MThjNGQyIn0%3D; c=eyJpdiI6IlJYNVdtcCtGSWZIYUpMYXhhRStlOHc9PSIsInZhbHVlIjoiU3RMeTZybDJSMnh3Z1dvXC9CeUJFd0NCWFwvZVYzV21GblRkNERCYld6Sno1aEpJdmIzUVVQeGkwXC9acDkrM09CbiIsIm1hYyI6IjM2ODJlZTg0Njk2ZDY0OTIwMTY4YzViZjE3ZGZlYTI1MjFjNDdlYzE3ZjQwOWQxYWJmZjRhZDdlNTVlMzkzNjEifQ%3D%3D; _ga=GA1.2.764459664.1628250551
content-length: 179
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6InhxWjE1MW9RUEhJV1wvUkZKOUhqMyt3PT0iLCJ2YWx1ZSI6Ik5STm9Jb1NxazUxamJuUzBNenJSTkUyb1BWbVNMZDVaWGt5cFAzNGo3NlE2cm9jTXdWVFp3azhvZHp3OVF0OG0iLCJtYWMiOiI5MmExMjZkYWViN2UyNWU1YzY2MTc0M2Y2YzU3MTU4MWQ5YWFkNTUxZTYwN2RlYzkzMGIxZWQyOTY5MThjNGQyIn0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wWEXr%2B5Bcf6LDGe2tCJkNRiIOGK6cr6xkC7zPqPeff%2F1xR4ySwBxE0W8QcLdkVRSagBwrNhEZuDoEoRIlPRXndT8a%2B1V%2BiAoGK%2B67VAWEdxAfnqV49sPahkYYoa%2FzDhTq5DUj5mcFdTgf5Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IllUazd2V3B0eWJSM1hsWENKT0dwRHc9PSIsInZhbHVlIjoiZGdGNHJleDFkNFV5UkY3amozeFFTVVp6VVFmU2ExMmJxdWF3bU9GOUh6dm9zT1dKZmRIV0doZGVjaHczZkpoNiIsIm1hYyI6IjBmYjM5Yjc1NWQ2MDhlZTdmMmNkODVmOTUzMTczMGNhNTRjNWM5M2I5OTgyYTFkYTcyZDI5OTdmZDBkZGJlYjIifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:15 GMT; Max-Age=7200; path=/ c=eyJpdiI6InJMWGdabTkrM0tGbWtBcXFXeDVxbmc9PSIsInZhbHVlIjoicFV6bnRKM1hjOXY1eWFvOThoM0JZR2xQNkJlTXFZVGRkMTV1ajRSK1pJZnNQTjkybU5rTURpcEN4aVRiUlBpQSIsIm1hYyI6IjVmMzQ1NjczNzM1ZmZmYmMyYTUyNThiNjIxZmQ2YzRmNDU4NzUyMjUzMTk5ZWQ0ODYyYzA3ZjE0NTI5YTdjOGIifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:15 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a73ce8b42f7-FRA

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 63ms
63ms Script
application/javascript 13.224.96.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77470
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: HO4Gy6mTAZ3dBpLjPm0fNcjTvKJZ0Bs-vJSmko3UblTyq32ZjYpBfw==

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 49ms
49ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.0036731481787810605&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 49ms
49ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.016892192207199397
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 40C2 2 KB
1 KB 56ms
55ms Document
text/html 13.224.96.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-92.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: rNqQyVyd9cEavxbj4w05Jk9PQHkczvj-23aTEmdzofLxVabpXOaqBA==
age: 1683165

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 48ms
48ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-133"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js
cdn.pushcrew.com/js/ 248 KB
70 KB 127ms
127ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:15 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Fri, 06 Aug 2021 12:19:15 GMT

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 46ms
46ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:15 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 50ms
50ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:15 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 179ms
179ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9b05eaab2b75cdb8142a87d8d97814b7a2022d7bf5a2b2d7621f91ac3a4acb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250555.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IllUazd2V3B0eWJSM1hsWENKT0dwRHc9PSIsInZhbHVlIjoiZGdGNHJleDFkNFV5UkY3amozeFFTVVp6VVFmU2ExMmJxdWF3bU9GOUh6dm9zT1dKZmRIV0doZGVjaHczZkpoNiIsIm1hYyI6IjBmYjM5Yjc1NWQ2MDhlZTdmMmNkODVmOTUzMTczMGNhNTRjNWM5M2I5OTgyYTFkYTcyZDI5OTdmZDBkZGJlYjIifQ%3D%3D; c=eyJpdiI6InJMWGdabTkrM0tGbWtBcXFXeDVxbmc9PSIsInZhbHVlIjoicFV6bnRKM1hjOXY1eWFvOThoM0JZR2xQNkJlTXFZVGRkMTV1ajRSK1pJZnNQTjkybU5rTURpcEN4aVRiUlBpQSIsIm1hYyI6IjVmMzQ1NjczNzM1ZmZmYmMyYTUyNThiNjIxZmQ2YzRmNDU4NzUyMjUzMTk5ZWQ0ODYyYzA3ZjE0NTI5YTdjOGIifQ%3D%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjljaUpzVm5va05cL0RsYkpROENtOUtRPT0iLCJ2YWx1ZSI6ImU0Y1wvQzZuOTYrZE5cLzE5WHFkeTgyZEtjTFp6SXozTWtIcW53elcwWGxmdXdLS0pGU0ZOWVdLcEZhcytPb3VETiIsIm1hYyI6IjM1ZmU0ZTM2MDlhMGMzNTQzMTJmNDQ4YWQzNTZjM2E4Y2JlNWVhNmQ0MTA5YzNjYWZlMzNkNzEyMGY3ZDM5MWYifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:16 GMT; Max-Age=7200; path=/ c=eyJpdiI6IlA1bmdIXC9HZVFiZlN5SjFsY0pMRE5BPT0iLCJ2YWx1ZSI6IlhOeTNtVFR3WjVydTVPSGVJcjVhNDRwTmwwXC8zY1BIbyt6RlhuQnp1a3pkMTFrbjZtSlRsNStoa1F5ekpiRDAzIiwibWFjIjoiY2EwNjZiMTBiZTFiZmIwNWYzMDFjM2Y0NDc3NTAwNGExMTZkMmU3OWFmZjY0ZTZlMDU2ZDM5MGE2ZTA5NDE2MyJ9; expires=Fri, 06-Aug-2021 13:49:16 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 3
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=StQPxQe2pEsa1d43IoDPRR89b5DNhK1jDaMcVUmKN%2FF0iWuTEa62a50tCAAATv4F3MHG8koA4pKGHA0K%2FCGoZ2NiXlc5FjWBEATDIe7d7NPl584mZPwJyq0%2BE9utNHzldqhMRx8Fq0TRUiI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67a80a767e6842f7-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 46ms
46ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 06 Aug 2021 11:49:15 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 18ms
18ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250555.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IjljaUpzVm5va05cL0RsYkpROENtOUtRPT0iLCJ2YWx1ZSI6ImU0Y1wvQzZuOTYrZE5cLzE5WHFkeTgyZEtjTFp6SXozTWtIcW53elcwWGxmdXdLS0pGU0ZOWVdLcEZhcytPb3VETiIsIm1hYyI6IjM1ZmU0ZTM2MDlhMGMzNTQzMTJmNDQ4YWQzNTZjM2E4Y2JlNWVhNmQ0MTA5YzNjYWZlMzNkNzEyMGY3ZDM5MWYifQ%3D%3D; c=eyJpdiI6IlA1bmdIXC9HZVFiZlN5SjFsY0pMRE5BPT0iLCJ2YWx1ZSI6IlhOeTNtVFR3WjVydTVPSGVJcjVhNDRwTmwwXC8zY1BIbyt6RlhuQnp1a3pkMTFrbjZtSlRsNStoa1F5ekpiRDAzIiwibWFjIjoiY2EwNjZiMTBiZTFiZmIwNWYzMDFjM2Y0NDc3NTAwNGExMTZkMmU3OWFmZjY0ZTZlMDU2ZDM5MGE2ZTA5NDE2MyJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3667
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6c1i9cSTKKdZN8Vme130ztNhluS53pxvDLAxqrU6DHRipCCPpeVm4Lavs73cQMjSfbvMs%2FEHmOe2zQU9ZnNoQiZO6RLyAnQDjjOgHlgbj5SkFPFsiwaexcG5bAd6JDpeJ98rhgnuxgDyk3U%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a77a97e42f7-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
765 B 22ms
21ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250555.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IjljaUpzVm5va05cL0RsYkpROENtOUtRPT0iLCJ2YWx1ZSI6ImU0Y1wvQzZuOTYrZE5cLzE5WHFkeTgyZEtjTFp6SXozTWtIcW53elcwWGxmdXdLS0pGU0ZOWVdLcEZhcytPb3VETiIsIm1hYyI6IjM1ZmU0ZTM2MDlhMGMzNTQzMTJmNDQ4YWQzNTZjM2E4Y2JlNWVhNmQ0MTA5YzNjYWZlMzNkNzEyMGY3ZDM5MWYifQ%3D%3D; c=eyJpdiI6IlA1bmdIXC9HZVFiZlN5SjFsY0pMRE5BPT0iLCJ2YWx1ZSI6IlhOeTNtVFR3WjVydTVPSGVJcjVhNDRwTmwwXC8zY1BIbyt6RlhuQnp1a3pkMTFrbjZtSlRsNStoa1F5ekpiRDAzIiwibWFjIjoiY2EwNjZiMTBiZTFiZmIwNWYzMDFjM2Y0NDc3NTAwNGExMTZkMmU3OWFmZjY0ZTZlMDU2ZDM5MGE2ZTA5NDE2MyJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3667
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iwSf%2BSx1colCG0A2faDkTh6apdkoggYz%2BO69b9O%2B4ZOtROanijBqjrdHVfoBieydN1sWhxNbg%2FlHMDLhR8sZ9xCfT7%2FPdOQlbG%2FW9vyipGlmPqybKAci8qU8Tv%2BNgYjwKGeFL8Nk3EICfyg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a77a98042f7-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 8ms
7ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000049794a1-0060df28ef-12ed1804-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 52ms
52ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 30ms
24ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 30ms
24ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 19ms
14ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250555.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IjljaUpzVm5va05cL0RsYkpROENtOUtRPT0iLCJ2YWx1ZSI6ImU0Y1wvQzZuOTYrZE5cLzE5WHFkeTgyZEtjTFp6SXozTWtIcW53elcwWGxmdXdLS0pGU0ZOWVdLcEZhcytPb3VETiIsIm1hYyI6IjM1ZmU0ZTM2MDlhMGMzNTQzMTJmNDQ4YWQzNTZjM2E4Y2JlNWVhNmQ0MTA5YzNjYWZlMzNkNzEyMGY3ZDM5MWYifQ%3D%3D; c=eyJpdiI6IlA1bmdIXC9HZVFiZlN5SjFsY0pMRE5BPT0iLCJ2YWx1ZSI6IlhOeTNtVFR3WjVydTVPSGVJcjVhNDRwTmwwXC8zY1BIbyt6RlhuQnp1a3pkMTFrbjZtSlRsNStoa1F5ekpiRDAzIiwibWFjIjoiY2EwNjZiMTBiZTFiZmIwNWYzMDFjM2Y0NDc3NTAwNGExMTZkMmU3OWFmZjY0ZTZlMDU2ZDM5MGE2ZTA5NDE2MyJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3666
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:28:14 GMT
server: cloudflare
etag: "610d0ebe-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sCSevM6IOTkl49ya2ivrSI4avBNttMUEfpHuUzDAlSBp7wue%2FklysHSQgn4w%2F9%2B0oSDqu1sK9B1cy5mHOilEFIEAT6F8v%2BNf3hJJGS%2BBRgyDjNO3hKp5alcoydrl890DliG89R5kGotFnIY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a780a7442f7-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 30ms
24ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 31ms
24ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794ba-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 31ms
24ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b6-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 22ms
22ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bc-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 23ms
23ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794be-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 11ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 8ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bd-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 9ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bc-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bb-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 11ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b8-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a5-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 9ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 9ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a3-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 25ms
22ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250555.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IjljaUpzVm5va05cL0RsYkpROENtOUtRPT0iLCJ2YWx1ZSI6ImU0Y1wvQzZuOTYrZE5cLzE5WHFkeTgyZEtjTFp6SXozTWtIcW53elcwWGxmdXdLS0pGU0ZOWVdLcEZhcytPb3VETiIsIm1hYyI6IjM1ZmU0ZTM2MDlhMGMzNTQzMTJmNDQ4YWQzNTZjM2E4Y2JlNWVhNmQ0MTA5YzNjYWZlMzNkNzEyMGY3ZDM5MWYifQ%3D%3D; c=eyJpdiI6IlA1bmdIXC9HZVFiZlN5SjFsY0pMRE5BPT0iLCJ2YWx1ZSI6IlhOeTNtVFR3WjVydTVPSGVJcjVhNDRwTmwwXC8zY1BIbyt6RlhuQnp1a3pkMTFrbjZtSlRsNStoa1F5ekpiRDAzIiwibWFjIjoiY2EwNjZiMTBiZTFiZmIwNWYzMDFjM2Y0NDc3NTAwNGExMTZkMmU3OWFmZjY0ZTZlMDU2ZDM5MGE2ZTA5NDE2MyJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3666
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aqYW7pZG5%2FbuEG07Tv%2BaXAOj3iKJsav%2FrytT9pnWxDrYD%2F2dxRx4MAFr0l%2FSwDbpYwAocVwtWN4cKlSLL2tF8nuulmx5oBBpk3vso8LP6TRvb9BU2RjygXXvXut0XvOZ%2BxqjNxmM7mJKvnU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67a80a780a7b42f7-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 9ms
9ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250555.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IjljaUpzVm5va05cL0RsYkpROENtOUtRPT0iLCJ2YWx1ZSI6ImU0Y1wvQzZuOTYrZE5cLzE5WHFkeTgyZEtjTFp6SXozTWtIcW53elcwWGxmdXdLS0pGU0ZOWVdLcEZhcytPb3VETiIsIm1hYyI6IjM1ZmU0ZTM2MDlhMGMzNTQzMTJmNDQ4YWQzNTZjM2E4Y2JlNWVhNmQ0MTA5YzNjYWZlMzNkNzEyMGY3ZDM5MWYifQ%3D%3D; c=eyJpdiI6IlA1bmdIXC9HZVFiZlN5SjFsY0pMRE5BPT0iLCJ2YWx1ZSI6IlhOeTNtVFR3WjVydTVPSGVJcjVhNDRwTmwwXC8zY1BIbyt6RlhuQnp1a3pkMTFrbjZtSlRsNStoa1F5ekpiRDAzIiwibWFjIjoiY2EwNjZiMTBiZTFiZmIwNWYzMDFjM2Y0NDc3NTAwNGExMTZkMmU3OWFmZjY0ZTZlMDU2ZDM5MGE2ZTA5NDE2MyJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 03 Aug 2021 14:21:05 GMT
server: cloudflare
etag: W/"610950d1-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fS5%2F72rkwJh9%2F224II%2B14u9a6Ir%2FsTFDO5VeUiA%2FQOp1HBUUFxv5hKxiA%2Fcd%2BBn8T5oIhgJGbmlfbHHxzZ1l%2BNbbSLxMRU%2FaEiiF%2FBOoyVcbEu5mcrD1K2Ka6vgkwwn0r44Gg26%2B8B0q8CA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a77c9e942f7-FRA
vary: Accept-Encoding
expires: Sun, 08 Aug 2021 11:49:16 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 23ms
23ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250555.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IjljaUpzVm5va05cL0RsYkpROENtOUtRPT0iLCJ2YWx1ZSI6ImU0Y1wvQzZuOTYrZE5cLzE5WHFkeTgyZEtjTFp6SXozTWtIcW53elcwWGxmdXdLS0pGU0ZOWVdLcEZhcytPb3VETiIsIm1hYyI6IjM1ZmU0ZTM2MDlhMGMzNTQzMTJmNDQ4YWQzNTZjM2E4Y2JlNWVhNmQ0MTA5YzNjYWZlMzNkNzEyMGY3ZDM5MWYifQ%3D%3D; c=eyJpdiI6IlA1bmdIXC9HZVFiZlN5SjFsY0pMRE5BPT0iLCJ2YWx1ZSI6IlhOeTNtVFR3WjVydTVPSGVJcjVhNDRwTmwwXC8zY1BIbyt6RlhuQnp1a3pkMTFrbjZtSlRsNStoa1F5ekpiRDAzIiwibWFjIjoiY2EwNjZiMTBiZTFiZmIwNWYzMDFjM2Y0NDc3NTAwNGExMTZkMmU3OWFmZjY0ZTZlMDU2ZDM5MGE2ZTA5NDE2MyJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3666
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:36 GMT
server: cloudflare
etag: W/"610d0f4c-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZNBBvlSs%2BgXsJ4HJ%2BLblXBPx3X3xSM3QFRmT8NSRk%2FzTs%2FrVdGOE3cRZJIl%2F%2FKgeM1D4tY99C83bxsVkc9hz92Bje18oKXOMJrtuN4%2FblegxVPFwZ0u9KWwFnH4du3RldXZ2S59BNv8dCA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a77da0c42f7-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 24ms
24ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250555.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IjljaUpzVm5va05cL0RsYkpROENtOUtRPT0iLCJ2YWx1ZSI6ImU0Y1wvQzZuOTYrZE5cLzE5WHFkeTgyZEtjTFp6SXozTWtIcW53elcwWGxmdXdLS0pGU0ZOWVdLcEZhcytPb3VETiIsIm1hYyI6IjM1ZmU0ZTM2MDlhMGMzNTQzMTJmNDQ4YWQzNTZjM2E4Y2JlNWVhNmQ0MTA5YzNjYWZlMzNkNzEyMGY3ZDM5MWYifQ%3D%3D; c=eyJpdiI6IlA1bmdIXC9HZVFiZlN5SjFsY0pMRE5BPT0iLCJ2YWx1ZSI6IlhOeTNtVFR3WjVydTVPSGVJcjVhNDRwTmwwXC8zY1BIbyt6RlhuQnp1a3pkMTFrbjZtSlRsNStoa1F5ekpiRDAzIiwibWFjIjoiY2EwNjZiMTBiZTFiZmIwNWYzMDFjM2Y0NDc3NTAwNGExMTZkMmU3OWFmZjY0ZTZlMDU2ZDM5MGE2ZTA5NDE2MyJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4589
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BpRDVVSDCkT%2FnO4PhCKU2mhJbzI%2FYbqP%2FwBYKvTo23y4NcB9GSAZmJ9BPeBkJiHOTRWM85syIpkFSsfverhbxHHyuiVMq1w2BX5jMRmyXNROrwcn2B4NgE%2FEpJH%2Bw4NB5h3KEc4XiYciJdA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a77fa6342f7-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 13ms
6ms Script
application/javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx00000000000000495929e-0060df28ef-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 57ms
54ms Script
text/plain 18.195.123.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.123.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-123-247.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:16 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 154ms
51ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:16 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 21ms
18ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ebf9aea91580923f108d8e9c9fa03581c3c58fcd1ab8712d4ed593fbde60062

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Jul 2021 15:47:47 GMT
server: cloudflare
age: 4757
etag: W/"61041f23-9787"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zQHruLip5IRS947Z7GwiVjqPIGGU9U8ga2uM2JPA2EFuuZOXpqll9ghRs%2FRCuwBQwhFPgM1sS2ZxHJ1wxrCRsKswr4Uxfmh77L1kdw00S2G40OdHtvIWBnnP1eZF1ep4p4x6NcVQwipry%2BdmkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a780ef84401-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
41 KB 18ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ee25e98eb177cc22fba819b261e53fdcdb837d1ca65533dbc186fa9f1f9550a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41863
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Aug 2021 11:49:16 GMT

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 58ms
55ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.33457046880513475
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 6d14739d371e5356dd7e5e49489a4e704c7b1f35ae642d3e25abe983520f13cc

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:16 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 22ms
21ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a8f778-0060df3204-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 20ms
19ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593a6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:16 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 10ms
9ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593e6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:16 GMT

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 36ms
35ms Fetch
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 14869471898732562513
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 06 Aug 2021 11:49:16 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 50ms
47ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 0d404c873f2059736aee11a6667c7bb6e57b9abb82ddaa783a924c92eb190411

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:16 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
542 B 53ms
50ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

476bf4c60caa39fb7e4b92ea2840206e3761389743d008fec2c4d3c2b019559e

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 54ms
52ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:16 GMT
Server: nginx/1.19.10
Etag: bf01f55e-fb53-4a80-92e0-042fc9d31076
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 17ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:16 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 18ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:16 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 17ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:16 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 16ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:16 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 15ms
14ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:16 GMT

GET
H3-29 200 locate Show response
tgfunnls.org/ 141 B
1 KB 85ms
84ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6ffea4eb17e3268759f83f8abca64a9ed7755ff19d8d6b05e7aa354ae6d4f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6IjljaUpzVm5va05cL0RsYkpROENtOUtRPT0iLCJ2YWx1ZSI6ImU0Y1wvQzZuOTYrZE5cLzE5WHFkeTgyZEtjTFp6SXozTWtIcW53elcwWGxmdXdLS0pGU0ZOWVdLcEZhcytPb3VETiIsIm1hYyI6IjM1ZmU0ZTM2MDlhMGMzNTQzMTJmNDQ4YWQzNTZjM2E4Y2JlNWVhNmQ0MTA5YzNjYWZlMzNkNzEyMGY3ZDM5MWYifQ==
accept-language: en-US
sec-fetch-dest: empty
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250555.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IjljaUpzVm5va05cL0RsYkpROENtOUtRPT0iLCJ2YWx1ZSI6ImU0Y1wvQzZuOTYrZE5cLzE5WHFkeTgyZEtjTFp6SXozTWtIcW53elcwWGxmdXdLS0pGU0ZOWVdLcEZhcytPb3VETiIsIm1hYyI6IjM1ZmU0ZTM2MDlhMGMzNTQzMTJmNDQ4YWQzNTZjM2E4Y2JlNWVhNmQ0MTA5YzNjYWZlMzNkNzEyMGY3ZDM5MWYifQ%3D%3D; c=eyJpdiI6IlA1bmdIXC9HZVFiZlN5SjFsY0pMRE5BPT0iLCJ2YWx1ZSI6IlhOeTNtVFR3WjVydTVPSGVJcjVhNDRwTmwwXC8zY1BIbyt6RlhuQnp1a3pkMTFrbjZtSlRsNStoa1F5ekpiRDAzIiwibWFjIjoiY2EwNjZiMTBiZTFiZmIwNWYzMDFjM2Y0NDc3NTAwNGExMTZkMmU3OWFmZjY0ZTZlMDU2ZDM5MGE2ZTA5NDE2MyJ9
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IjljaUpzVm5va05cL0RsYkpROENtOUtRPT0iLCJ2YWx1ZSI6ImU0Y1wvQzZuOTYrZE5cLzE5WHFkeTgyZEtjTFp6SXozTWtIcW53elcwWGxmdXdLS0pGU0ZOWVdLcEZhcytPb3VETiIsIm1hYyI6IjM1ZmU0ZTM2MDlhMGMzNTQzMTJmNDQ4YWQzNTZjM2E4Y2JlNWVhNmQ0MTA5YzNjYWZlMzNkNzEyMGY3ZDM5MWYifQ==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d1E7fmR0l22YSQvGo2YLd1O7OQRnLbLXyI37sgX2WvAXwBgdHhbfrv85mjh%2FOrBLVDv%2B%2BYagjKQT%2FvK6FSPwmJP8AFGxud6CJJCxvbk6ki9ToSiKkHGJNpri8mr%2B9vRAXZqFvMCNViCEdyo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InpRUDdOSlRBRzI0aFYwTjlyS3BKV1E9PSIsInZhbHVlIjoieVBJckhPTnFTelRGbktsZm9IdXY2RGNVbTlaR0FCNVVwTGw5ZEVjTzRLaUo5SU1ERVBHYXI4NytMRTFkTW9tWiIsIm1hYyI6IjhiMWM1OTQ4NWNmYjAwYzRlOTI5NGZjMzU4Yzg5Mjk1Yjg2YzBjZWYyOTgyNTQ4MGFkNDU3NjNjNzE3ODg0NzgifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:16 GMT; Max-Age=7200; path=/ c=eyJpdiI6ImQ1SjZzMjBXVDU5U3ZyRGY0TlgxSUE9PSIsInZhbHVlIjoiQVVPMTVhTkF5QXBKRVpteDcwZFNROStPTlFzMFlkVk9HSlhxNll6c1RkM1hqWU82bnE4TXlWYmx1NDFIb2E2dSIsIm1hYyI6IjRjZWE1MzRhY2JmNDQ1NDZkZWE5NDQ3N2E5YzBhNDA5NWZkYzNkOWFjNWY0OWZmMmE3ZjNjODdlZTBkMmQxZDgifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:16 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a78bc6b42f7-FRA

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 25ms
23ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250555.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6IjljaUpzVm5va05cL0RsYkpROENtOUtRPT0iLCJ2YWx1ZSI6ImU0Y1wvQzZuOTYrZE5cLzE5WHFkeTgyZEtjTFp6SXozTWtIcW53elcwWGxmdXdLS0pGU0ZOWVdLcEZhcytPb3VETiIsIm1hYyI6IjM1ZmU0ZTM2MDlhMGMzNTQzMTJmNDQ4YWQzNTZjM2E4Y2JlNWVhNmQ0MTA5YzNjYWZlMzNkNzEyMGY3ZDM5MWYifQ%3D%3D; c=eyJpdiI6IlA1bmdIXC9HZVFiZlN5SjFsY0pMRE5BPT0iLCJ2YWx1ZSI6IlhOeTNtVFR3WjVydTVPSGVJcjVhNDRwTmwwXC8zY1BIbyt6RlhuQnp1a3pkMTFrbjZtSlRsNStoa1F5ekpiRDAzIiwibWFjIjoiY2EwNjZiMTBiZTFiZmIwNWYzMDFjM2Y0NDc3NTAwNGExMTZkMmU3OWFmZjY0ZTZlMDU2ZDM5MGE2ZTA5NDE2MyJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2319
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:55:13 GMT
server: cloudflare
etag: "610d1511-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N8Oo3ulrJU1qS3MMDySSX06idc54KttlP5CkO9YaFXSkYmN%2Bfqv8y5h%2BAnzc2gliEK7EOoKfAhmBrxjbKEKpgCCz556Rb9h1eg60J%2FDXs6QDhzWmgRo1PeNkTRL0vxmreop%2FDiLcrLkNcYA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a78bc7042f7-FRA

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 47ms
47ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:16 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 48ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:16 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK a998510e-6330-4cac-a603-61af98ba87bd
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/a998510e-6330-4cac-a603-61af98ba87bd
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 20ms
20ms Image
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

de85b8ee97824c5e846f3000562fd9b83fc14b62da6e812fbad4c9ad49eb0458

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51134
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:16 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2135
date: Fri, 06 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 56ms
56ms Script
application/javascript 13.224.96.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d4261e9b3b427b4faba85d775a6dbd131cf86cbd42945ba05ae2ebad8f8f36e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:48:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 58
etag: W/4e117f3a38c123981a4b3509540d1697
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: 6ZsWXAgnA8qIWSlYC1cbjT0yu2I7aY4ncOW5JD7DveSk66JxjicmtA==
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 57ms
57ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:16 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 56ms
55ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:16 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.33457046880513475
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: b6a6463b285c1fdc27b7022ff01564762e81117074a3f3781cc931fe389afc70

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-f3a3"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62371
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 121ms
121ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D300A6AF58D106D85594CDBFBAA2B13D7&h=ce01f3e9beb7bdefb21b49b643350b73&t=false&r=0.4630347472076164

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:15 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 149ms
148ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6InpRUDdOSlRBRzI0aFYwTjlyS3BKV1E9PSIsInZhbHVlIjoieVBJckhPTnFTelRGbktsZm9IdXY2RGNVbTlaR0FCNVVwTGw5ZEVjTzRLaUo5SU1ERVBHYXI4NytMRTFkTW9tWiIsIm1hYyI6IjhiMWM1OTQ4NWNmYjAwYzRlOTI5NGZjMzU4Yzg5Mjk1Yjg2YzBjZWYyOTgyNTQ4MGFkNDU3NjNjNzE3ODg0NzgifQ==
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D300A6AF58D106D85594CDBFBAA2B13D7|ce01f3e9beb7bdefb21b49b643350b73; _gid=GA1.2.1416830450.1628250551; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=dc49561e-9d46-46e0-96b5-f0bbe1b05202; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250548.1.1.1628250555.0; _ga=GA1.1.764459664.1628250551; XSRF-TOKEN=eyJpdiI6InpRUDdOSlRBRzI0aFYwTjlyS3BKV1E9PSIsInZhbHVlIjoieVBJckhPTnFTelRGbktsZm9IdXY2RGNVbTlaR0FCNVVwTGw5ZEVjTzRLaUo5SU1ERVBHYXI4NytMRTFkTW9tWiIsIm1hYyI6IjhiMWM1OTQ4NWNmYjAwYzRlOTI5NGZjMzU4Yzg5Mjk1Yjg2YzBjZWYyOTgyNTQ4MGFkNDU3NjNjNzE3ODg0NzgifQ%3D%3D; c=eyJpdiI6ImQ1SjZzMjBXVDU5U3ZyRGY0TlgxSUE9PSIsInZhbHVlIjoiQVVPMTVhTkF5QXBKRVpteDcwZFNROStPTlFzMFlkVk9HSlhxNll6c1RkM1hqWU82bnE4TXlWYmx1NDFIb2E2dSIsIm1hYyI6IjRjZWE1MzRhY2JmNDQ1NDZkZWE5NDQ3N2E5YzBhNDA5NWZkYzNkOWFjNWY0OWZmMmE3ZjNjODdlZTBkMmQxZDgifQ%3D%3D
content-length: 179
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6InpRUDdOSlRBRzI0aFYwTjlyS3BKV1E9PSIsInZhbHVlIjoieVBJckhPTnFTelRGbktsZm9IdXY2RGNVbTlaR0FCNVVwTGw5ZEVjTzRLaUo5SU1ERVBHYXI4NytMRTFkTW9tWiIsIm1hYyI6IjhiMWM1OTQ4NWNmYjAwYzRlOTI5NGZjMzU4Yzg5Mjk1Yjg2YzBjZWYyOTgyNTQ4MGFkNDU3NjNjNzE3ODg0NzgifQ==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bDgIDN8tGrqTD5jm0vEXaL7IBlCVVLnjIG2%2FpnxDhBMLnzpiizXP6%2F3wmbYFa90sBN7Xjp%2BlS1%2B6Vc7qLFJmgclQIXVrsm8xOtsZvBp03wsTvpYY2IAKeVHjjverEk0JPxgLWblUooO46j0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InB0aG1QTTJpWjNjeUdoSUx0dTdPbUE9PSIsInZhbHVlIjoiMjl0WE9TM3hFWjNITlQzN3E4cFJSRnRWWWhGUFl5Z0FUVkhcL1BMa2ZHbDJcL1VcL2VUbXAySjRFMDU1OHFIM3c5ZyIsIm1hYyI6ImYzNmZhYmEwMjY5ZjM2ZDk5MDQwMTExZjhlODk0YzA3OWEzY2YwZjUwZGFhMjk3MzQxMWZmZDdjOGVhNDY4MWQifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:16 GMT; Max-Age=7200; path=/ c=eyJpdiI6ImNSVGVUa2g5TVYrNHdub3ZcL1AyQXV3PT0iLCJ2YWx1ZSI6InhldHM4eUk5bGZsdDM4bUlleFwvM282YWZURDVMV25yWU9xTlhuaWx0OWFPUzZGWGl0ejRDRGRNemFNR1UzNHNMIiwibWFjIjoiZWY5NThjNjdmNzViZjlkNWNjZTNhMjM3MzdiNjcyZGVlMTA1MmM1OGQ4MzU3MjU0MWI2MDM3NGJmMWY2ZjA2NSJ9; expires=Fri, 06-Aug-2021 13:49:16 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a795e1342f7-FRA

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=1435995078&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=764459664.1628250551&tid=UA-192660002-1&_gid=1416830450.1628250551&gtm=2wg840MSK8GMG&z=373790555

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 05:58:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 21036
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 62ms
62ms Script
application/javascript 13.224.96.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77471
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: hY7T0plEZ8FsgaJY619i9VQXWpkxPNQnqdJvElPinLEWiuZ14UQEhQ==

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 49ms
48ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.9974249422271504&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 59ms
59ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.3114867246480344
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame CDDD 2 KB
1 KB 55ms
55ms Document
text/html 13.224.96.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-92.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: Qh75Uz9-mxZUZqfTjIYs7FJjUmWX5HSvcmHai3fkNLjCUl_l2CKEsQ==
age: 1683166

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 48ms
48ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-133"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js Show response
cdn.pushcrew.com/js/ 248 KB
70 KB 128ms
128ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a74b97179203cf3de9b255635c3927c34791cabfe69261cc8d1235c13315e78

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Fri, 06 Aug 2021 12:19:16 GMT

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 63ms
62ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:16 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 61ms
61ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:16 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
537 B 48ms
47ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 06 Aug 2021 11:49:16 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H2 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 250ms
250ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1782176f11bf7dac77d638c8d94565d89a7e78f365fd2205cf9e39b86c7d8150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlZQa2lWdlwvUHRnWUFsRXJqMEF3NmJRPT0iLCJ2YWx1ZSI6Im5DOTBNckNtY1Z1TmdFWUQ5bTV6ZXFUZVhmdzJzRCs5UWU5UEdpbWQ2dEd4QTk2eHlYWVEyaFZVQkVvYThEenMiLCJtYWMiOiI4ODlkYWQxNzdmNTQzNmIyNjc3NjcwZWU0ZDVkMWQ4MDYxMGM4MzIzYWIzMzIyMDBjNzNhYmRiN2RlOGJhMTE4In0%3D; expires=Fri, 06-Aug-2021 13:49:17 GMT; Max-Age=7200; path=/ c=eyJpdiI6IjVYb1wvNktZUG5OS0dIZlwveXRzR3ByQT09IiwidmFsdWUiOiJ6alBRU1FaVXNoR2FUejViSWN1eDhZMGtcLzhXMDVcL0Zqd1VwdU93NXFyeHdjMkFOMHlVMkVKdjEyT09CNGlyc1YiLCJtYWMiOiI1MmVmMTVlZGM4YjExNjJhNTRjMGE2YjQxNjM5NWM0YjJhMGFjYjY2MjQxODE0NTI5MGU2NDhjNzYyNmY0N2RhIn0%3D; expires=Fri, 06-Aug-2021 13:49:17 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 1
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lWtQN6mIUCZXdB%2FWZpxr9civ5uGg17Z13Z92PXR4DZ7mStVUiWrzmURDLyga1hb97I6v%2BiBOTjeLADKLRf0j4mu7YMKk5wB2wXH2kY2lni9gGFYqVqD7Eqv5O0MIzv2wsHG57sAB%2FpOqbaE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67a80a7c5e8e4a74-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 1 MB
0 6ms
6ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=3801088-

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593e6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 3801088-124690623/124690624
Content-Length: 120889536
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:16 GMT

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 14ms
13ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IlZQa2lWdlwvUHRnWUFsRXJqMEF3NmJRPT0iLCJ2YWx1ZSI6Im5DOTBNckNtY1Z1TmdFWUQ5bTV6ZXFUZVhmdzJzRCs5UWU5UEdpbWQ2dEd4QTk2eHlYWVEyaFZVQkVvYThEenMiLCJtYWMiOiI4ODlkYWQxNzdmNTQzNmIyNjc3NjcwZWU0ZDVkMWQ4MDYxMGM4MzIzYWIzMzIyMDBjNzNhYmRiN2RlOGJhMTE4In0%3D; c=eyJpdiI6IjVYb1wvNktZUG5OS0dIZlwveXRzR3ByQT09IiwidmFsdWUiOiJ6alBRU1FaVXNoR2FUejViSWN1eDhZMGtcLzhXMDVcL0Zqd1VwdU93NXFyeHdjMkFOMHlVMkVKdjEyT09CNGlyc1YiLCJtYWMiOiI1MmVmMTVlZGM4YjExNjJhNTRjMGE2YjQxNjM5NWM0YjJhMGFjYjY2MjQxODE0NTI5MGU2NDhjNzYyNmY0N2RhIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3668
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7zYgoe41umgBgD8C7Y%2FN5juXdpXc%2Fc01%2F0yBLFRX9oQwZT1XZlS4XODBTg431QW6MdN99nKFDIzOIGDRHA1woKlOAJ9Mj4vaHK7vtRyjoGh4m%2F4V%2BnGcE3lAZPDTjGbXTsaCWFh%2BO0VDfqQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a7dfb2242f7-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
761 B 13ms
12ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IlZQa2lWdlwvUHRnWUFsRXJqMEF3NmJRPT0iLCJ2YWx1ZSI6Im5DOTBNckNtY1Z1TmdFWUQ5bTV6ZXFUZVhmdzJzRCs5UWU5UEdpbWQ2dEd4QTk2eHlYWVEyaFZVQkVvYThEenMiLCJtYWMiOiI4ODlkYWQxNzdmNTQzNmIyNjc3NjcwZWU0ZDVkMWQ4MDYxMGM4MzIzYWIzMzIyMDBjNzNhYmRiN2RlOGJhMTE4In0%3D; c=eyJpdiI6IjVYb1wvNktZUG5OS0dIZlwveXRzR3ByQT09IiwidmFsdWUiOiJ6alBRU1FaVXNoR2FUejViSWN1eDhZMGtcLzhXMDVcL0Zqd1VwdU93NXFyeHdjMkFOMHlVMkVKdjEyT09CNGlyc1YiLCJtYWMiOiI1MmVmMTVlZGM4YjExNjJhNTRjMGE2YjQxNjM5NWM0YjJhMGFjYjY2MjQxODE0NTI5MGU2NDhjNzYyNmY0N2RhIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3668
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rieP5FeQj%2F8M4zc87cQ%2FzaGXuyi1KLtgXp2VV3R2tgBn9wBNJzsHZ7QNqgHRNGxxZhaXO9fB1tFfSGNNxhWanOqzXtGTh%2FkUAEcUEQk3eoQCzSrkmwADJ5NtOkkyBltODzUiOSYJmDyoGNg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a7dfb2542f7-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 7ms
7ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000049794a1-0060df28ef-12ed1804-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 52ms
51ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 25ms
21ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 26ms
21ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 21ms
17ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IlZQa2lWdlwvUHRnWUFsRXJqMEF3NmJRPT0iLCJ2YWx1ZSI6Im5DOTBNckNtY1Z1TmdFWUQ5bTV6ZXFUZVhmdzJzRCs5UWU5UEdpbWQ2dEd4QTk2eHlYWVEyaFZVQkVvYThEenMiLCJtYWMiOiI4ODlkYWQxNzdmNTQzNmIyNjc3NjcwZWU0ZDVkMWQ4MDYxMGM4MzIzYWIzMzIyMDBjNzNhYmRiN2RlOGJhMTE4In0%3D; c=eyJpdiI6IjVYb1wvNktZUG5OS0dIZlwveXRzR3ByQT09IiwidmFsdWUiOiJ6alBRU1FaVXNoR2FUejViSWN1eDhZMGtcLzhXMDVcL0Zqd1VwdU93NXFyeHdjMkFOMHlVMkVKdjEyT09CNGlyc1YiLCJtYWMiOiI1MmVmMTVlZGM4YjExNjJhNTRjMGE2YjQxNjM5NWM0YjJhMGFjYjY2MjQxODE0NTI5MGU2NDhjNzYyNmY0N2RhIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3667
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:28:14 GMT
server: cloudflare
etag: "610d0ebe-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GI3AY9hJy4suHrSstWCGIqMzRNf7%2FNaFBQVgW20rBhr5iQI2eC9%2FbwXj9RE0lYKJaA23CVf2oI1cOdPGAhZLJWyxJ76YAESebqG79PzzgKo%2FTXkV13Go%2BlgS23dH4CzsB7s5RwYckMIjuv4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a7e5c3f42f7-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 26ms
21ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 26ms
22ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794ba-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 26ms
22ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b6-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 15ms
13ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bc-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 15ms
14ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794be-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 9ms
5ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 7ms
5ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 8ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bd-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 7ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bc-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 7ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bb-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 6ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b8-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a5-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 7ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 7ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a3-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 14ms
12ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IlZQa2lWdlwvUHRnWUFsRXJqMEF3NmJRPT0iLCJ2YWx1ZSI6Im5DOTBNckNtY1Z1TmdFWUQ5bTV6ZXFUZVhmdzJzRCs5UWU5UEdpbWQ2dEd4QTk2eHlYWVEyaFZVQkVvYThEenMiLCJtYWMiOiI4ODlkYWQxNzdmNTQzNmIyNjc3NjcwZWU0ZDVkMWQ4MDYxMGM4MzIzYWIzMzIyMDBjNzNhYmRiN2RlOGJhMTE4In0%3D; c=eyJpdiI6IjVYb1wvNktZUG5OS0dIZlwveXRzR3ByQT09IiwidmFsdWUiOiJ6alBRU1FaVXNoR2FUejViSWN1eDhZMGtcLzhXMDVcL0Zqd1VwdU93NXFyeHdjMkFOMHlVMkVKdjEyT09CNGlyc1YiLCJtYWMiOiI1MmVmMTVlZGM4YjExNjJhNTRjMGE2YjQxNjM5NWM0YjJhMGFjYjY2MjQxODE0NTI5MGU2NDhjNzYyNmY0N2RhIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3667
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b2aWvjrtXV4ILhqrakVtiMAv1fU3%2FGSOCrKh1YsywPGSui2S%2BEKM2GKV7wOEtfARX2C71Fl7kYivMd2xgGYcgGLQdbgoeG%2Fz584x1kbWXYcdC%2Bg31drdH8O23XFXS5joUL6TOO68kFUus9M%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67a80a7e5c4142f7-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 8ms
8ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IlZQa2lWdlwvUHRnWUFsRXJqMEF3NmJRPT0iLCJ2YWx1ZSI6Im5DOTBNckNtY1Z1TmdFWUQ5bTV6ZXFUZVhmdzJzRCs5UWU5UEdpbWQ2dEd4QTk2eHlYWVEyaFZVQkVvYThEenMiLCJtYWMiOiI4ODlkYWQxNzdmNTQzNmIyNjc3NjcwZWU0ZDVkMWQ4MDYxMGM4MzIzYWIzMzIyMDBjNzNhYmRiN2RlOGJhMTE4In0%3D; c=eyJpdiI6IjVYb1wvNktZUG5OS0dIZlwveXRzR3ByQT09IiwidmFsdWUiOiJ6alBRU1FaVXNoR2FUejViSWN1eDhZMGtcLzhXMDVcL0Zqd1VwdU93NXFyeHdjMkFOMHlVMkVKdjEyT09CNGlyc1YiLCJtYWMiOiI1MmVmMTVlZGM4YjExNjJhNTRjMGE2YjQxNjM5NWM0YjJhMGFjYjY2MjQxODE0NTI5MGU2NDhjNzYyNmY0N2RhIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 03 Aug 2021 14:21:05 GMT
server: cloudflare
etag: W/"610950d1-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KX6NuZB6nXcaBrNml8933Pr1meBDpdc0gvFZ8In2iAcm%2BitBRXbrxP6PQENA6%2ForPnMSWL0nkkcnwVyAdDryM2X4xeL9np2JRbY3qbFOeJAG98S%2FLIjSsUUCw2HCD%2FvBM86JM26ZCQskWlw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a7e1b6442f7-FRA
vary: Accept-Encoding
expires: Sun, 08 Aug 2021 11:49:17 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 14ms
13ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IlZQa2lWdlwvUHRnWUFsRXJqMEF3NmJRPT0iLCJ2YWx1ZSI6Im5DOTBNckNtY1Z1TmdFWUQ5bTV6ZXFUZVhmdzJzRCs5UWU5UEdpbWQ2dEd4QTk2eHlYWVEyaFZVQkVvYThEenMiLCJtYWMiOiI4ODlkYWQxNzdmNTQzNmIyNjc3NjcwZWU0ZDVkMWQ4MDYxMGM4MzIzYWIzMzIyMDBjNzNhYmRiN2RlOGJhMTE4In0%3D; c=eyJpdiI6IjVYb1wvNktZUG5OS0dIZlwveXRzR3ByQT09IiwidmFsdWUiOiJ6alBRU1FaVXNoR2FUejViSWN1eDhZMGtcLzhXMDVcL0Zqd1VwdU93NXFyeHdjMkFOMHlVMkVKdjEyT09CNGlyc1YiLCJtYWMiOiI1MmVmMTVlZGM4YjExNjJhNTRjMGE2YjQxNjM5NWM0YjJhMGFjYjY2MjQxODE0NTI5MGU2NDhjNzYyNmY0N2RhIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3667
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:36 GMT
server: cloudflare
etag: W/"610d0f4c-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QdwI0rR6RGw9LBBRHBVWNcYFZ5Ii6iH%2BiowOHsWxao1SqlNu5nZubbxfSWOV2%2BL5t5y0TQpKYug0CNdldwF43MLoX6SLzJVcuK7gKgxYZokirC0O5KgUdHx4556dauHaHYBaWG9qXRAX7Ug%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a7e2b9842f7-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 27ms
27ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IlZQa2lWdlwvUHRnWUFsRXJqMEF3NmJRPT0iLCJ2YWx1ZSI6Im5DOTBNckNtY1Z1TmdFWUQ5bTV6ZXFUZVhmdzJzRCs5UWU5UEdpbWQ2dEd4QTk2eHlYWVEyaFZVQkVvYThEenMiLCJtYWMiOiI4ODlkYWQxNzdmNTQzNmIyNjc3NjcwZWU0ZDVkMWQ4MDYxMGM4MzIzYWIzMzIyMDBjNzNhYmRiN2RlOGJhMTE4In0%3D; c=eyJpdiI6IjVYb1wvNktZUG5OS0dIZlwveXRzR3ByQT09IiwidmFsdWUiOiJ6alBRU1FaVXNoR2FUejViSWN1eDhZMGtcLzhXMDVcL0Zqd1VwdU93NXFyeHdjMkFOMHlVMkVKdjEyT09CNGlyc1YiLCJtYWMiOiI1MmVmMTVlZGM4YjExNjJhNTRjMGE2YjQxNjM5NWM0YjJhMGFjYjY2MjQxODE0NTI5MGU2NDhjNzYyNmY0N2RhIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4590
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hoVEujCJBPf4zO4Fyl%2ByVjAn43cpTfl6hbvuAYSzdV5JpPTgfxW2n1gQbX%2FDiEl28pkluCQIq06bNai%2FXDfJ3IYmfgZpH0IbkxmNIEUWBV%2BlERmvT1oJd%2BWGTk9Uum%2B83iK8ST%2Bj0rUQsdI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a7e3bed42f7-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 9ms
9ms Script
application/javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx00000000000000495929e-0060df28ef-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
635 B 54ms
52ms Script
text/plain 18.195.123.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.123.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-123-247.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:17 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
635 B 153ms
52ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:17 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 16ms
14ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ebf9aea91580923f108d8e9c9fa03581c3c58fcd1ab8712d4ed593fbde60062

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Jul 2021 15:47:47 GMT
server: cloudflare
age: 4758
etag: W/"61041f23-9787"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FwdCyARLpJR8IWql9chyI1%2Bj4e7qSuIdznR31swB2p%2BnqIb3OtOGZOX6S2IJVvAOP%2F4%2B%2BH7VKNuu1wP%2FBx0lgpcH3AsXKFgsO%2BPa9BwICDKIq1qXxODBSfqlyyjaif%2BqitSG19CXhHbTZ3WGFg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a7e5ea34a67-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
41 KB 17ms
15ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dcee980bbbbf68353e831640176489edd21be0d2410c05ff397906e8f53e75bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41864
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Aug 2021 11:49:17 GMT

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 51ms
50ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.12030525186927643
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 71163087785931ff1d9eee84edd128b2764beccfccfdfcc3946e1bd6b82c9306

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:17 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 14ms
13ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a8f778-0060df3204-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 12ms
11ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593a6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:17 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 8ms
7ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593e6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:17 GMT

HEAD
H2 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 27ms
26ms Fetch
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
etag: 14869471898732562513
vary: Accept-Encoding, Origin
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private, max-age=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:17 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 47ms
47ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: c7949470a0610245f8dc1968e5fbe3951aa57f8460b0a32c793c6a67b4458567

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:17 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 50ms
50ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4373ca5ab48490744cf6ee9190690744dcaeb4ef4da4fe183603458a5b55160b

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 47ms
47ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:17 GMT
Server: nginx/1.19.10
Etag: fe143b1f-df73-4d99-8f09-0061bed66b03
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H2 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 15ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:17 GMT

GET
H2 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 18ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:17 GMT

GET
H2 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 19ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:17 GMT

GET
H2 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 19ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:17 GMT

GET
H2 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 19ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:17 GMT

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 14ms
14ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IlZQa2lWdlwvUHRnWUFsRXJqMEF3NmJRPT0iLCJ2YWx1ZSI6Im5DOTBNckNtY1Z1TmdFWUQ5bTV6ZXFUZVhmdzJzRCs5UWU5UEdpbWQ2dEd4QTk2eHlYWVEyaFZVQkVvYThEenMiLCJtYWMiOiI4ODlkYWQxNzdmNTQzNmIyNjc3NjcwZWU0ZDVkMWQ4MDYxMGM4MzIzYWIzMzIyMDBjNzNhYmRiN2RlOGJhMTE4In0%3D; c=eyJpdiI6IjVYb1wvNktZUG5OS0dIZlwveXRzR3ByQT09IiwidmFsdWUiOiJ6alBRU1FaVXNoR2FUejViSWN1eDhZMGtcLzhXMDVcL0Zqd1VwdU93NXFyeHdjMkFOMHlVMkVKdjEyT09CNGlyc1YiLCJtYWMiOiI1MmVmMTVlZGM4YjExNjJhNTRjMGE2YjQxNjM5NWM0YjJhMGFjYjY2MjQxODE0NTI5MGU2NDhjNzYyNmY0N2RhIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2320
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:55:13 GMT
server: cloudflare
etag: "610d1511-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=88wT%2FjiXi55XMyI2OE5YwwOHAkwee1BrBP1osXoyjZJRWAZjRbXZRjNKD%2FWMDDINsTwNPSzFAtZBPy49vUFgWZu4zbUzp2NBFfUuo5Krhth60DP1R2ICJfl16CvDHMaDREVBglNzwUUysVc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a7ecd9542f7-FRA

GET
H3-29 200 locate Show response
tgfunnls.org/ 150 B
1 KB 89ms
89ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9444725fb48cd94db4b9c4e1544b3ace3c54ccd0d1a289f124d36b69c9d6a20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6IlZQa2lWdlwvUHRnWUFsRXJqMEF3NmJRPT0iLCJ2YWx1ZSI6Im5DOTBNckNtY1Z1TmdFWUQ5bTV6ZXFUZVhmdzJzRCs5UWU5UEdpbWQ2dEd4QTk2eHlYWVEyaFZVQkVvYThEenMiLCJtYWMiOiI4ODlkYWQxNzdmNTQzNmIyNjc3NjcwZWU0ZDVkMWQ4MDYxMGM4MzIzYWIzMzIyMDBjNzNhYmRiN2RlOGJhMTE4In0=
accept-language: en-US
sec-fetch-dest: empty
cookie: XSRF-TOKEN=eyJpdiI6IlZQa2lWdlwvUHRnWUFsRXJqMEF3NmJRPT0iLCJ2YWx1ZSI6Im5DOTBNckNtY1Z1TmdFWUQ5bTV6ZXFUZVhmdzJzRCs5UWU5UEdpbWQ2dEd4QTk2eHlYWVEyaFZVQkVvYThEenMiLCJtYWMiOiI4ODlkYWQxNzdmNTQzNmIyNjc3NjcwZWU0ZDVkMWQ4MDYxMGM4MzIzYWIzMzIyMDBjNzNhYmRiN2RlOGJhMTE4In0%3D; c=eyJpdiI6IjVYb1wvNktZUG5OS0dIZlwveXRzR3ByQT09IiwidmFsdWUiOiJ6alBRU1FaVXNoR2FUejViSWN1eDhZMGtcLzhXMDVcL0Zqd1VwdU93NXFyeHdjMkFOMHlVMkVKdjEyT09CNGlyc1YiLCJtYWMiOiI1MmVmMTVlZGM4YjExNjJhNTRjMGE2YjQxNjM5NWM0YjJhMGFjYjY2MjQxODE0NTI5MGU2NDhjNzYyNmY0N2RhIn0%3D
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IlZQa2lWdlwvUHRnWUFsRXJqMEF3NmJRPT0iLCJ2YWx1ZSI6Im5DOTBNckNtY1Z1TmdFWUQ5bTV6ZXFUZVhmdzJzRCs5UWU5UEdpbWQ2dEd4QTk2eHlYWVEyaFZVQkVvYThEenMiLCJtYWMiOiI4ODlkYWQxNzdmNTQzNmIyNjc3NjcwZWU0ZDVkMWQ4MDYxMGM4MzIzYWIzMzIyMDBjNzNhYmRiN2RlOGJhMTE4In0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BfBHrmFWigIVrM20muQvCmBw8JRw9gSVr92FI0%2FW6GQOoqqQjh0BGwYD2CB6CDVqdKAwZbh7jTuYPiQPW3cgwVOdNHw4OukIoK6c42LEEJQIPgfEkVqsJuqWuhPkUbWBX77scynBVwBgc0o%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IkZkYThrTVRabytUQVZneTQ2ZFFxSUE9PSIsInZhbHVlIjoiSU5oK0JyVFJmTlwvSlB4TUREK3F4eHV4UHU3S0lvWjkrTkhRa0RqNUZZVjFxOXZRNjhhOEVod1BCaTI3Qk9CUG8iLCJtYWMiOiI0N2Q4YjA2NDJjNTBhYzg2OTY5OWExNDExZmMyZmVkYTQ0Y2QxZGIzNWU4ODM1Y2UzMmU1OWIzYTRjYWI0N2I5In0%3D; expires=Fri, 06-Aug-2021 13:49:17 GMT; Max-Age=7200; path=/ c=eyJpdiI6IlZIXC8rNW5Uc1RSZ1lBSFhtQ0NBcFFBPT0iLCJ2YWx1ZSI6IkFVdGhpNVpWRnN5Mk1rUDcydUpwVXB1XC9hcDVxcHdxeTdHSFhvVVozOTMwM0xrckZUV0lSbnJsaFpoUVdLc3JEIiwibWFjIjoiNjAyMjJjNDNmYTRiNmIyZGIxZDRmNTdiYWZkNzRmNjUyN2Q4ODdmYzVlMjUzNTA0MzhmMzU3NWJlYWViZGYxOSJ9; expires=Fri, 06-Aug-2021 13:49:17 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a7efdfb42f7-FRA

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

caf7ecf5748d7e3e027c4c06c569b3a6fb8f0f78f0dc3ff8c888b2299747e496

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51136
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:17 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2136
date: Fri, 06 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 55ms
55ms Script
application/javascript 13.224.96.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d4261e9b3b427b4faba85d775a6dbd131cf86cbd42945ba05ae2ebad8f8f36e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:48:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 59
etag: W/4e117f3a38c123981a4b3509540d1697
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: urJ95k5VyngVX_mwuZNgnHznSAq1vd3u00x0AhJ87M5hsaKTNCFkpA==
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 47ms
47ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:17 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 51ms
51ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:17 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK 5513e53c-896a-4a14-8f42-c681731f1f05
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/5513e53c-896a-4a14-8f42-c681731f1f05
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 15ms
14ms Image
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 47ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:17 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 47ms
46ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:17 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 tag-18c0c42595158c9943ee0260eecc4fc3.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/ 214 KB
61 KB 62ms
61ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.12030525186927643
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: b6a6463b285c1fdc27b7022ff01564762e81117074a3f3781cc931fe389afc70

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-f3a3"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62371
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 122ms
120ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D60D53A279C34294A37B44CA833D8B14F&h=fe9b8582c0d96af381d293a2d11d8a7f&t=false&r=0.14648216625991406

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:16 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 14ms
13ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=443227911&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1966526248&gjid=472063975&cid=1821568338.1628250557&tid=UA-192660002-1&_gid=1967650473.1628250557&_r=1&gtm=2wg840MSK8GMG&z=1999612946

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 collect
www.google-analytics.com/g/ 0
17 B 14ms
13ms Ping
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-Y6C8Y8V9BH&gtm=2oe840&_p=443227911&sr=1600x1200&ul=en-us&cid=1821568338.1628250557&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&dr=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&dt=Daily%20Profit&sid=1628250557&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:17 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 202ms
201ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6IkZkYThrTVRabytUQVZneTQ2ZFFxSUE9PSIsInZhbHVlIjoiSU5oK0JyVFJmTlwvSlB4TUREK3F4eHV4UHU3S0lvWjkrTkhRa0RqNUZZVjFxOXZRNjhhOEVod1BCaTI3Qk9CUG8iLCJtYWMiOiI0N2Q4YjA2NDJjNTBhYzg2OTY5OWExNDExZmMyZmVkYTQ0Y2QxZGIzNWU4ODM1Y2UzMmU1OWIzYTRjYWI0N2I5In0=
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; XSRF-TOKEN=eyJpdiI6IkZkYThrTVRabytUQVZneTQ2ZFFxSUE9PSIsInZhbHVlIjoiSU5oK0JyVFJmTlwvSlB4TUREK3F4eHV4UHU3S0lvWjkrTkhRa0RqNUZZVjFxOXZRNjhhOEVod1BCaTI3Qk9CUG8iLCJtYWMiOiI0N2Q4YjA2NDJjNTBhYzg2OTY5OWExNDExZmMyZmVkYTQ0Y2QxZGIzNWU4ODM1Y2UzMmU1OWIzYTRjYWI0N2I5In0%3D; c=eyJpdiI6IlZIXC8rNW5Uc1RSZ1lBSFhtQ0NBcFFBPT0iLCJ2YWx1ZSI6IkFVdGhpNVpWRnN5Mk1rUDcydUpwVXB1XC9hcDVxcHdxeTdHSFhvVVozOTMwM0xrckZUV0lSbnJsaFpoUVdLc3JEIiwibWFjIjoiNjAyMjJjNDNmYTRiNmIyZGIxZDRmNTdiYWZkNzRmNjUyN2Q4ODdmYzVlMjUzNTA0MzhmMzU3NWJlYWViZGYxOSJ9; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.0.1628250557.0; _ga=GA1.1.1821568338.1628250557
content-length: 188
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IkZkYThrTVRabytUQVZneTQ2ZFFxSUE9PSIsInZhbHVlIjoiSU5oK0JyVFJmTlwvSlB4TUREK3F4eHV4UHU3S0lvWjkrTkhRa0RqNUZZVjFxOXZRNjhhOEVod1BCaTI3Qk9CUG8iLCJtYWMiOiI0N2Q4YjA2NDJjNTBhYzg2OTY5OWExNDExZmMyZmVkYTQ0Y2QxZGIzNWU4ODM1Y2UzMmU1OWIzYTRjYWI0N2I5In0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7WLN7ho%2F6QnkvAZIAiYVOQFeWkK8G%2BEi7l0w%2Bqh33vxwdaNIqZKKFdI8BF8YNTyI%2F2QkuS77A12QPIy%2FGEGWHFENiKR4BxHlv4ZiZ25B1WlG94ydRCde2YBk1ZOgipKH8l194Mgh9xHISW4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IkdkNTFZeVZCVkhDS2VBY3lWNlRtSkE9PSIsInZhbHVlIjoiYVg0Z0M1UGI3NEF4bHZRdmdsR3kyKzRGMG1xZDRyUkRlR2VadFBMSlwvTlVYazRFczRhemxCcE1IR2QxQkJ0dWUiLCJtYWMiOiIzMTZlOTQ3MmE1M2QyOWFjNGFjMzNhY2YyYWQ1OGQ4MDViMWU3MzlhODljZDdmZDk3MjYzNGE1YjU0MjZjYjNmIn0%3D; expires=Fri, 06-Aug-2021 13:49:17 GMT; Max-Age=7200; path=/ c=eyJpdiI6IlFlVCtYeTBqXC9mMWx0OU40eWYzV1RnPT0iLCJ2YWx1ZSI6IkdldTEyT3BZSzV5TjhWR0Fyb3FSdmIrV1dqY1M5QnBGQVZYVTZFNWZWN3o5RzBoZUl6K0xwNW9RWktaRkNlNnoiLCJtYWMiOiJhOWQwNzAxYjNhMDkyYTYxZWQ2YWY1NDUyY2E1ODg1ZTJhMWMxMzNhOTIxNTQyOWQ1NGY0NTQyM2UyM2MyMzkwIn0%3D; expires=Fri, 06-Aug-2021 13:49:17 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a7fa80042f7-FRA

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-192660002-1&cid=1821568338.1628250557&jid=1966526248&gjid=472063975&_gid=1967650473.1628250557&_u=YEBAAEAAAAAAAC~&z=963117473

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 06 Aug 2021 11:49:17 GMT
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 62ms
62ms Script
application/javascript 13.224.96.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77472
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: RYFDOCAc5LNg-KShkuMlNESXwXmaBnQk9huK3S0HKPcsO9IrFsfivw==

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 18ms
17ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-192660002-1&cid=1821568338.1628250557&jid=1966526248&_u=YEBAAEAAAAAAAC~&z=1040288310

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 17ms
17ms Image
image/gif 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-192660002-1&cid=1821568338.1628250557&jid=1966526248&_u=YEBAAEAAAAAAAC~&z=1040288310

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 49ms
49ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.8107537217361933&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 48ms
48ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.3351468569679019
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 01F4 2 KB
1 KB 55ms
55ms Document
text/html 13.224.96.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-92.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: UnGth1ZTAQbJwbmoQMs14o_Tqg2R6D-Uxz1oCYZAdg-dR3YMbzUsdQ==
age: 1683167

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 50ms
49ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:16 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-133"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js Show response
cdn.pushcrew.com/js/ 248 KB
70 KB 127ms
126ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a74b97179203cf3de9b255635c3927c34791cabfe69261cc8d1235c13315e78

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Fri, 06 Aug 2021 12:19:17 GMT

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 47ms
46ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:17 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 49ms
49ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:17 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 47ms
46ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 06 Aug 2021 11:49:17 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 207ms
207ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce98daa46b2bf0d4e89aafcb3be9e993f770a73cea043a55c0d753fee8a2a8e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.0.1628250557.0; _ga=GA1.1.1821568338.1628250557; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IkdkNTFZeVZCVkhDS2VBY3lWNlRtSkE9PSIsInZhbHVlIjoiYVg0Z0M1UGI3NEF4bHZRdmdsR3kyKzRGMG1xZDRyUkRlR2VadFBMSlwvTlVYazRFczRhemxCcE1IR2QxQkJ0dWUiLCJtYWMiOiIzMTZlOTQ3MmE1M2QyOWFjNGFjMzNhY2YyYWQ1OGQ4MDViMWU3MzlhODljZDdmZDk3MjYzNGE1YjU0MjZjYjNmIn0%3D; c=eyJpdiI6IlFlVCtYeTBqXC9mMWx0OU40eWYzV1RnPT0iLCJ2YWx1ZSI6IkdldTEyT3BZSzV5TjhWR0Fyb3FSdmIrV1dqY1M5QnBGQVZYVTZFNWZWN3o5RzBoZUl6K0xwNW9RWktaRkNlNnoiLCJtYWMiOiJhOWQwNzAxYjNhMDkyYTYxZWQ2YWY1NDUyY2E1ODg1ZTJhMWMxMzNhOTIxNTQyOWQ1NGY0NTQyM2UyM2MyMzkwIn0%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjROSWd5cGZiMVdPOFpNOHkyTVRnNVE9PSIsInZhbHVlIjoiSGlUMnY1VFZRekJORmVERk9RNForTW5FN2pFWlhwS1wva2lvSVhtczNYcU5WXC9OUEpnc1h2eVFncFg2QzJVeHkwIiwibWFjIjoiZmNjNGJlM2EyNzA1NzBlZmFjMDZhZTM1YjMxMzI2ZGE2YTNmYzM3Njg2ODhiNjgwOTEyOTA4M2FjMjE4NzBhOCJ9; expires=Fri, 06-Aug-2021 13:49:18 GMT; Max-Age=7200; path=/ c=eyJpdiI6ImI5anNWWmlBWnE4M080bDJ3aGJYTXc9PSIsInZhbHVlIjoia0Y1WWxlKzVYZURIMTROMndVQnFZaGxDT3pcL29ua0JDVlg5T21IYnV6eExDWENQZFVNdk9pa1FjMXpVYUlwakgiLCJtYWMiOiI3OGM4OTUxNjlkNzU0OGU2YTg5NmQyMjg3Yzg2NDZmZTA5M2EwYzI0MzUyMWRjODMyMmVkYTVlYTc1YzUyMmM5In0%3D; expires=Fri, 06-Aug-2021 13:49:18 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 1
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FXte1c9PVoFKUVMg0oas91Z%2BGnFgW504ZoiAHtxqw9vQTDhOCMJksuEf2c4t7g1T1COstkPjLrQXZqDKVaxrj51Gurv9tFEgBZnPR6DgK4yyjv1lPjX8kz%2B0ZvHJgO%2Bx2A0BD1khLX3aYXw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67a80a826ff842f7-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 18ms
17ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.0.1628250557.0; _ga=GA1.1.1821568338.1628250557; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjROSWd5cGZiMVdPOFpNOHkyTVRnNVE9PSIsInZhbHVlIjoiSGlUMnY1VFZRekJORmVERk9RNForTW5FN2pFWlhwS1wva2lvSVhtczNYcU5WXC9OUEpnc1h2eVFncFg2QzJVeHkwIiwibWFjIjoiZmNjNGJlM2EyNzA1NzBlZmFjMDZhZTM1YjMxMzI2ZGE2YTNmYzM3Njg2ODhiNjgwOTEyOTA4M2FjMjE4NzBhOCJ9; c=eyJpdiI6ImI5anNWWmlBWnE4M080bDJ3aGJYTXc9PSIsInZhbHVlIjoia0Y1WWxlKzVYZURIMTROMndVQnFZaGxDT3pcL29ua0JDVlg5T21IYnV6eExDWENQZFVNdk9pa1FjMXpVYUlwakgiLCJtYWMiOiI3OGM4OTUxNjlkNzU0OGU2YTg5NmQyMjg3Yzg2NDZmZTA5M2EwYzI0MzUyMWRjODMyMmVkYTVlYTc1YzUyMmM5In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3669
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S8y3SJG0dqkSH4D%2F%2FvWNLwQMH2cke%2BixkwWV8R%2B2CZnj5RAg3PgbNJAR3%2BS4IbKBhVeLWb9ICXM%2FbxwF2brkdTrZdRL0%2FfZ7qubByu5Zv9xbakKmC2bsm2FlqAaIb1Db233s9DEJzbvNdm4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a83cc1942f7-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
758 B 12ms
11ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.0.1628250557.0; _ga=GA1.1.1821568338.1628250557; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjROSWd5cGZiMVdPOFpNOHkyTVRnNVE9PSIsInZhbHVlIjoiSGlUMnY1VFZRekJORmVERk9RNForTW5FN2pFWlhwS1wva2lvSVhtczNYcU5WXC9OUEpnc1h2eVFncFg2QzJVeHkwIiwibWFjIjoiZmNjNGJlM2EyNzA1NzBlZmFjMDZhZTM1YjMxMzI2ZGE2YTNmYzM3Njg2ODhiNjgwOTEyOTA4M2FjMjE4NzBhOCJ9; c=eyJpdiI6ImI5anNWWmlBWnE4M080bDJ3aGJYTXc9PSIsInZhbHVlIjoia0Y1WWxlKzVYZURIMTROMndVQnFZaGxDT3pcL29ua0JDVlg5T21IYnV6eExDWENQZFVNdk9pa1FjMXpVYUlwakgiLCJtYWMiOiI3OGM4OTUxNjlkNzU0OGU2YTg5NmQyMjg3Yzg2NDZmZTA5M2EwYzI0MzUyMWRjODMyMmVkYTVlYTc1YzUyMmM5In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3669
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VwP2BSz69RdlFtbrheZBX7TVB6lDXxHPuPCimEp6NZ6ZKs1FJQfHFusmhWFOrPL1rdBIs8OFZOR7kEQOdPal%2BQ7oGIzpEKPqAtbkUteMtKj7ZQTleF5U5DWRdw04iTMIZtX9R5sbY7Qptn0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a83cc1c42f7-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 8ms
7ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000049794a1-0060df28ef-12ed1804-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 52ms
51ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 54ms
48ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 54ms
49ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 21ms
18ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.0.1628250557.0; _ga=GA1.1.1821568338.1628250557; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjROSWd5cGZiMVdPOFpNOHkyTVRnNVE9PSIsInZhbHVlIjoiSGlUMnY1VFZRekJORmVERk9RNForTW5FN2pFWlhwS1wva2lvSVhtczNYcU5WXC9OUEpnc1h2eVFncFg2QzJVeHkwIiwibWFjIjoiZmNjNGJlM2EyNzA1NzBlZmFjMDZhZTM1YjMxMzI2ZGE2YTNmYzM3Njg2ODhiNjgwOTEyOTA4M2FjMjE4NzBhOCJ9; c=eyJpdiI6ImI5anNWWmlBWnE4M080bDJ3aGJYTXc9PSIsInZhbHVlIjoia0Y1WWxlKzVYZURIMTROMndVQnFZaGxDT3pcL29ua0JDVlg5T21IYnV6eExDWENQZFVNdk9pa1FjMXpVYUlwakgiLCJtYWMiOiI3OGM4OTUxNjlkNzU0OGU2YTg5NmQyMjg3Yzg2NDZmZTA5M2EwYzI0MzUyMWRjODMyMmVkYTVlYTc1YzUyMmM5In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3668
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:28:14 GMT
server: cloudflare
etag: "610d0ebe-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pMqoFSQFfNI8Y3fUtAptqdciVYrK7Y1XLd4g%2FfE3q1gY%2BsZxHsT3TxRrF09M9xWWQvaJCjQvJTABSKeRhVaiq113%2FqS1oLXH6yyHo6WbetcLVVWsmiV4FcNhfvF42ATkoP72DCEIaErYYn4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a842d7042f7-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 54ms
49ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 55ms
50ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794ba-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 55ms
50ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b6-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 54ms
53ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bc-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 54ms
54ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794be-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 17ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 11ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 11ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bd-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 10ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bc-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bb-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
5ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b8-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a5-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 8ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 9ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a3-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 20ms
18ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.0.1628250557.0; _ga=GA1.1.1821568338.1628250557; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjROSWd5cGZiMVdPOFpNOHkyTVRnNVE9PSIsInZhbHVlIjoiSGlUMnY1VFZRekJORmVERk9RNForTW5FN2pFWlhwS1wva2lvSVhtczNYcU5WXC9OUEpnc1h2eVFncFg2QzJVeHkwIiwibWFjIjoiZmNjNGJlM2EyNzA1NzBlZmFjMDZhZTM1YjMxMzI2ZGE2YTNmYzM3Njg2ODhiNjgwOTEyOTA4M2FjMjE4NzBhOCJ9; c=eyJpdiI6ImI5anNWWmlBWnE4M080bDJ3aGJYTXc9PSIsInZhbHVlIjoia0Y1WWxlKzVYZURIMTROMndVQnFZaGxDT3pcL29ua0JDVlg5T21IYnV6eExDWENQZFVNdk9pa1FjMXpVYUlwakgiLCJtYWMiOiI3OGM4OTUxNjlkNzU0OGU2YTg5NmQyMjg3Yzg2NDZmZTA5M2EwYzI0MzUyMWRjODMyMmVkYTVlYTc1YzUyMmM5In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3668
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qY75FT55CpfJjTZaKzSnJXvQ1cpmSCsjACEZ9mHXoOTI2KHNxc3VeaqLySoIGY0WfmRtdWx3GyU1xM00V05uZVEyu29Cr%2BdNl3oS2kt1G5MvYTTg682jnFQMtmCtRLbftJI%2FHhG8vwszrDc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67a80a842d7342f7-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 11ms
11ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.0.1628250557.0; _ga=GA1.1.1821568338.1628250557; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjROSWd5cGZiMVdPOFpNOHkyTVRnNVE9PSIsInZhbHVlIjoiSGlUMnY1VFZRekJORmVERk9RNForTW5FN2pFWlhwS1wva2lvSVhtczNYcU5WXC9OUEpnc1h2eVFncFg2QzJVeHkwIiwibWFjIjoiZmNjNGJlM2EyNzA1NzBlZmFjMDZhZTM1YjMxMzI2ZGE2YTNmYzM3Njg2ODhiNjgwOTEyOTA4M2FjMjE4NzBhOCJ9; c=eyJpdiI6ImI5anNWWmlBWnE4M080bDJ3aGJYTXc9PSIsInZhbHVlIjoia0Y1WWxlKzVYZURIMTROMndVQnFZaGxDT3pcL29ua0JDVlg5T21IYnV6eExDWENQZFVNdk9pa1FjMXpVYUlwakgiLCJtYWMiOiI3OGM4OTUxNjlkNzU0OGU2YTg5NmQyMjg3Yzg2NDZmZTA5M2EwYzI0MzUyMWRjODMyMmVkYTVlYTc1YzUyMmM5In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 03 Aug 2021 14:21:05 GMT
server: cloudflare
etag: W/"610950d1-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hGXf6uprJTZgTyaryHG%2FcheAIgcQwQdpKjngHgmTnz0lzvPKr0VcCaCLXmG5peHyz%2B3akxbGA6NHpRYgq374bCGbjryoRZ43P3DB5RDNnqRx74lcl3ntco%2FUdHCQv5%2FwYk6o1FkTFgiiuJ0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a83ec8842f7-FRA
vary: Accept-Encoding
expires: Sun, 08 Aug 2021 11:49:18 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 19ms
18ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.0.1628250557.0; _ga=GA1.1.1821568338.1628250557; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjROSWd5cGZiMVdPOFpNOHkyTVRnNVE9PSIsInZhbHVlIjoiSGlUMnY1VFZRekJORmVERk9RNForTW5FN2pFWlhwS1wva2lvSVhtczNYcU5WXC9OUEpnc1h2eVFncFg2QzJVeHkwIiwibWFjIjoiZmNjNGJlM2EyNzA1NzBlZmFjMDZhZTM1YjMxMzI2ZGE2YTNmYzM3Njg2ODhiNjgwOTEyOTA4M2FjMjE4NzBhOCJ9; c=eyJpdiI6ImI5anNWWmlBWnE4M080bDJ3aGJYTXc9PSIsInZhbHVlIjoia0Y1WWxlKzVYZURIMTROMndVQnFZaGxDT3pcL29ua0JDVlg5T21IYnV6eExDWENQZFVNdk9pa1FjMXpVYUlwakgiLCJtYWMiOiI3OGM4OTUxNjlkNzU0OGU2YTg5NmQyMjg3Yzg2NDZmZTA5M2EwYzI0MzUyMWRjODMyMmVkYTVlYTc1YzUyMmM5In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3668
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:36 GMT
server: cloudflare
etag: W/"610d0f4c-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YcYrTP%2BvNv%2BA4RSOgFsPpqizPrNQTvYxUs5Xo2bKTfvVU0qed0tSPobsT3nvnugQL%2FhwB%2BnIZik09ILtDEprJxK4DW8lZoYMCIWV81kPGb8WP4O5OovDIZA6v9jK3yQ0qmVs4ObAmBlTmLQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a83fcc942f7-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 32ms
29ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.0.1628250557.0; _ga=GA1.1.1821568338.1628250557; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjROSWd5cGZiMVdPOFpNOHkyTVRnNVE9PSIsInZhbHVlIjoiSGlUMnY1VFZRekJORmVERk9RNForTW5FN2pFWlhwS1wva2lvSVhtczNYcU5WXC9OUEpnc1h2eVFncFg2QzJVeHkwIiwibWFjIjoiZmNjNGJlM2EyNzA1NzBlZmFjMDZhZTM1YjMxMzI2ZGE2YTNmYzM3Njg2ODhiNjgwOTEyOTA4M2FjMjE4NzBhOCJ9; c=eyJpdiI6ImI5anNWWmlBWnE4M080bDJ3aGJYTXc9PSIsInZhbHVlIjoia0Y1WWxlKzVYZURIMTROMndVQnFZaGxDT3pcL29ua0JDVlg5T21IYnV6eExDWENQZFVNdk9pa1FjMXpVYUlwakgiLCJtYWMiOiI3OGM4OTUxNjlkNzU0OGU2YTg5NmQyMjg3Yzg2NDZmZTA5M2EwYzI0MzUyMWRjODMyMmVkYTVlYTc1YzUyMmM5In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4591
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KaagW5bIz7TIZ27O92vfXpYFXyWfxUgxfXmsiSXyclL%2B73708%2BT16MNavsDDnSxhT0z9yzykUZt5dR%2BqjZF3tErdhY8zhhbkET4dsrb%2FuX62EOlNeTzDrl1RP%2BYb%2FikjVgAclBHYT44OfiM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a842d6942f7-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 37ms
31ms Script
application/javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx00000000000000495929e-0060df28ef-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 55ms
53ms Script
text/plain 18.195.123.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.123.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-123-247.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:18 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 151ms
51ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:18 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 32ms
29ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ebf9aea91580923f108d8e9c9fa03581c3c58fcd1ab8712d4ed593fbde60062

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Jul 2021 15:47:47 GMT
server: cloudflare
age: 4759
etag: W/"61041f23-9787"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jt7KTq0YUiU3DPesonkl9z4g7VPZ11Sh%2FKMzfWdad8LGQxRqCDzK2%2BTuAq5L%2FAWL3ysx%2BogsUzy%2BXWTX1kOedZ8CxRinRX19Uikv5SUvlSb4NlZryMkCVkMPXOlxTKmFIFbGuWkWAQ76gWF8lg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a84484b4401-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
41 KB 18ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ee25e98eb177cc22fba819b261e53fdcdb837d1ca65533dbc186fa9f1f9550a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41863
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Aug 2021 11:49:18 GMT

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 57ms
53ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.4285522956400949
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 0ed6f0c6d2e22fd1494b58c7c5e0312f59e424a298e33e815b5595b37c5de08b

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:17 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 53ms
53ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a8f778-0060df3204-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 46ms
46ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593a6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 9ms
7ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593e6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 18ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

caf7ecf5748d7e3e027c4c06c569b3a6fb8f0f78f0dc3ff8c888b2299747e496

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51136
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:18 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2137
date: Fri, 06 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 98ms
95ms Script
application/javascript 13.224.96.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d4261e9b3b427b4faba85d775a6dbd131cf86cbd42945ba05ae2ebad8f8f36e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: ZRH50-C1
etag: W/4e117f3a38c123981a4b3509540d1697
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-id: FslAVX0gJEKiowCkv6t_8XG5gqTEOtpnn5VVdidPkKVaibFFxHHQnQ==
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 51ms
51ms Fetch
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 14869471898732562513
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 06 Aug 2021 11:49:18 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 55ms
47ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 9a8c26aa75dc6fe20fdbdb751aae58b477b6bdb8669b36cdd67273457040a0fc

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:18 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 55ms
48ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

c324808abd844279b496cecb58f6931d56891d3f48e2b495397dce67f0ba6dea

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 52ms
47ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:18 GMT
Server: nginx/1.19.10
Etag: 4b9f1f3a-fddf-452e-b97a-2e0fb75609fa
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 23ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:18 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 22ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:18 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 23ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:18 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 22ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:18 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 22ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:18 GMT

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 24ms
22ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.0.1628250557.0; _ga=GA1.1.1821568338.1628250557; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjROSWd5cGZiMVdPOFpNOHkyTVRnNVE9PSIsInZhbHVlIjoiSGlUMnY1VFZRekJORmVERk9RNForTW5FN2pFWlhwS1wva2lvSVhtczNYcU5WXC9OUEpnc1h2eVFncFg2QzJVeHkwIiwibWFjIjoiZmNjNGJlM2EyNzA1NzBlZmFjMDZhZTM1YjMxMzI2ZGE2YTNmYzM3Njg2ODhiNjgwOTEyOTA4M2FjMjE4NzBhOCJ9; c=eyJpdiI6ImI5anNWWmlBWnE4M080bDJ3aGJYTXc9PSIsInZhbHVlIjoia0Y1WWxlKzVYZURIMTROMndVQnFZaGxDT3pcL29ua0JDVlg5T21IYnV6eExDWENQZFVNdk9pa1FjMXpVYUlwakgiLCJtYWMiOiI3OGM4OTUxNjlkNzU0OGU2YTg5NmQyMjg3Yzg2NDZmZTA5M2EwYzI0MzUyMWRjODMyMmVkYTVlYTc1YzUyMmM5In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2321
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:55:13 GMT
server: cloudflare
etag: "610d1511-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hxgK5bsei5XymEFBFH8TjWsGKQYuSGhxqyuqRWa%2BHqnTVNBdD4Iv6lsb5dXWe9AWNrnoiZxFGTHIrS2Bltc9BqgmXZDLPeagot46y4lbOQq81RfJxMM0hRpBWvlaVd0OgxZqu84zPjXbTJE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a84df3242f7-FRA

GET
H3-29 200 locate Show response
tgfunnls.org/ 150 B
1 KB 97ms
96ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9444725fb48cd94db4b9c4e1544b3ace3c54ccd0d1a289f124d36b69c9d6a20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6IjROSWd5cGZiMVdPOFpNOHkyTVRnNVE9PSIsInZhbHVlIjoiSGlUMnY1VFZRekJORmVERk9RNForTW5FN2pFWlhwS1wva2lvSVhtczNYcU5WXC9OUEpnc1h2eVFncFg2QzJVeHkwIiwibWFjIjoiZmNjNGJlM2EyNzA1NzBlZmFjMDZhZTM1YjMxMzI2ZGE2YTNmYzM3Njg2ODhiNjgwOTEyOTA4M2FjMjE4NzBhOCJ9
accept-language: en-US
sec-fetch-dest: empty
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.0.1628250557.0; _ga=GA1.1.1821568338.1628250557; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjROSWd5cGZiMVdPOFpNOHkyTVRnNVE9PSIsInZhbHVlIjoiSGlUMnY1VFZRekJORmVERk9RNForTW5FN2pFWlhwS1wva2lvSVhtczNYcU5WXC9OUEpnc1h2eVFncFg2QzJVeHkwIiwibWFjIjoiZmNjNGJlM2EyNzA1NzBlZmFjMDZhZTM1YjMxMzI2ZGE2YTNmYzM3Njg2ODhiNjgwOTEyOTA4M2FjMjE4NzBhOCJ9; c=eyJpdiI6ImI5anNWWmlBWnE4M080bDJ3aGJYTXc9PSIsInZhbHVlIjoia0Y1WWxlKzVYZURIMTROMndVQnFZaGxDT3pcL29ua0JDVlg5T21IYnV6eExDWENQZFVNdk9pa1FjMXpVYUlwakgiLCJtYWMiOiI3OGM4OTUxNjlkNzU0OGU2YTg5NmQyMjg3Yzg2NDZmZTA5M2EwYzI0MzUyMWRjODMyMmVkYTVlYTc1YzUyMmM5In0%3D
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IjROSWd5cGZiMVdPOFpNOHkyTVRnNVE9PSIsInZhbHVlIjoiSGlUMnY1VFZRekJORmVERk9RNForTW5FN2pFWlhwS1wva2lvSVhtczNYcU5WXC9OUEpnc1h2eVFncFg2QzJVeHkwIiwibWFjIjoiZmNjNGJlM2EyNzA1NzBlZmFjMDZhZTM1YjMxMzI2ZGE2YTNmYzM3Njg2ODhiNjgwOTEyOTA4M2FjMjE4NzBhOCJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iipTiRFocMY%2Futxakh3Gdx6SXaxYQwMkpWLa5UR%2FWx9IZAGfK7vfC127tLSsM72Ud27y%2BcCFuLhjMIca8brgeAFdU%2FTEuWi4S29w4ZWFtzwZ1aThA5uUlwa%2BAJPY6CJT9BwQVIwvqs8UiLA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImhhXC82b2I5Q0JEdDZxWU1vUEtnTXZBPT0iLCJ2YWx1ZSI6IlpQZGRPa1ZEU2oyZXZ2SVFHd0RwVjhmSEZqU3N5K1VTTEVUME5lUWxoOGg1THZmbFlYWDVJbmNTVVdkUllLZUIiLCJtYWMiOiI4YjdmMDg2MDViZTUxZWI2NTczMzdlZTdjMjRkNGFiMzdiZWYxZmY5OWU4NDI5ZjIxZTUzY2RjNzA1ODYxNjE4In0%3D; expires=Fri, 06-Aug-2021 13:49:18 GMT; Max-Age=7200; path=/ c=eyJpdiI6IlwvUmNMYXI1TWpmdDhMM3ZJZmlJZ1pBPT0iLCJ2YWx1ZSI6IlpwRTdkdnZQSlViSGJTRStYQkV3OWhvTzZvUzQ2MmVqUmxSYkNHY0ZkVnFGNXNMMDVFNUZydktKNk01ZU9FMWMiLCJtYWMiOiJlMjUwZGFmZjM2MmQwNTA2MzI0ZjgzY2NkZTAzZjA2MjM5ZGVkMTFmNjdlNzMwNmQ5MjQwNDEyNGM3YTQzNjA2In0%3D; expires=Fri, 06-Aug-2021 13:49:18 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a851fca42f7-FRA

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=466696713&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=1821568338.1628250557&tid=UA-192660002-1&_gid=1967650473.1628250557&gtm=2wg840MSK8GMG&z=1558794099

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 05:58:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 21038
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 49ms
49ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:18 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 47ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:18 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK 48034f3c-1c6b-4c40-927e-f0229c07d15e
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/48034f3c-1c6b-4c40-927e-f0229c07d15e
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 17ms
17ms Image
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.4285522956400949
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: b6a6463b285c1fdc27b7022ff01564762e81117074a3f3781cc931fe389afc70

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-f3a3"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62371
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 162ms
161ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D60D53A279C34294A37B44CA833D8B14F&h=fe9b8582c0d96af381d293a2d11d8a7f&t=false&r=0.7202182459615487

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:17 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 52ms
51ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:18 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 47ms
46ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:18 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 194ms
193ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6ImhhXC82b2I5Q0JEdDZxWU1vUEtnTXZBPT0iLCJ2YWx1ZSI6IlpQZGRPa1ZEU2oyZXZ2SVFHd0RwVjhmSEZqU3N5K1VTTEVUME5lUWxoOGg1THZmbFlYWDVJbmNTVVdkUllLZUIiLCJtYWMiOiI4YjdmMDg2MDViZTUxZWI2NTczMzdlZTdjMjRkNGFiMzdiZWYxZmY5OWU4NDI5ZjIxZTUzY2RjNzA1ODYxNjE4In0=
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250558.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6ImhhXC82b2I5Q0JEdDZxWU1vUEtnTXZBPT0iLCJ2YWx1ZSI6IlpQZGRPa1ZEU2oyZXZ2SVFHd0RwVjhmSEZqU3N5K1VTTEVUME5lUWxoOGg1THZmbFlYWDVJbmNTVVdkUllLZUIiLCJtYWMiOiI4YjdmMDg2MDViZTUxZWI2NTczMzdlZTdjMjRkNGFiMzdiZWYxZmY5OWU4NDI5ZjIxZTUzY2RjNzA1ODYxNjE4In0%3D; c=eyJpdiI6IlwvUmNMYXI1TWpmdDhMM3ZJZmlJZ1pBPT0iLCJ2YWx1ZSI6IlpwRTdkdnZQSlViSGJTRStYQkV3OWhvTzZvUzQ2MmVqUmxSYkNHY0ZkVnFGNXNMMDVFNUZydktKNk01ZU9FMWMiLCJtYWMiOiJlMjUwZGFmZjM2MmQwNTA2MzI0ZjgzY2NkZTAzZjA2MjM5ZGVkMTFmNjdlNzMwNmQ5MjQwNDEyNGM3YTQzNjA2In0%3D
content-length: 188
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6ImhhXC82b2I5Q0JEdDZxWU1vUEtnTXZBPT0iLCJ2YWx1ZSI6IlpQZGRPa1ZEU2oyZXZ2SVFHd0RwVjhmSEZqU3N5K1VTTEVUME5lUWxoOGg1THZmbFlYWDVJbmNTVVdkUllLZUIiLCJtYWMiOiI4YjdmMDg2MDViZTUxZWI2NTczMzdlZTdjMjRkNGFiMzdiZWYxZmY5OWU4NDI5ZjIxZTUzY2RjNzA1ODYxNjE4In0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HkTtMUpZt7YpmJNH0Y%2Fi6sn41BC7lO%2BZS1VB%2FgBk67ZoPmGduYPTaNMXqbUr9UkHa9KeZNqVEpKmTp%2Fh6hCR8b3oCsxahHRjS5oQKPSV9%2BXJkGAIf95gTNlwCfmcmVyK3e3QKesqV0sqgGM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IktncnpiblFoOEtvZVQrZnBYdnZjVlE9PSIsInZhbHVlIjoiSGJSM1FWQnZXNWVNaUJJRk4zaEVQaUdQK0Q0UkRWcFVpQ1phRVdKQ25rNmV3alwvaEEranNZN1ZmTVFwUFp1cnMiLCJtYWMiOiJjZjRlOTYxYTQyZWNhZTgxMTY5NTQxZDE3OWJkYjA1ZmE3ODk0NWM1OTU3YzMzNzZhNGFmODZiYWMwNDBiYjMyIn0%3D; expires=Fri, 06-Aug-2021 13:49:18 GMT; Max-Age=7200; path=/ c=eyJpdiI6ImpJQk9HZ3VcL2JVdHE2NVc0OGh2OGtBPT0iLCJ2YWx1ZSI6IkNwUWJGRWpIMnNHNlRCaTVlVkNBbHRuS0dRY2M0MFRSa1dDWEhPY3VvVmx6Q01lemdmM0tyS2haRWtpNUdMWFgiLCJtYWMiOiIxYzFiNjRmYTAzOGU5NTczMDVmOGU2NzlkNGUwMjM3NzkxOGFjNjdlMmEzMDNjZWY4MjdiYzBlMWE0YTg1YjY2In0%3D; expires=Fri, 06-Aug-2021 13:49:18 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a85ea2542f7-FRA

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 62ms
62ms Script
application/javascript 13.224.96.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77473
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: Sc97C-MiKUvOj-SYZsK4l_NZdCzPvLbUoD7cYY6oWnDgiH7XsVeJyg==

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 50ms
50ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.03724364475995401&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 52ms
52ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.8900996990845971
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 6BB2 2 KB
1 KB 57ms
55ms Document
text/html 13.224.96.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-92.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: gat9vnYetvWLOO3b0f1ZMzMDrwmyIHNDwTMcHvucdJ7vyHV5sp47Fg==
age: 1683168

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 48ms
48ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:17 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-133"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js
cdn.pushcrew.com/js/ 248 KB
70 KB 132ms
132ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Fri, 06 Aug 2021 12:19:18 GMT

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 49ms
49ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:18 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 48ms
48ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:18 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 188ms
187ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6124f229d657b23f50eedd2f8ca9483aadd2b2d8a0f80ecc4d4ac2a6356029e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250558.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IktncnpiblFoOEtvZVQrZnBYdnZjVlE9PSIsInZhbHVlIjoiSGJSM1FWQnZXNWVNaUJJRk4zaEVQaUdQK0Q0UkRWcFVpQ1phRVdKQ25rNmV3alwvaEEranNZN1ZmTVFwUFp1cnMiLCJtYWMiOiJjZjRlOTYxYTQyZWNhZTgxMTY5NTQxZDE3OWJkYjA1ZmE3ODk0NWM1OTU3YzMzNzZhNGFmODZiYWMwNDBiYjMyIn0%3D; c=eyJpdiI6ImpJQk9HZ3VcL2JVdHE2NVc0OGh2OGtBPT0iLCJ2YWx1ZSI6IkNwUWJGRWpIMnNHNlRCaTVlVkNBbHRuS0dRY2M0MFRSa1dDWEhPY3VvVmx6Q01lemdmM0tyS2haRWtpNUdMWFgiLCJtYWMiOiIxYzFiNjRmYTAzOGU5NTczMDVmOGU2NzlkNGUwMjM3NzkxOGFjNjdlMmEzMDNjZWY4MjdiYzBlMWE0YTg1YjY2In0%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlFTa20xRGtNT1ZCTGFKNzg0YzdDcXc9PSIsInZhbHVlIjoiSDhTdG5NNWx3VVVzSkxHWHpTTzJBRENHXC9aUFh1dWtJZkwyTWZ1TUYyNCsweEVDZXpBVlJOeVV0NlNDSHZPaXUiLCJtYWMiOiJlZjg1ZTg4OWY1YjljZTI5OTYyZjdjMTAxOTQ2ZWYzODAyNmE0ODU4MmJmNjE2NjkxNjkwZTYyNjZmYzJlZDNiIn0%3D; expires=Fri, 06-Aug-2021 13:49:18 GMT; Max-Age=7200; path=/ c=eyJpdiI6IjdNXC9wSW5LYVc3WVlDaFwvSlhpWHBFUT09IiwidmFsdWUiOiJzclo3bWxvVjNYVUxxaGsxUW5rZWtJb011WHZNVTBtTGlKbW9IRG5JRzJ4emRJWXpkUzByaXVBdGpBMFkxd052IiwibWFjIjoiN2NhNWVjNjM1NWNlYTc2NTk2YWQ0NzliOGQ1YjQ5NWNlY2M2ZWMzNGY4NTk4YjcxMjZkNmEwZWFmOTg5N2Y4ZCJ9; expires=Fri, 06-Aug-2021 13:49:18 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 1
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6DpisJrpZbSHGoc6hOOCpSZrvQkmvLppeK%2B%2BGD%2BEA73EbGwhDns0qXsjKuu7aNgrsjVkyfVjAr%2BRgsznSIuVZP2%2FleiUoBvY7zC3oIABBR%2BD7bB393amxvYCtg8K9l9HHvfnCjvIXTDQOO4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67a80a8858b442f7-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 47ms
47ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 06 Aug 2021 11:49:18 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 18ms
17ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250558.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlFTa20xRGtNT1ZCTGFKNzg0YzdDcXc9PSIsInZhbHVlIjoiSDhTdG5NNWx3VVVzSkxHWHpTTzJBRENHXC9aUFh1dWtJZkwyTWZ1TUYyNCsweEVDZXpBVlJOeVV0NlNDSHZPaXUiLCJtYWMiOiJlZjg1ZTg4OWY1YjljZTI5OTYyZjdjMTAxOTQ2ZWYzODAyNmE0ODU4MmJmNjE2NjkxNjkwZTYyNjZmYzJlZDNiIn0%3D; c=eyJpdiI6IjdNXC9wSW5LYVc3WVlDaFwvSlhpWHBFUT09IiwidmFsdWUiOiJzclo3bWxvVjNYVUxxaGsxUW5rZWtJb011WHZNVTBtTGlKbW9IRG5JRzJ4emRJWXpkUzByaXVBdGpBMFkxd052IiwibWFjIjoiN2NhNWVjNjM1NWNlYTc2NTk2YWQ0NzliOGQ1YjQ5NWNlY2M2ZWMzNGY4NTk4YjcxMjZkNmEwZWFmOTg5N2Y4ZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3669
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CDn55axnYq4YGB44fuD97Ji%2FsHh7EnWwgIt6mTvWd3CDIDZkjpLkVZ4y8Ba9IKJBHqAWAsgCBktW51LvhGxRg%2BOyfdHq%2B%2BqCz5wXObN2Z3Awbl%2B98aim83hiNql3%2BXby81EyiGv4WReOSis%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a899bed42f7-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
762 B 15ms
14ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250558.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlFTa20xRGtNT1ZCTGFKNzg0YzdDcXc9PSIsInZhbHVlIjoiSDhTdG5NNWx3VVVzSkxHWHpTTzJBRENHXC9aUFh1dWtJZkwyTWZ1TUYyNCsweEVDZXpBVlJOeVV0NlNDSHZPaXUiLCJtYWMiOiJlZjg1ZTg4OWY1YjljZTI5OTYyZjdjMTAxOTQ2ZWYzODAyNmE0ODU4MmJmNjE2NjkxNjkwZTYyNjZmYzJlZDNiIn0%3D; c=eyJpdiI6IjdNXC9wSW5LYVc3WVlDaFwvSlhpWHBFUT09IiwidmFsdWUiOiJzclo3bWxvVjNYVUxxaGsxUW5rZWtJb011WHZNVTBtTGlKbW9IRG5JRzJ4emRJWXpkUzByaXVBdGpBMFkxd052IiwibWFjIjoiN2NhNWVjNjM1NWNlYTc2NTk2YWQ0NzliOGQ1YjQ5NWNlY2M2ZWMzNGY4NTk4YjcxMjZkNmEwZWFmOTg5N2Y4ZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3669
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oHQA9319pI64trJDZkL1PJgX2UitNpLHgnsllhyXOWUlYociro92Jp5VkHqe5fE3yRJmxkxgUcWYD%2B5knsC%2B6aH0taEUqTFUzQlRAFZCjObdPjhFSvJCE7X4b5jK3AZ0TnKWmVT%2BDLQPl%2B8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a899bf342f7-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 9ms
8ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000049794a1-0060df28ef-12ed1804-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:18 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 52ms
51ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 26ms
26ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 25ms
19ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 18ms
13ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250558.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlFTa20xRGtNT1ZCTGFKNzg0YzdDcXc9PSIsInZhbHVlIjoiSDhTdG5NNWx3VVVzSkxHWHpTTzJBRENHXC9aUFh1dWtJZkwyTWZ1TUYyNCsweEVDZXpBVlJOeVV0NlNDSHZPaXUiLCJtYWMiOiJlZjg1ZTg4OWY1YjljZTI5OTYyZjdjMTAxOTQ2ZWYzODAyNmE0ODU4MmJmNjE2NjkxNjkwZTYyNjZmYzJlZDNiIn0%3D; c=eyJpdiI6IjdNXC9wSW5LYVc3WVlDaFwvSlhpWHBFUT09IiwidmFsdWUiOiJzclo3bWxvVjNYVUxxaGsxUW5rZWtJb011WHZNVTBtTGlKbW9IRG5JRzJ4emRJWXpkUzByaXVBdGpBMFkxd052IiwibWFjIjoiN2NhNWVjNjM1NWNlYTc2NTk2YWQ0NzliOGQ1YjQ5NWNlY2M2ZWMzNGY4NTk4YjcxMjZkNmEwZWFmOTg5N2Y4ZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3669
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:28:14 GMT
server: cloudflare
etag: "610d0ebe-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jhvLoz6gpzv%2B2HsCBD5nfXQCrrI1i5QpS2WzeRKoQR9h9Szsb6Zc%2FbF7zbH5xMSPSdk%2FVS9NodmggLtgecyVm4PaQWpNWi3T19g2jJ%2F%2FH5dl5OJGr6qS2mxLFPvqeasY37UlQeuCtbRwyww%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a89fd0742f7-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 25ms
20ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 25ms
20ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794ba-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 25ms
20ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b6-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 20ms
20ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bc-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 22ms
21ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794be-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 10ms
5ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 8ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bd-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 8ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bc-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bb-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
5ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b8-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a5-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 7ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 7ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a3-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 21ms
19ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250558.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlFTa20xRGtNT1ZCTGFKNzg0YzdDcXc9PSIsInZhbHVlIjoiSDhTdG5NNWx3VVVzSkxHWHpTTzJBRENHXC9aUFh1dWtJZkwyTWZ1TUYyNCsweEVDZXpBVlJOeVV0NlNDSHZPaXUiLCJtYWMiOiJlZjg1ZTg4OWY1YjljZTI5OTYyZjdjMTAxOTQ2ZWYzODAyNmE0ODU4MmJmNjE2NjkxNjkwZTYyNjZmYzJlZDNiIn0%3D; c=eyJpdiI6IjdNXC9wSW5LYVc3WVlDaFwvSlhpWHBFUT09IiwidmFsdWUiOiJzclo3bWxvVjNYVUxxaGsxUW5rZWtJb011WHZNVTBtTGlKbW9IRG5JRzJ4emRJWXpkUzByaXVBdGpBMFkxd052IiwibWFjIjoiN2NhNWVjNjM1NWNlYTc2NTk2YWQ0NzliOGQ1YjQ5NWNlY2M2ZWMzNGY4NTk4YjcxMjZkNmEwZWFmOTg5N2Y4ZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3669
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2FMEa50Qlg3QtNAQg6cFhO0l1mlskrtpPI6ODR8ojYsbzmr3BvPa2ID4n6YYbQ74T7fhFb1g8nTQP1EcDc2vQNtmO1%2FBC7B%2BYloyJW4rG6JNxqO9LomysQYSMjKC8dFFpZn0ks2qh5woTvQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67a80a89fd0b42f7-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 8ms
8ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250558.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlFTa20xRGtNT1ZCTGFKNzg0YzdDcXc9PSIsInZhbHVlIjoiSDhTdG5NNWx3VVVzSkxHWHpTTzJBRENHXC9aUFh1dWtJZkwyTWZ1TUYyNCsweEVDZXpBVlJOeVV0NlNDSHZPaXUiLCJtYWMiOiJlZjg1ZTg4OWY1YjljZTI5OTYyZjdjMTAxOTQ2ZWYzODAyNmE0ODU4MmJmNjE2NjkxNjkwZTYyNjZmYzJlZDNiIn0%3D; c=eyJpdiI6IjdNXC9wSW5LYVc3WVlDaFwvSlhpWHBFUT09IiwidmFsdWUiOiJzclo3bWxvVjNYVUxxaGsxUW5rZWtJb011WHZNVTBtTGlKbW9IRG5JRzJ4emRJWXpkUzByaXVBdGpBMFkxd052IiwibWFjIjoiN2NhNWVjNjM1NWNlYTc2NTk2YWQ0NzliOGQ1YjQ5NWNlY2M2ZWMzNGY4NTk4YjcxMjZkNmEwZWFmOTg5N2Y4ZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 03 Aug 2021 14:21:05 GMT
server: cloudflare
etag: W/"610950d1-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cfxvprDehAYU2ZFkLUUFJH23xRbvYrffb34R%2BVxkMr25hYL%2FGNs0bPdEVg3D5UCLJtlePCrBoStv2nD0gqLxZJnuNll%2BvibR8qOwJYKSvbXhV%2BtVFDZz%2BneiAxDoapPQeLuC6kiiySaNaWE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a89bc4242f7-FRA
vary: Accept-Encoding
expires: Sun, 08 Aug 2021 11:49:18 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 13ms
12ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250558.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlFTa20xRGtNT1ZCTGFKNzg0YzdDcXc9PSIsInZhbHVlIjoiSDhTdG5NNWx3VVVzSkxHWHpTTzJBRENHXC9aUFh1dWtJZkwyTWZ1TUYyNCsweEVDZXpBVlJOeVV0NlNDSHZPaXUiLCJtYWMiOiJlZjg1ZTg4OWY1YjljZTI5OTYyZjdjMTAxOTQ2ZWYzODAyNmE0ODU4MmJmNjE2NjkxNjkwZTYyNjZmYzJlZDNiIn0%3D; c=eyJpdiI6IjdNXC9wSW5LYVc3WVlDaFwvSlhpWHBFUT09IiwidmFsdWUiOiJzclo3bWxvVjNYVUxxaGsxUW5rZWtJb011WHZNVTBtTGlKbW9IRG5JRzJ4emRJWXpkUzByaXVBdGpBMFkxd052IiwibWFjIjoiN2NhNWVjNjM1NWNlYTc2NTk2YWQ0NzliOGQ1YjQ5NWNlY2M2ZWMzNGY4NTk4YjcxMjZkNmEwZWFmOTg5N2Y4ZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3669
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:36 GMT
server: cloudflare
etag: W/"610d0f4c-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yqOukDUDzHaCoyaSO%2FdfCHbYidn0uex7kTQ2qKxYdB4l5NHvro6M2ZaE4B7CDa2rsLTXAl94d6357BnL86sxYY%2Fa9MTFYygjpcGCJPdd2fmMeZw9cYtHPm%2Fr3V1rEPkWRqIQQ23nDfNvlPU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a89cc5e42f7-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 25ms
24ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250558.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlFTa20xRGtNT1ZCTGFKNzg0YzdDcXc9PSIsInZhbHVlIjoiSDhTdG5NNWx3VVVzSkxHWHpTTzJBRENHXC9aUFh1dWtJZkwyTWZ1TUYyNCsweEVDZXpBVlJOeVV0NlNDSHZPaXUiLCJtYWMiOiJlZjg1ZTg4OWY1YjljZTI5OTYyZjdjMTAxOTQ2ZWYzODAyNmE0ODU4MmJmNjE2NjkxNjkwZTYyNjZmYzJlZDNiIn0%3D; c=eyJpdiI6IjdNXC9wSW5LYVc3WVlDaFwvSlhpWHBFUT09IiwidmFsdWUiOiJzclo3bWxvVjNYVUxxaGsxUW5rZWtJb011WHZNVTBtTGlKbW9IRG5JRzJ4emRJWXpkUzByaXVBdGpBMFkxd052IiwibWFjIjoiN2NhNWVjNjM1NWNlYTc2NTk2YWQ0NzliOGQ1YjQ5NWNlY2M2ZWMzNGY4NTk4YjcxMjZkNmEwZWFmOTg5N2Y4ZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4592
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vgfjpwOPOtMnRFsuX0C8V3pliGsQuGTivYB7H3bBbiDwWYDHlbiFuMHhFYe0TfUsOkonjOSI1fwjGlgp8BX1%2BSXW7QiVqSGnyTVnd%2BQwlFP4y1aW3fK8XTdml1OpLa1vGhQzx1sdShYJnOo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a89dcaa42f7-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 8ms
8ms Script
application/javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx00000000000000495929e-0060df28ef-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 55ms
52ms Script
text/plain 18.195.123.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.123.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-123-247.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:19 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 156ms
55ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:19 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 36ms
34ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ebf9aea91580923f108d8e9c9fa03581c3c58fcd1ab8712d4ed593fbde60062

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Jul 2021 15:47:47 GMT
server: cloudflare
age: 4760
etag: W/"61041f23-9787"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lor171Z8gzD%2F7Y1qMNCeuAvNJpY0wm4C%2FKm3IZThE%2FcRvHaLQAUJ%2Bx3GAhcHGYWMiYfgNrMT1mPWcqfABRR2B6isS%2BMyGhArqgOzjd5zA2IwpA13vR56ILImdX3OnWtjJxz96TAan5M7zmeuJg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a8a0f2a4401-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
41 KB 17ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ee25e98eb177cc22fba819b261e53fdcdb837d1ca65533dbc186fa9f1f9550a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41863
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Aug 2021 11:49:19 GMT

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 53ms
50ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.2644902488320784
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 64c924f64573f3224c8eefc46d3a01b0209e61c65dddc4f35d635faa74c96cb6

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:19 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 21ms
20ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a8f778-0060df3204-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 18ms
17ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593a6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 8ms
7ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593e6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:19 GMT

GET
H3-29 200 locate Show response
tgfunnls.org/ 141 B
1 KB 88ms
87ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6ffea4eb17e3268759f83f8abca64a9ed7755ff19d8d6b05e7aa354ae6d4f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6IlFTa20xRGtNT1ZCTGFKNzg0YzdDcXc9PSIsInZhbHVlIjoiSDhTdG5NNWx3VVVzSkxHWHpTTzJBRENHXC9aUFh1dWtJZkwyTWZ1TUYyNCsweEVDZXpBVlJOeVV0NlNDSHZPaXUiLCJtYWMiOiJlZjg1ZTg4OWY1YjljZTI5OTYyZjdjMTAxOTQ2ZWYzODAyNmE0ODU4MmJmNjE2NjkxNjkwZTYyNjZmYzJlZDNiIn0=
accept-language: en-US
sec-fetch-dest: empty
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250558.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlFTa20xRGtNT1ZCTGFKNzg0YzdDcXc9PSIsInZhbHVlIjoiSDhTdG5NNWx3VVVzSkxHWHpTTzJBRENHXC9aUFh1dWtJZkwyTWZ1TUYyNCsweEVDZXpBVlJOeVV0NlNDSHZPaXUiLCJtYWMiOiJlZjg1ZTg4OWY1YjljZTI5OTYyZjdjMTAxOTQ2ZWYzODAyNmE0ODU4MmJmNjE2NjkxNjkwZTYyNjZmYzJlZDNiIn0%3D; c=eyJpdiI6IjdNXC9wSW5LYVc3WVlDaFwvSlhpWHBFUT09IiwidmFsdWUiOiJzclo3bWxvVjNYVUxxaGsxUW5rZWtJb011WHZNVTBtTGlKbW9IRG5JRzJ4emRJWXpkUzByaXVBdGpBMFkxd052IiwibWFjIjoiN2NhNWVjNjM1NWNlYTc2NTk2YWQ0NzliOGQ1YjQ5NWNlY2M2ZWMzNGY4NTk4YjcxMjZkNmEwZWFmOTg5N2Y4ZCJ9
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IlFTa20xRGtNT1ZCTGFKNzg0YzdDcXc9PSIsInZhbHVlIjoiSDhTdG5NNWx3VVVzSkxHWHpTTzJBRENHXC9aUFh1dWtJZkwyTWZ1TUYyNCsweEVDZXpBVlJOeVV0NlNDSHZPaXUiLCJtYWMiOiJlZjg1ZTg4OWY1YjljZTI5OTYyZjdjMTAxOTQ2ZWYzODAyNmE0ODU4MmJmNjE2NjkxNjkwZTYyNjZmYzJlZDNiIn0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t8Ko5NSY4wIhq9Gqa1chlSY0Sid%2FWQsgSCZWJZd9SNKyDpK7209fkqpftaNmt0kIupJ9KZnjDkR0wmaSoHc7oOwm%2B2uTsfaVACqkWNa5v%2BIjGL2Gf6xoxGmECQuaTvLh0dpMKjytuIgPmSE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImoyUVhVMWtvSGY0UjhCMXp1alJBTGc9PSIsInZhbHVlIjoiZVJOZnBqUEJkYXI1Tklnb25HbVU4Slh2eWx4ZjUzemRXM3VKSlJKZ2N5OEtvVXBWSmRxQk9kZktcL0JpRDhsMzciLCJtYWMiOiJlYTQ3NTFhZDg1MDNhMzExM2ZhZmNlNzMxZGRkNDkwNmIzNmJjZjgyMmFlMjg3ZjY5OGQyNzM3YmQ2NDNjYWE5In0%3D; expires=Fri, 06-Aug-2021 13:49:19 GMT; Max-Age=7200; path=/ c=eyJpdiI6IkxabnF5YUFMUWhsc3ZkVmJkbTFcL2R3PT0iLCJ2YWx1ZSI6ImljWE4xQUhYc29NdCtQTW0zZ3g3cEc0SjU0NkNNNmxhMGNjbVg5QTduQ1YweW1EdzBCXC9PanhEenE1ZWRzeWJHIiwibWFjIjoiZTc4NzA4ZTA3Y2Q1OTE0ZmIyOWNlZTZkYzQyNTNlNTU0YmI1OWE3ZTliYTU2YmI4NWUxNjI2YWM5MGI2ZTlhZCJ9; expires=Fri, 06-Aug-2021 13:49:19 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a8a9efa42f7-FRA

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 13ms
12ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250558.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlFTa20xRGtNT1ZCTGFKNzg0YzdDcXc9PSIsInZhbHVlIjoiSDhTdG5NNWx3VVVzSkxHWHpTTzJBRENHXC9aUFh1dWtJZkwyTWZ1TUYyNCsweEVDZXpBVlJOeVV0NlNDSHZPaXUiLCJtYWMiOiJlZjg1ZTg4OWY1YjljZTI5OTYyZjdjMTAxOTQ2ZWYzODAyNmE0ODU4MmJmNjE2NjkxNjkwZTYyNjZmYzJlZDNiIn0%3D; c=eyJpdiI6IjdNXC9wSW5LYVc3WVlDaFwvSlhpWHBFUT09IiwidmFsdWUiOiJzclo3bWxvVjNYVUxxaGsxUW5rZWtJb011WHZNVTBtTGlKbW9IRG5JRzJ4emRJWXpkUzByaXVBdGpBMFkxd052IiwibWFjIjoiN2NhNWVjNjM1NWNlYTc2NTk2YWQ0NzliOGQ1YjQ5NWNlY2M2ZWMzNGY4NTk4YjcxMjZkNmEwZWFmOTg5N2Y4ZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2322
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:55:13 GMT
server: cloudflare
etag: "610d1511-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=axjEF5ai9fkwyRL%2FCUdAxLM%2Ffjgzkrtp1BgiNDmaJmUw0SdCJvdOfh7V47eFKqoA7NjmoIA1N9l34Ab%2FechDdg5Y%2BXSequvCdduy4rGpyM0rVO55uNTBOrjuwaZMcqOBEzCT04JpUEIMZus%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a8a9efd42f7-FRA

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

caf7ecf5748d7e3e027c4c06c569b3a6fb8f0f78f0dc3ff8c888b2299747e496

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51136
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:19 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2138
date: Fri, 06 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 59ms
59ms Script
application/javascript 13.224.96.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d4261e9b3b427b4faba85d775a6dbd131cf86cbd42945ba05ae2ebad8f8f36e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 1
etag: W/4e117f3a38c123981a4b3509540d1697
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: KtZr178JoY1UA-XIgjeZu7Gb0aXJqVQBcXmk4vQNfnJajNSAsvQpEw==
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)

GET
BLOB 200
OK ca502306-cc03-487b-9eb4-69bbfe68a778
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/ca502306-cc03-487b-9eb4-69bbfe68a778
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 24ms
20ms Image
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 39ms
39ms Fetch
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 14869471898732562513
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 06 Aug 2021 11:49:19 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 47ms
46ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: ae29248a54f3b87e80919c54b6b53cdf2950692f9dc8bbefccbc5a00137d259d

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:19 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 50ms
50ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

c239ab34869f0b6f2f4d314f914bb75dc3553a48aeb8290f5ef8f55344c5c239

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 47ms
47ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:19 GMT
Server: nginx/1.19.10
Etag: 0a3f540e-efe0-4b13-b272-86bb96d11c5a
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 17ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:19 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 17ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:19 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 17ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:19 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 16ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:19 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 18ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:19 GMT

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.2644902488320784
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: b6a6463b285c1fdc27b7022ff01564762e81117074a3f3781cc931fe389afc70

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-f3a3"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62371
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 121ms
121ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D60D53A279C34294A37B44CA833D8B14F&h=fe9b8582c0d96af381d293a2d11d8a7f&t=false&r=0.549519475992484

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:19 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 48ms
48ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:19 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 47ms
46ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:19 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 175ms
175ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6ImoyUVhVMWtvSGY0UjhCMXp1alJBTGc9PSIsInZhbHVlIjoiZVJOZnBqUEJkYXI1Tklnb25HbVU4Slh2eWx4ZjUzemRXM3VKSlJKZ2N5OEtvVXBWSmRxQk9kZktcL0JpRDhsMzciLCJtYWMiOiJlYTQ3NTFhZDg1MDNhMzExM2ZhZmNlNzMxZGRkNDkwNmIzNmJjZjgyMmFlMjg3ZjY5OGQyNzM3YmQ2NDNjYWE5In0=
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250558.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6ImoyUVhVMWtvSGY0UjhCMXp1alJBTGc9PSIsInZhbHVlIjoiZVJOZnBqUEJkYXI1Tklnb25HbVU4Slh2eWx4ZjUzemRXM3VKSlJKZ2N5OEtvVXBWSmRxQk9kZktcL0JpRDhsMzciLCJtYWMiOiJlYTQ3NTFhZDg1MDNhMzExM2ZhZmNlNzMxZGRkNDkwNmIzNmJjZjgyMmFlMjg3ZjY5OGQyNzM3YmQ2NDNjYWE5In0%3D; c=eyJpdiI6IkxabnF5YUFMUWhsc3ZkVmJkbTFcL2R3PT0iLCJ2YWx1ZSI6ImljWE4xQUhYc29NdCtQTW0zZ3g3cEc0SjU0NkNNNmxhMGNjbVg5QTduQ1YweW1EdzBCXC9PanhEenE1ZWRzeWJHIiwibWFjIjoiZTc4NzA4ZTA3Y2Q1OTE0ZmIyOWNlZTZkYzQyNTNlNTU0YmI1OWE3ZTliYTU2YmI4NWUxNjI2YWM5MGI2ZTlhZCJ9
content-length: 179
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6ImoyUVhVMWtvSGY0UjhCMXp1alJBTGc9PSIsInZhbHVlIjoiZVJOZnBqUEJkYXI1Tklnb25HbVU4Slh2eWx4ZjUzemRXM3VKSlJKZ2N5OEtvVXBWSmRxQk9kZktcL0JpRDhsMzciLCJtYWMiOiJlYTQ3NTFhZDg1MDNhMzExM2ZhZmNlNzMxZGRkNDkwNmIzNmJjZjgyMmFlMjg3ZjY5OGQyNzM3YmQ2NDNjYWE5In0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6lxxUGHg%2BxdNqQKTsRePJr06vj80WBz9jMfkPmVmP4WIDkjVEtiR1olMG5Qd4blvf5lYFavdvj5i43PLwk1Srpl8lHFH%2B%2BCyFQCm7LsvwiF59A4rYPN1PzwyzNOsk%2B8U9%2FDW6gWFW1SMOXg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImRIa2M4Q2R0V1FPaXo1NzZaYnp6NVE9PSIsInZhbHVlIjoiWXFZRGFVbHFEVVRtMHlBRjhFTTlBdUpzZVJsVlEyUyt1UlpSUmF1TzZpRFRpUFZsUVJ6eXZNRXZibG5kWXZDMyIsIm1hYyI6IjkxNjI2YmFiYjcyODgyOWNjZDlkZjJjOWIyYjQwMDBmNGQwNjc1NDI1YTVlNWI0ZWZkY2E0YTk5OTc2ZjA2YjgifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:19 GMT; Max-Age=7200; path=/ c=eyJpdiI6ImpQempcL1lsUTQ4OUdxaVdkTE5NTGtRPT0iLCJ2YWx1ZSI6Inhyd05xUzE1djNuM2U5VVFQc0t4Z0VPZjJHRnhWb0Q3Um1xYktrXC9ROWRIckdrUU5ub1BleGFuYURUNTFYTmZyIiwibWFjIjoiNjUzMjExMzAyMDYxZGI2ZTkxMTZmMDFmNDViN2JjMGI2M2M0OWI1OTM2OGE4N2RjMTdmMjUwM2UwZDc5YjNiYyJ9; expires=Fri, 06-Aug-2021 13:49:19 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a8b48b042f7-FRA

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=1619255543&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=1821568338.1628250557&tid=UA-192660002-1&_gid=1967650473.1628250557&gtm=2wg840MSK8GMG&z=1428660784

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 05:58:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 21039
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 62ms
62ms Script
application/javascript 13.224.96.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77474
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: uHBJJVKiV7_iziLXvioj0d1AR3pBmmkklcqP1p6blV8A58YsTbFmLA==

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 47ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:19 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 48ms
48ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:19 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 49ms
49ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.30098401697998245&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 122ms
122ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.6730528982505806
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame B7DF 2 KB
1 KB 55ms
55ms Document
text/html 13.224.96.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-92.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: iK-T2LfhOv_XbKkSgF05WgwTFpjJIXKvCaEje7mcq_UNeTk3lPd2Gw==
age: 1683169

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 48ms
48ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-133"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js Show response
cdn.pushcrew.com/js/ 248 KB
70 KB 127ms
127ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a74b97179203cf3de9b255635c3927c34791cabfe69261cc8d1235c13315e78

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:19 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Fri, 06 Aug 2021 12:19:19 GMT

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 49ms
49ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:19 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 47ms
46ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:19 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 47ms
46ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 06 Aug 2021 11:49:19 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 223ms
223ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3da749b4b3bcdde3e32aa66d865691cd2a2cd980eb1b07ae6a8549fa90755593

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250559.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6ImRIa2M4Q2R0V1FPaXo1NzZaYnp6NVE9PSIsInZhbHVlIjoiWXFZRGFVbHFEVVRtMHlBRjhFTTlBdUpzZVJsVlEyUyt1UlpSUmF1TzZpRFRpUFZsUVJ6eXZNRXZibG5kWXZDMyIsIm1hYyI6IjkxNjI2YmFiYjcyODgyOWNjZDlkZjJjOWIyYjQwMDBmNGQwNjc1NDI1YTVlNWI0ZWZkY2E0YTk5OTc2ZjA2YjgifQ%3D%3D; c=eyJpdiI6ImpQempcL1lsUTQ4OUdxaVdkTE5NTGtRPT0iLCJ2YWx1ZSI6Inhyd05xUzE1djNuM2U5VVFQc0t4Z0VPZjJHRnhWb0Q3Um1xYktrXC9ROWRIckdrUU5ub1BleGFuYURUNTFYTmZyIiwibWFjIjoiNjUzMjExMzAyMDYxZGI2ZTkxMTZmMDFmNDViN2JjMGI2M2M0OWI1OTM2OGE4N2RjMTdmMjUwM2UwZDc5YjNiYyJ9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImdGU2pxY2ZmeWRVaFVGNmdQcWt3cVE9PSIsInZhbHVlIjoiKzhIT3RaMFBEZGh5QU11amZPMFlsSE4yVDlQaTRKa2RVXC95RWk1REZRNlQxbkxIOW8yMkhmZjNFVlpNVUc4Q2MiLCJtYWMiOiI5MGI0ZDQ2MTkyZTIwMjcwNGY3MWFkM2IwMTQ3NGRhMzMyZjlhZWUyNTVlOThkNGFkMTg2ZmVhZjQ5NjcxMGRiIn0%3D; expires=Fri, 06-Aug-2021 13:49:20 GMT; Max-Age=7200; path=/ c=eyJpdiI6IlwvSXdRakJOUHlpall1MGRiTWJYY29RPT0iLCJ2YWx1ZSI6Ikl0NHhRaFc2TlRNV1JMODRZM2xlbXM5VnJVWHNHam5FUkNjZTNnYXBwUldvQ3Z5YzZ2aHRUd0hHcEtWTEtcL3BsIiwibWFjIjoiMThkN2FmZDQxZGY3NjVmMWY2ZDVjMzAzYmI2YjM5YTA5M2VhYjgwNzc4YjY0ZWVlYjZkMjYzY2E3OWM5MDc2NCJ9; expires=Fri, 06-Aug-2021 13:49:20 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 1
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4YpyPaxZuI1ECcdwkakl6dlQxrLhkbqr6PJsQ59UN5VhiOnlHYcLsWI6iHH0Jv8%2FCgMTwFIBVtlKwlIV50gBLVPo76zOq1upLQTpBLbaQBHsW99hnCjvKLGM7W0LoteGzRZMZZ8Tb4DQsSE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67a80a8f0b6042f7-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 13ms
13ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250559.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6ImdGU2pxY2ZmeWRVaFVGNmdQcWt3cVE9PSIsInZhbHVlIjoiKzhIT3RaMFBEZGh5QU11amZPMFlsSE4yVDlQaTRKa2RVXC95RWk1REZRNlQxbkxIOW8yMkhmZjNFVlpNVUc4Q2MiLCJtYWMiOiI5MGI0ZDQ2MTkyZTIwMjcwNGY3MWFkM2IwMTQ3NGRhMzMyZjlhZWUyNTVlOThkNGFkMTg2ZmVhZjQ5NjcxMGRiIn0%3D; c=eyJpdiI6IlwvSXdRakJOUHlpall1MGRiTWJYY29RPT0iLCJ2YWx1ZSI6Ikl0NHhRaFc2TlRNV1JMODRZM2xlbXM5VnJVWHNHam5FUkNjZTNnYXBwUldvQ3Z5YzZ2aHRUd0hHcEtWTEtcL3BsIiwibWFjIjoiMThkN2FmZDQxZGY3NjVmMWY2ZDVjMzAzYmI2YjM5YTA5M2VhYjgwNzc4YjY0ZWVlYjZkMjYzY2E3OWM5MDc2NCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3671
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dGiIr5Whaqyaxu%2BWVPbaiP1sFXp%2B2%2BAcGWlKeavW1N%2FK5eKK47YSdgAilWwFhfNLA9FmXcN4y%2FJdOtN2%2FQ%2B%2FCUFXkukidX1W9z07Nqbdi4F5fLJV4R2HnGKBJDSybrZibrbZiXLFgL%2BjgqQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a906efc42f7-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
763 B 12ms
12ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250559.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6ImdGU2pxY2ZmeWRVaFVGNmdQcWt3cVE9PSIsInZhbHVlIjoiKzhIT3RaMFBEZGh5QU11amZPMFlsSE4yVDlQaTRKa2RVXC95RWk1REZRNlQxbkxIOW8yMkhmZjNFVlpNVUc4Q2MiLCJtYWMiOiI5MGI0ZDQ2MTkyZTIwMjcwNGY3MWFkM2IwMTQ3NGRhMzMyZjlhZWUyNTVlOThkNGFkMTg2ZmVhZjQ5NjcxMGRiIn0%3D; c=eyJpdiI6IlwvSXdRakJOUHlpall1MGRiTWJYY29RPT0iLCJ2YWx1ZSI6Ikl0NHhRaFc2TlRNV1JMODRZM2xlbXM5VnJVWHNHam5FUkNjZTNnYXBwUldvQ3Z5YzZ2aHRUd0hHcEtWTEtcL3BsIiwibWFjIjoiMThkN2FmZDQxZGY3NjVmMWY2ZDVjMzAzYmI2YjM5YTA5M2VhYjgwNzc4YjY0ZWVlYjZkMjYzY2E3OWM5MDc2NCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3671
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uh%2BuZNTKk5nQ3YbEibW3rLmvssvnB1156jnOZs7sUKcXhG3V88LCMs%2FtAcwkltkXIMQ4G8lhPPhAHyraFREX8%2BihiarDzAA%2FGsPbdFj4ZZUTAfonLeGtwYfqmgkJl2NYSAt1i%2F%2FnmxNuEh4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a906eff42f7-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 9ms
8ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000049794a1-0060df28ef-12ed1804-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 50ms
50ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 26ms
22ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 26ms
23ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 16ms
13ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250559.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6ImdGU2pxY2ZmeWRVaFVGNmdQcWt3cVE9PSIsInZhbHVlIjoiKzhIT3RaMFBEZGh5QU11amZPMFlsSE4yVDlQaTRKa2RVXC95RWk1REZRNlQxbkxIOW8yMkhmZjNFVlpNVUc4Q2MiLCJtYWMiOiI5MGI0ZDQ2MTkyZTIwMjcwNGY3MWFkM2IwMTQ3NGRhMzMyZjlhZWUyNTVlOThkNGFkMTg2ZmVhZjQ5NjcxMGRiIn0%3D; c=eyJpdiI6IlwvSXdRakJOUHlpall1MGRiTWJYY29RPT0iLCJ2YWx1ZSI6Ikl0NHhRaFc2TlRNV1JMODRZM2xlbXM5VnJVWHNHam5FUkNjZTNnYXBwUldvQ3Z5YzZ2aHRUd0hHcEtWTEtcL3BsIiwibWFjIjoiMThkN2FmZDQxZGY3NjVmMWY2ZDVjMzAzYmI2YjM5YTA5M2VhYjgwNzc4YjY0ZWVlYjZkMjYzY2E3OWM5MDc2NCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3670
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:28:14 GMT
server: cloudflare
etag: "610d0ebe-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SOmBWG2EYy%2FzwwKEIV2u7mKAA7%2BLNAznocto561MK6BMTwcIaw35Pp8ESg3hqBXMnOjWFTT4rj3jHRHGeG%2Ba7TzwheMHdauspHy8l9Lz7fwTIh82BPCDo0VFPjxH%2FY5ZPnqwGhs92w4w3bs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a90cfd942f7-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 26ms
23ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 26ms
23ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794ba-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 27ms
24ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b6-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 16ms
15ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bc-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 16ms
16ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794be-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 8ms
5ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 7ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bd-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 8ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bc-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bb-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
5ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
5ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b8-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a5-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 8ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 8ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a3-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 16ms
14ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250559.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6ImdGU2pxY2ZmeWRVaFVGNmdQcWt3cVE9PSIsInZhbHVlIjoiKzhIT3RaMFBEZGh5QU11amZPMFlsSE4yVDlQaTRKa2RVXC95RWk1REZRNlQxbkxIOW8yMkhmZjNFVlpNVUc4Q2MiLCJtYWMiOiI5MGI0ZDQ2MTkyZTIwMjcwNGY3MWFkM2IwMTQ3NGRhMzMyZjlhZWUyNTVlOThkNGFkMTg2ZmVhZjQ5NjcxMGRiIn0%3D; c=eyJpdiI6IlwvSXdRakJOUHlpall1MGRiTWJYY29RPT0iLCJ2YWx1ZSI6Ikl0NHhRaFc2TlRNV1JMODRZM2xlbXM5VnJVWHNHam5FUkNjZTNnYXBwUldvQ3Z5YzZ2aHRUd0hHcEtWTEtcL3BsIiwibWFjIjoiMThkN2FmZDQxZGY3NjVmMWY2ZDVjMzAzYmI2YjM5YTA5M2VhYjgwNzc4YjY0ZWVlYjZkMjYzY2E3OWM5MDc2NCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3670
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yh%2FTSoPrWk%2B3lF80OB8fstnuGZMQcSJS41JcIOhzleX9rCB%2FWfiYjr7IgDJTao7J68WOxX3DEakCLd9SHUna4BbEEI4CglChzEgLjgZSugt4pCdN5Dn0ve03DDk1A5nQE%2B8qF%2FC0KK%2FZuqU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67a80a90cfdc42f7-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 8ms
8ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250559.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6ImdGU2pxY2ZmeWRVaFVGNmdQcWt3cVE9PSIsInZhbHVlIjoiKzhIT3RaMFBEZGh5QU11amZPMFlsSE4yVDlQaTRKa2RVXC95RWk1REZRNlQxbkxIOW8yMkhmZjNFVlpNVUc4Q2MiLCJtYWMiOiI5MGI0ZDQ2MTkyZTIwMjcwNGY3MWFkM2IwMTQ3NGRhMzMyZjlhZWUyNTVlOThkNGFkMTg2ZmVhZjQ5NjcxMGRiIn0%3D; c=eyJpdiI6IlwvSXdRakJOUHlpall1MGRiTWJYY29RPT0iLCJ2YWx1ZSI6Ikl0NHhRaFc2TlRNV1JMODRZM2xlbXM5VnJVWHNHam5FUkNjZTNnYXBwUldvQ3Z5YzZ2aHRUd0hHcEtWTEtcL3BsIiwibWFjIjoiMThkN2FmZDQxZGY3NjVmMWY2ZDVjMzAzYmI2YjM5YTA5M2VhYjgwNzc4YjY0ZWVlYjZkMjYzY2E3OWM5MDc2NCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 03 Aug 2021 14:21:05 GMT
server: cloudflare
etag: W/"610950d1-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PPU4IerNo04YxGfmGCE9lL3VwbtIxsL8BVxvvebKP6NQIiWc5lXqdiSuWrtIaPgaPJoQECFTraBEGsk73RVvoRXCgfxDSKJj1MzgAJpNBXZu%2FraE7%2BDo5H3ksrwlz5pVP1ghpY0TAGJQgUU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a908f2942f7-FRA
vary: Accept-Encoding
expires: Sun, 08 Aug 2021 11:49:20 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 12ms
11ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250559.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6ImdGU2pxY2ZmeWRVaFVGNmdQcWt3cVE9PSIsInZhbHVlIjoiKzhIT3RaMFBEZGh5QU11amZPMFlsSE4yVDlQaTRKa2RVXC95RWk1REZRNlQxbkxIOW8yMkhmZjNFVlpNVUc4Q2MiLCJtYWMiOiI5MGI0ZDQ2MTkyZTIwMjcwNGY3MWFkM2IwMTQ3NGRhMzMyZjlhZWUyNTVlOThkNGFkMTg2ZmVhZjQ5NjcxMGRiIn0%3D; c=eyJpdiI6IlwvSXdRakJOUHlpall1MGRiTWJYY29RPT0iLCJ2YWx1ZSI6Ikl0NHhRaFc2TlRNV1JMODRZM2xlbXM5VnJVWHNHam5FUkNjZTNnYXBwUldvQ3Z5YzZ2aHRUd0hHcEtWTEtcL3BsIiwibWFjIjoiMThkN2FmZDQxZGY3NjVmMWY2ZDVjMzAzYmI2YjM5YTA5M2VhYjgwNzc4YjY0ZWVlYjZkMjYzY2E3OWM5MDc2NCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3670
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:36 GMT
server: cloudflare
etag: W/"610d0f4c-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VFCjRcz6WfBbex3uExh4MBistfTNNeqlTKWCUXLdcspDZRfaRTAcWCETuKtdJkl%2F%2B4PS86076auow4lru3dCm%2BCprg8I%2B2%2BWh5ZEhdiWcXu%2FK8eXRXujBKVSaNlvfIZe358EIA4QT06ciz0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a909f5142f7-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 23ms
22ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250559.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6ImdGU2pxY2ZmeWRVaFVGNmdQcWt3cVE9PSIsInZhbHVlIjoiKzhIT3RaMFBEZGh5QU11amZPMFlsSE4yVDlQaTRKa2RVXC95RWk1REZRNlQxbkxIOW8yMkhmZjNFVlpNVUc4Q2MiLCJtYWMiOiI5MGI0ZDQ2MTkyZTIwMjcwNGY3MWFkM2IwMTQ3NGRhMzMyZjlhZWUyNTVlOThkNGFkMTg2ZmVhZjQ5NjcxMGRiIn0%3D; c=eyJpdiI6IlwvSXdRakJOUHlpall1MGRiTWJYY29RPT0iLCJ2YWx1ZSI6Ikl0NHhRaFc2TlRNV1JMODRZM2xlbXM5VnJVWHNHam5FUkNjZTNnYXBwUldvQ3Z5YzZ2aHRUd0hHcEtWTEtcL3BsIiwibWFjIjoiMThkN2FmZDQxZGY3NjVmMWY2ZDVjMzAzYmI2YjM5YTA5M2VhYjgwNzc4YjY0ZWVlYjZkMjYzY2E3OWM5MDc2NCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4593
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9A%2B9aWlneStDS8eJDDRpRluyWzsidAJt7J0mgbhRSThrOHgDTetTtSDYGjPPlWlxc4vBgyzm1N97%2BvtezZCSZm4XPdDz89j7%2FpRmhtS5FPSccKoqdACH0yNYvuZgiB3Axr8JdUExE16vbpU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a90af8742f7-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 8ms
8ms Script
application/javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx00000000000000495929e-0060df28ef-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 52ms
51ms Script
text/plain 18.195.123.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.123.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-123-247.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:20 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 151ms
50ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:20 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 18ms
17ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ebf9aea91580923f108d8e9c9fa03581c3c58fcd1ab8712d4ed593fbde60062

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Jul 2021 15:47:47 GMT
server: cloudflare
age: 4761
etag: W/"61041f23-9787"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AfEQn%2BLkgwZo3CtvYU7knGUvApup2iZPjFD8T03Ken%2FSPcqpcRMZYg7o4eKfDcvpTbfqM36KSlAIxVAbtZ2mEl3%2FctcVttYzMHYMsR5%2BoKRi4uBCO3cNAwu6%2B3J4rYlQFNSBvBGzDPzFF07ktQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a90c87e4401-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
41 KB 17ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ee25e98eb177cc22fba819b261e53fdcdb837d1ca65533dbc186fa9f1f9550a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41863
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Aug 2021 11:49:20 GMT

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 51ms
50ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.7069786204891593
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 54aab601cb600e17631e0330c2b579594176300df09d2bcc5b4d0b003164872b

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:20 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 15ms
15ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a8f778-0060df3204-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 14ms
13ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593a6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:20 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 8ms
7ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593e6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:20 GMT

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 25ms
25ms Fetch
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 14869471898732562513
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 06 Aug 2021 11:49:20 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 56ms
55ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: a1462e6ed73b6186c4fec4a03845da53067de71e7711f56f0fe316b0a72d1b34

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:20 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 56ms
55ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

2e43e36d965e3f2a5c2b50887a208818e6a329f572103214236cab2ea52796af

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 51ms
47ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:20 GMT
Server: nginx/1.19.10
Etag: 88806b8f-14f1-46c2-9cdd-a077fc3f3944
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 17ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:20 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 18ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:20 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 18ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:20 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 16ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:20 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 18ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:20 GMT

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 47ms
47ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:20 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 locate Show response
tgfunnls.org/ 141 B
1 KB 121ms
120ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6ffea4eb17e3268759f83f8abca64a9ed7755ff19d8d6b05e7aa354ae6d4f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6ImdGU2pxY2ZmeWRVaFVGNmdQcWt3cVE9PSIsInZhbHVlIjoiKzhIT3RaMFBEZGh5QU11amZPMFlsSE4yVDlQaTRKa2RVXC95RWk1REZRNlQxbkxIOW8yMkhmZjNFVlpNVUc4Q2MiLCJtYWMiOiI5MGI0ZDQ2MTkyZTIwMjcwNGY3MWFkM2IwMTQ3NGRhMzMyZjlhZWUyNTVlOThkNGFkMTg2ZmVhZjQ5NjcxMGRiIn0=
accept-language: en-US
sec-fetch-dest: empty
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250559.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6ImdGU2pxY2ZmeWRVaFVGNmdQcWt3cVE9PSIsInZhbHVlIjoiKzhIT3RaMFBEZGh5QU11amZPMFlsSE4yVDlQaTRKa2RVXC95RWk1REZRNlQxbkxIOW8yMkhmZjNFVlpNVUc4Q2MiLCJtYWMiOiI5MGI0ZDQ2MTkyZTIwMjcwNGY3MWFkM2IwMTQ3NGRhMzMyZjlhZWUyNTVlOThkNGFkMTg2ZmVhZjQ5NjcxMGRiIn0%3D; c=eyJpdiI6IlwvSXdRakJOUHlpall1MGRiTWJYY29RPT0iLCJ2YWx1ZSI6Ikl0NHhRaFc2TlRNV1JMODRZM2xlbXM5VnJVWHNHam5FUkNjZTNnYXBwUldvQ3Z5YzZ2aHRUd0hHcEtWTEtcL3BsIiwibWFjIjoiMThkN2FmZDQxZGY3NjVmMWY2ZDVjMzAzYmI2YjM5YTA5M2VhYjgwNzc4YjY0ZWVlYjZkMjYzY2E3OWM5MDc2NCJ9
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6ImdGU2pxY2ZmeWRVaFVGNmdQcWt3cVE9PSIsInZhbHVlIjoiKzhIT3RaMFBEZGh5QU11amZPMFlsSE4yVDlQaTRKa2RVXC95RWk1REZRNlQxbkxIOW8yMkhmZjNFVlpNVUc4Q2MiLCJtYWMiOiI5MGI0ZDQ2MTkyZTIwMjcwNGY3MWFkM2IwMTQ3NGRhMzMyZjlhZWUyNTVlOThkNGFkMTg2ZmVhZjQ5NjcxMGRiIn0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y2UJ2XF0w37tU%2Fjhxp6THLH6oBgQp5okEd3rn9tEIolQoX7caUy2Dg5JF8UmipVYDAU9GhTGHJYjZOUwCDUoNfsyTxyKHGzYSMkB3wz0%2FN57Sg2SGGYiC%2FQeWfNNofSDxSqf51mvp40F7i4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlVXemZYUGVuaTh0Y3lOdkZicGJWWWc9PSIsInZhbHVlIjoiOG1GRXM5QzVBdFNBbER4cjlCa1h6WXBaamdyUlRSeFkxUnFMWW1YQjFvaHVYaWg2TGhYY1dxMGV5d0RabG85RCIsIm1hYyI6IjJkOTdhOTViNWI5YWY1ZDdkODUxYmJmNTQ4M2RkNzE3M2E0MjAzNmFhODgxZDI2YmMxNjg1OWU4YjY5YWE1ZGEifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:20 GMT; Max-Age=7200; path=/ c=eyJpdiI6IkFmdjc5OEJhejJoVzAwcWE4TFNXSXc9PSIsInZhbHVlIjoieU9IVVFWNnFGQ29lYU9Tb0tlNGxhOUh3VEtMcXZEcUVCUktaVHdWQ3NMMG1RQ2R0YWFxSEl2MldVR3A3NHcxVSIsIm1hYyI6IjlmYWUyOGQ3MGJkM2MzZWUxOTg2ZDBkOTA5MGE1MjdmMDA4ZmVkMWZhNzA4MjE4YWY0ZWM5NGRkYWQ3YTQ1ZGYifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:20 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a91aa5242f7-FRA

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 23ms
22ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250559.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6ImdGU2pxY2ZmeWRVaFVGNmdQcWt3cVE9PSIsInZhbHVlIjoiKzhIT3RaMFBEZGh5QU11amZPMFlsSE4yVDlQaTRKa2RVXC95RWk1REZRNlQxbkxIOW8yMkhmZjNFVlpNVUc4Q2MiLCJtYWMiOiI5MGI0ZDQ2MTkyZTIwMjcwNGY3MWFkM2IwMTQ3NGRhMzMyZjlhZWUyNTVlOThkNGFkMTg2ZmVhZjQ5NjcxMGRiIn0%3D; c=eyJpdiI6IlwvSXdRakJOUHlpall1MGRiTWJYY29RPT0iLCJ2YWx1ZSI6Ikl0NHhRaFc2TlRNV1JMODRZM2xlbXM5VnJVWHNHam5FUkNjZTNnYXBwUldvQ3Z5YzZ2aHRUd0hHcEtWTEtcL3BsIiwibWFjIjoiMThkN2FmZDQxZGY3NjVmMWY2ZDVjMzAzYmI2YjM5YTA5M2VhYjgwNzc4YjY0ZWVlYjZkMjYzY2E3OWM5MDc2NCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2323
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:55:13 GMT
server: cloudflare
etag: "610d1511-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HAE8Kfhqazmeo%2FirFqkm20KVTqtS%2BvF4DznwG0PcXwoXud1zDiVWc7VZbhZMTJ0nyP7duz67yMZGc4QQw8Pgdn4oS8PzJnnCknOV441kwCNxnGkIqbugxcvYHY5YCGNLnJdUN80uTj4LvUk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a91aa5442f7-FRA

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 47ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:20 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK 268cd02f-9fcf-4a8d-aa93-c528ab7fff8b
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/268cd02f-9fcf-4a8d-aa93-c528ab7fff8b
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 15ms
15ms Image
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

de85b8ee97824c5e846f3000562fd9b83fc14b62da6e812fbad4c9ad49eb0458

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51134
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:20 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2139
date: Fri, 06 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 61ms
60ms Script
application/javascript 13.224.96.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d4261e9b3b427b4faba85d775a6dbd131cf86cbd42945ba05ae2ebad8f8f36e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 2
etag: W/4e117f3a38c123981a4b3509540d1697
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: F_owa3ov9V_mgVwI7dNNd_K5xVIIbg-Ur1xqkgXn5VcxD8x5jOJYjA==
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 47ms
46ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:20 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 56ms
56ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:20 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.7069786204891593
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: b6a6463b285c1fdc27b7022ff01564762e81117074a3f3781cc931fe389afc70

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-f3a3"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62371
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 121ms
121ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D60D53A279C34294A37B44CA833D8B14F&h=fe9b8582c0d96af381d293a2d11d8a7f&t=false&r=0.848559773489701

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:20 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 146ms
145ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6IlVXemZYUGVuaTh0Y3lOdkZicGJWWWc9PSIsInZhbHVlIjoiOG1GRXM5QzVBdFNBbER4cjlCa1h6WXBaamdyUlRSeFkxUnFMWW1YQjFvaHVYaWg2TGhYY1dxMGV5d0RabG85RCIsIm1hYyI6IjJkOTdhOTViNWI5YWY1ZDdkODUxYmJmNTQ4M2RkNzE3M2E0MjAzNmFhODgxZDI2YmMxNjg1OWU4YjY5YWE1ZGEifQ==
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250559.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlVXemZYUGVuaTh0Y3lOdkZicGJWWWc9PSIsInZhbHVlIjoiOG1GRXM5QzVBdFNBbER4cjlCa1h6WXBaamdyUlRSeFkxUnFMWW1YQjFvaHVYaWg2TGhYY1dxMGV5d0RabG85RCIsIm1hYyI6IjJkOTdhOTViNWI5YWY1ZDdkODUxYmJmNTQ4M2RkNzE3M2E0MjAzNmFhODgxZDI2YmMxNjg1OWU4YjY5YWE1ZGEifQ%3D%3D; c=eyJpdiI6IkFmdjc5OEJhejJoVzAwcWE4TFNXSXc9PSIsInZhbHVlIjoieU9IVVFWNnFGQ29lYU9Tb0tlNGxhOUh3VEtMcXZEcUVCUktaVHdWQ3NMMG1RQ2R0YWFxSEl2MldVR3A3NHcxVSIsIm1hYyI6IjlmYWUyOGQ3MGJkM2MzZWUxOTg2ZDBkOTA5MGE1MjdmMDA4ZmVkMWZhNzA4MjE4YWY0ZWM5NGRkYWQ3YTQ1ZGYifQ%3D%3D
content-length: 179
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IlVXemZYUGVuaTh0Y3lOdkZicGJWWWc9PSIsInZhbHVlIjoiOG1GRXM5QzVBdFNBbER4cjlCa1h6WXBaamdyUlRSeFkxUnFMWW1YQjFvaHVYaWg2TGhYY1dxMGV5d0RabG85RCIsIm1hYyI6IjJkOTdhOTViNWI5YWY1ZDdkODUxYmJmNTQ4M2RkNzE3M2E0MjAzNmFhODgxZDI2YmMxNjg1OWU4YjY5YWE1ZGEifQ==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B3RKsPFc1Krx0e1hnO66OpejKOlmRjQSnQA3t4PtlyFuZLbOYQDmdaN%2BJgvjVQMUTcYEW15ltvvupk6k2FrwdAuEFP2oA63RqAXtqH0d8b5YhJFZ0sVcq2zj5IxJDW1DTElirU0DxiLux2M%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IkJXaVFicVl0TU5hS0ttYkFubFJ0SlE9PSIsInZhbHVlIjoiOWhETnBxQk1PbTBsamlNcnNEVDljcmhNVGZsQks4TTdDZWhuVmE5RjJnUWMzTzFudkZDbGJHTVkwUzBqenoxeiIsIm1hYyI6IjFjNTk1NjQ1OTk4YWQwZWRjOTRmYzU1ODA2OGI0NjYyNWMwNWI1NjM4MGM0MmU0ZDM1OGQ1MmQwZTE1OWJmNGQifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:20 GMT; Max-Age=7200; path=/ c=eyJpdiI6IlN3V2RPQTBMQVBVclF2TUtLbzhxREE9PSIsInZhbHVlIjoiOXFpQjdLaVRjd2JpNGlHY1JDU2x5dTA3ZGZLTVdabitGNm1cL3FuOXk4ODA0eXdGUVJ0SWw4QTdpS3NsV2Y2NnciLCJtYWMiOiJlM2IxOTYzOTc5ODQ3M2Y1MmQ4ZWRiZmZlOTk4YjZhMTAyNGU2NTU4ZjQ0YjdkODMxM2Q1MmIzMjlhMDMwZDhhIn0%3D; expires=Fri, 06-Aug-2021 13:49:20 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a928c8e42f7-FRA

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
56 B 7ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=155594776&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=1821568338.1628250557&tid=UA-192660002-1&_gid=1967650473.1628250557&gtm=2wg840MSK8GMG&z=1374427203

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 05:58:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 21040
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 62ms
62ms Script
application/javascript 13.224.96.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77475
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: gAWAFDc90aS2VOEij7ExtjGCjVDA1fVs4kJTN2K_P4wbCICH4AWrDg==

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 49ms
49ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.05420650289008333&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 51ms
50ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.6075759574939412
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 9E7A 2 KB
1 KB 60ms
60ms Document
text/html 13.224.96.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-92.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: SfK9cHmt5tiHvWmoktiqBPDmonHWaAn-21njLfkX6nLzuFccBkG9HQ==
age: 1683170

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 49ms
49ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:20 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 47ms
47ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:20 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 49ms
48ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-133"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js
cdn.pushcrew.com/js/ 227 KB
0 136ms
129ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Fri, 06 Aug 2021 12:19:20 GMT

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 203ms
203ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d112b315823139f7e0ea08e781b12c7cd3a2d4fad1a170fbf13d1c28051612a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250560.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IkJXaVFicVl0TU5hS0ttYkFubFJ0SlE9PSIsInZhbHVlIjoiOWhETnBxQk1PbTBsamlNcnNEVDljcmhNVGZsQks4TTdDZWhuVmE5RjJnUWMzTzFudkZDbGJHTVkwUzBqenoxeiIsIm1hYyI6IjFjNTk1NjQ1OTk4YWQwZWRjOTRmYzU1ODA2OGI0NjYyNWMwNWI1NjM4MGM0MmU0ZDM1OGQ1MmQwZTE1OWJmNGQifQ%3D%3D; c=eyJpdiI6IlN3V2RPQTBMQVBVclF2TUtLbzhxREE9PSIsInZhbHVlIjoiOXFpQjdLaVRjd2JpNGlHY1JDU2x5dTA3ZGZLTVdabitGNm1cL3FuOXk4ODA0eXdGUVJ0SWw4QTdpS3NsV2Y2NnciLCJtYWMiOiJlM2IxOTYzOTc5ODQ3M2Y1MmQ4ZWRiZmZlOTk4YjZhMTAyNGU2NTU4ZjQ0YjdkODMxM2Q1MmIzMjlhMDMwZDhhIn0%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlZpcHc0cHZETGVMV3QwMWozdWdDY3c9PSIsInZhbHVlIjoidmdOZ2hrQUNXXC80R2pOSXdOeDlHbEIrNDd1TzlcL2EzUmVUY2NOS1Q4ckw3RzQxblVQWHlVMDhadUVzYm02d3B6IiwibWFjIjoiMzdiMjVmMDJhNTcxM2NmZTk2ZWQzOTQ3ZjNiZjAyM2FiMGU3YzIxNzRkOWIzZTFjYzYzZjk1ZGMyYmVlMTNlYyJ9; expires=Fri, 06-Aug-2021 13:49:20 GMT; Max-Age=7200; path=/ c=eyJpdiI6IkhaWmNiNmJ2SUFIWHVGODlXZnhDcHc9PSIsInZhbHVlIjoicm1yWk0xaUp1Y3V1SEVDMnVCZEMxc3VYTURRbjZsUFYyTDVxMlhPSzVkcFRDcCsrWE1DMXE0Rk5UdW52aVNiTyIsIm1hYyI6ImM2ZWZhN2QyNjYwMGM3NDdmYzRmZDZjOWNiYWZjMDBmMzIxYzE2YWQ2MGU4YWEwNDg1MGZiZDM3MDRlMzY1MjYifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:20 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 3
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1urF8xyY72eTLOfRhkD9rIhYONf7ecTsqCKYylNS8dEmWtuKtRupldYf9Vk%2BMsmH5uBzNevIVxJ8yMT1mno5DFsYVD9DHZpnmpderBpdZobSlkzZJz7LVxQT6XnX3fFBrUBygWoD49aBS9c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67a80a94eb2242f7-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 47ms
47ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 06 Aug 2021 11:49:20 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 15ms
15ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250560.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlZpcHc0cHZETGVMV3QwMWozdWdDY3c9PSIsInZhbHVlIjoidmdOZ2hrQUNXXC80R2pOSXdOeDlHbEIrNDd1TzlcL2EzUmVUY2NOS1Q4ckw3RzQxblVQWHlVMDhadUVzYm02d3B6IiwibWFjIjoiMzdiMjVmMDJhNTcxM2NmZTk2ZWQzOTQ3ZjNiZjAyM2FiMGU3YzIxNzRkOWIzZTFjYzYzZjk1ZGMyYmVlMTNlYyJ9; c=eyJpdiI6IkhaWmNiNmJ2SUFIWHVGODlXZnhDcHc9PSIsInZhbHVlIjoicm1yWk0xaUp1Y3V1SEVDMnVCZEMxc3VYTURRbjZsUFYyTDVxMlhPSzVkcFRDcCsrWE1DMXE0Rk5UdW52aVNiTyIsIm1hYyI6ImM2ZWZhN2QyNjYwMGM3NDdmYzRmZDZjOWNiYWZjMDBmMzIxYzE2YWQ2MGU4YWEwNDg1MGZiZDM3MDRlMzY1MjYifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3672
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0%2B%2FUSJK4h4ZJhiDrkZhwSDwHur1M5bc5Xv1q%2BTupEy4qCaGN5jNIhPh2vO6a%2BcMitTneSLFaPnSVEED3nEwDlRfI8EH9jTTzrpI3suoOto6nnNiOzRlpOkCXXyAffvLflAs2znm%2FgCM51ZI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a963f6e42f7-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
761 B 14ms
13ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250560.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlZpcHc0cHZETGVMV3QwMWozdWdDY3c9PSIsInZhbHVlIjoidmdOZ2hrQUNXXC80R2pOSXdOeDlHbEIrNDd1TzlcL2EzUmVUY2NOS1Q4ckw3RzQxblVQWHlVMDhadUVzYm02d3B6IiwibWFjIjoiMzdiMjVmMDJhNTcxM2NmZTk2ZWQzOTQ3ZjNiZjAyM2FiMGU3YzIxNzRkOWIzZTFjYzYzZjk1ZGMyYmVlMTNlYyJ9; c=eyJpdiI6IkhaWmNiNmJ2SUFIWHVGODlXZnhDcHc9PSIsInZhbHVlIjoicm1yWk0xaUp1Y3V1SEVDMnVCZEMxc3VYTURRbjZsUFYyTDVxMlhPSzVkcFRDcCsrWE1DMXE0Rk5UdW52aVNiTyIsIm1hYyI6ImM2ZWZhN2QyNjYwMGM3NDdmYzRmZDZjOWNiYWZjMDBmMzIxYzE2YWQ2MGU4YWEwNDg1MGZiZDM3MDRlMzY1MjYifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3672
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kgjRvSpZkMVk1PXunhzgGqbw%2BlNX2P8VTTkzgFxUre0%2FUqtIhOI6vFMvFC38p8%2FcRgIBpiiOi36EwuQ3vcGHgoOvHF08Msz0aGmM245vkQadSTuljLXiQd77zta%2FYmHK982vM8g2hiOeqig%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a963f7142f7-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 8ms
7ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000049794a1-0060df28ef-12ed1804-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 52ms
52ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 25ms
19ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 25ms
19ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 30ms
26ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250560.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlZpcHc0cHZETGVMV3QwMWozdWdDY3c9PSIsInZhbHVlIjoidmdOZ2hrQUNXXC80R2pOSXdOeDlHbEIrNDd1TzlcL2EzUmVUY2NOS1Q4ckw3RzQxblVQWHlVMDhadUVzYm02d3B6IiwibWFjIjoiMzdiMjVmMDJhNTcxM2NmZTk2ZWQzOTQ3ZjNiZjAyM2FiMGU3YzIxNzRkOWIzZTFjYzYzZjk1ZGMyYmVlMTNlYyJ9; c=eyJpdiI6IkhaWmNiNmJ2SUFIWHVGODlXZnhDcHc9PSIsInZhbHVlIjoicm1yWk0xaUp1Y3V1SEVDMnVCZEMxc3VYTURRbjZsUFYyTDVxMlhPSzVkcFRDcCsrWE1DMXE0Rk5UdW52aVNiTyIsIm1hYyI6ImM2ZWZhN2QyNjYwMGM3NDdmYzRmZDZjOWNiYWZjMDBmMzIxYzE2YWQ2MGU4YWEwNDg1MGZiZDM3MDRlMzY1MjYifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3671
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:28:14 GMT
server: cloudflare
etag: "610d0ebe-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l5tuJKyS8FsCBtXe8%2FTqsPATRlxiesrsHiSaVzugK6H3WUZ23SAcLgvpwDRKdQrhP%2BFyTt9lfhN1n7MKFsFp25Qi4N3z1xOOWPDR6NvZnujDE52Z4wbWiStoP3qLUyIDqSvy8utlEQd8dG8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a96986442f7-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 25ms
20ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 25ms
19ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794ba-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 26ms
19ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b6-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 24ms
21ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bc-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 24ms
21ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794be-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 16ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 12ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 10ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bd-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 11ms
9ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 11ms
10ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bc-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 12ms
10ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bb-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
5ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b8-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a5-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 9ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 9ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a3-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 27ms
24ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250560.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlZpcHc0cHZETGVMV3QwMWozdWdDY3c9PSIsInZhbHVlIjoidmdOZ2hrQUNXXC80R2pOSXdOeDlHbEIrNDd1TzlcL2EzUmVUY2NOS1Q4ckw3RzQxblVQWHlVMDhadUVzYm02d3B6IiwibWFjIjoiMzdiMjVmMDJhNTcxM2NmZTk2ZWQzOTQ3ZjNiZjAyM2FiMGU3YzIxNzRkOWIzZTFjYzYzZjk1ZGMyYmVlMTNlYyJ9; c=eyJpdiI6IkhaWmNiNmJ2SUFIWHVGODlXZnhDcHc9PSIsInZhbHVlIjoicm1yWk0xaUp1Y3V1SEVDMnVCZEMxc3VYTURRbjZsUFYyTDVxMlhPSzVkcFRDcCsrWE1DMXE0Rk5UdW52aVNiTyIsIm1hYyI6ImM2ZWZhN2QyNjYwMGM3NDdmYzRmZDZjOWNiYWZjMDBmMzIxYzE2YWQ2MGU4YWEwNDg1MGZiZDM3MDRlMzY1MjYifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3671
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pbrs0H4xqQFuRlWZ9vE9UUKVybMTO6yQjjHzNthNjMc%2F8eYUDSHbTI248GVFHPwlMlKlIc%2FHb6bHRfbyHbdUTgeP0UqWSUm4R1tygi0ldDaMwjGxmZuCAcEIx1wOsr0AfXLkSGGwogCyBdw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67a80a96986942f7-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 11ms
11ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250560.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlZpcHc0cHZETGVMV3QwMWozdWdDY3c9PSIsInZhbHVlIjoidmdOZ2hrQUNXXC80R2pOSXdOeDlHbEIrNDd1TzlcL2EzUmVUY2NOS1Q4ckw3RzQxblVQWHlVMDhadUVzYm02d3B6IiwibWFjIjoiMzdiMjVmMDJhNTcxM2NmZTk2ZWQzOTQ3ZjNiZjAyM2FiMGU3YzIxNzRkOWIzZTFjYzYzZjk1ZGMyYmVlMTNlYyJ9; c=eyJpdiI6IkhaWmNiNmJ2SUFIWHVGODlXZnhDcHc9PSIsInZhbHVlIjoicm1yWk0xaUp1Y3V1SEVDMnVCZEMxc3VYTURRbjZsUFYyTDVxMlhPSzVkcFRDcCsrWE1DMXE0Rk5UdW52aVNiTyIsIm1hYyI6ImM2ZWZhN2QyNjYwMGM3NDdmYzRmZDZjOWNiYWZjMDBmMzIxYzE2YWQ2MGU4YWEwNDg1MGZiZDM3MDRlMzY1MjYifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 03 Aug 2021 14:21:05 GMT
server: cloudflare
etag: W/"610950d1-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jzp9ts1ir8nyhvlksmUdD9Cj%2Bqh41wBKr%2Bp3m77BXS%2FzLQ6jcMNV4gVWtmCKaQ%2BU8D5LhhZV41piRWZ7w3RDlabqqrVQxJ8kfTsfAitCd15bzdMHWXxCZID57tmQMrtZRK7gwCJ77Rsth2w%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a965fae42f7-FRA
vary: Accept-Encoding
expires: Sun, 08 Aug 2021 11:49:21 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 17ms
17ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250560.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlZpcHc0cHZETGVMV3QwMWozdWdDY3c9PSIsInZhbHVlIjoidmdOZ2hrQUNXXC80R2pOSXdOeDlHbEIrNDd1TzlcL2EzUmVUY2NOS1Q4ckw3RzQxblVQWHlVMDhadUVzYm02d3B6IiwibWFjIjoiMzdiMjVmMDJhNTcxM2NmZTk2ZWQzOTQ3ZjNiZjAyM2FiMGU3YzIxNzRkOWIzZTFjYzYzZjk1ZGMyYmVlMTNlYyJ9; c=eyJpdiI6IkhaWmNiNmJ2SUFIWHVGODlXZnhDcHc9PSIsInZhbHVlIjoicm1yWk0xaUp1Y3V1SEVDMnVCZEMxc3VYTURRbjZsUFYyTDVxMlhPSzVkcFRDcCsrWE1DMXE0Rk5UdW52aVNiTyIsIm1hYyI6ImM2ZWZhN2QyNjYwMGM3NDdmYzRmZDZjOWNiYWZjMDBmMzIxYzE2YWQ2MGU4YWEwNDg1MGZiZDM3MDRlMzY1MjYifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3671
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:36 GMT
server: cloudflare
etag: W/"610d0f4c-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Knuqq1YcfvdAVzIlMJsHVVhdPGliiCEgvoy6fwB%2FozwO3uLbVtmnlYh8SjDyAY1wTefzuhHtXnasBND8prPfzqIOIYbD6SgW3wwTi9lrgBhEkEsZQcchRWehWejS2dKOvBmGyccZzRJ31Mw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a966fe742f7-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 28ms
27ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250560.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlZpcHc0cHZETGVMV3QwMWozdWdDY3c9PSIsInZhbHVlIjoidmdOZ2hrQUNXXC80R2pOSXdOeDlHbEIrNDd1TzlcL2EzUmVUY2NOS1Q4ckw3RzQxblVQWHlVMDhadUVzYm02d3B6IiwibWFjIjoiMzdiMjVmMDJhNTcxM2NmZTk2ZWQzOTQ3ZjNiZjAyM2FiMGU3YzIxNzRkOWIzZTFjYzYzZjk1ZGMyYmVlMTNlYyJ9; c=eyJpdiI6IkhaWmNiNmJ2SUFIWHVGODlXZnhDcHc9PSIsInZhbHVlIjoicm1yWk0xaUp1Y3V1SEVDMnVCZEMxc3VYTURRbjZsUFYyTDVxMlhPSzVkcFRDcCsrWE1DMXE0Rk5UdW52aVNiTyIsIm1hYyI6ImM2ZWZhN2QyNjYwMGM3NDdmYzRmZDZjOWNiYWZjMDBmMzIxYzE2YWQ2MGU4YWEwNDg1MGZiZDM3MDRlMzY1MjYifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4594
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3fvpqXsKvvojfCwQMYQQDMnms4SaEYM9ZGlRDaBHZAswsbgNZJ9jjkSwTcgAtiayZmSuZAhWvGdiK38%2BkP%2BbXKbB3wVLWQLpyv9SKm7tlSMMMWt7xIVWU52fSA4bhcY%2BqvRHZXvL%2Bk3NoMI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a96883442f7-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 8ms
8ms Script
application/javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx00000000000000495929e-0060df28ef-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 54ms
51ms Script
text/plain 18.195.123.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.123.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-123-247.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:21 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 151ms
50ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:21 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 24ms
22ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ebf9aea91580923f108d8e9c9fa03581c3c58fcd1ab8712d4ed593fbde60062

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Jul 2021 15:47:47 GMT
server: cloudflare
age: 4762
etag: W/"61041f23-9787"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0%2FV9r8ETI3rvfS%2FGDyaF8tHdRrEa%2BSqkMyyoByBtwWjeTvo4hNRFYVRnyiz9iS4TD6jFAAqRRWHBSNUVZruXWbYN7JP3%2BEwBV2SwySg1t%2FSWjopvOSzJifAzdkq7nbQopMA%2FofEXc%2BmaIP2cNw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a9698144401-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
41 KB 19ms
17ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ee25e98eb177cc22fba819b261e53fdcdb837d1ca65533dbc186fa9f1f9550a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41863
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Aug 2021 11:49:21 GMT

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 56ms
53ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.3576262557841319
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 7209b3817adb8026750e01c00e523b4d3d6ee1a06b77d6625f02a4c10e91c67c

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:21 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 23ms
20ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a8f778-0060df3204-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 15ms
12ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593a6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 9ms
7ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593e6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:21 GMT

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 112ms
111ms Fetch
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 14869471898732562513
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 06 Aug 2021 11:49:21 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 48ms
47ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 8b4b02d40462d3a0631fe28623ff2f9c1671f80276a57774a91103cd6a22e70c

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:21 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 70ms
70ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

1b6c8e79fec5d1e7381a2047051cc8c91774a1f1f512bc096863ae9796c4b14e

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 49ms
47ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:21 GMT
Server: nginx/1.19.10
Etag: 52e96fb4-720e-4d64-ba77-4f17fff770a3
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 19ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:21 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 18ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:21 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 19ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:21 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 18ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:21 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 20ms
18ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:21 GMT

GET
H3-29 200 locate Show response
tgfunnls.org/ 150 B
1 KB 149ms
149ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9444725fb48cd94db4b9c4e1544b3ace3c54ccd0d1a289f124d36b69c9d6a20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6IlZpcHc0cHZETGVMV3QwMWozdWdDY3c9PSIsInZhbHVlIjoidmdOZ2hrQUNXXC80R2pOSXdOeDlHbEIrNDd1TzlcL2EzUmVUY2NOS1Q4ckw3RzQxblVQWHlVMDhadUVzYm02d3B6IiwibWFjIjoiMzdiMjVmMDJhNTcxM2NmZTk2ZWQzOTQ3ZjNiZjAyM2FiMGU3YzIxNzRkOWIzZTFjYzYzZjk1ZGMyYmVlMTNlYyJ9
accept-language: en-US
sec-fetch-dest: empty
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250560.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlZpcHc0cHZETGVMV3QwMWozdWdDY3c9PSIsInZhbHVlIjoidmdOZ2hrQUNXXC80R2pOSXdOeDlHbEIrNDd1TzlcL2EzUmVUY2NOS1Q4ckw3RzQxblVQWHlVMDhadUVzYm02d3B6IiwibWFjIjoiMzdiMjVmMDJhNTcxM2NmZTk2ZWQzOTQ3ZjNiZjAyM2FiMGU3YzIxNzRkOWIzZTFjYzYzZjk1ZGMyYmVlMTNlYyJ9; c=eyJpdiI6IkhaWmNiNmJ2SUFIWHVGODlXZnhDcHc9PSIsInZhbHVlIjoicm1yWk0xaUp1Y3V1SEVDMnVCZEMxc3VYTURRbjZsUFYyTDVxMlhPSzVkcFRDcCsrWE1DMXE0Rk5UdW52aVNiTyIsIm1hYyI6ImM2ZWZhN2QyNjYwMGM3NDdmYzRmZDZjOWNiYWZjMDBmMzIxYzE2YWQ2MGU4YWEwNDg1MGZiZDM3MDRlMzY1MjYifQ%3D%3D
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IlZpcHc0cHZETGVMV3QwMWozdWdDY3c9PSIsInZhbHVlIjoidmdOZ2hrQUNXXC80R2pOSXdOeDlHbEIrNDd1TzlcL2EzUmVUY2NOS1Q4ckw3RzQxblVQWHlVMDhadUVzYm02d3B6IiwibWFjIjoiMzdiMjVmMDJhNTcxM2NmZTk2ZWQzOTQ3ZjNiZjAyM2FiMGU3YzIxNzRkOWIzZTFjYzYzZjk1ZGMyYmVlMTNlYyJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6DtiwGiSQPYAIxXq0rKvFG3b3foRlzj8g5d4YP2gOnu3XlLWwnQBuTpHPXD%2FXmoTOU8G2U9%2B3OBfHbtynvFb9h9FKmv9ZM77Wc42RsnhQHeQjHvpsk%2BwLlYak%2B%2BHdPNQfTCnUNlFyBV8GmE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImJUd0FTV2JCS0llME52SXlnbncwMlE9PSIsInZhbHVlIjoidXFlZlMxaTdmUDJxaDZZTUJ5N3lMVzlLaFdRblVKZG1HS1U5NkhlSVhMbFplWFhuM0U3Vk5hS0t1a0ZRMFRPayIsIm1hYyI6Ijg2NzcxMDg5ZTM1YmY4NmZjZDRhMTFmZGEzYWZjYmU0MzAxZmUyMjA3YjQ5MTk2NWRkYmNmMjIyYzhiOWM2YjYifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:21 GMT; Max-Age=7200; path=/ c=eyJpdiI6IlVkb3pObmtWdEx6YUM1ODA0VlExbnc9PSIsInZhbHVlIjoidU5UNVlod2ZBd2orNWJGb1pDYitIZGoySG9Wa2pva09iWHdPTFFFWmxIdzBhQXpsazhZOXcrYVwvSG1GbVJRcXYiLCJtYWMiOiI2NTJhOTQyM2FjZDcwMjI1ZTBkZTYxMzk4YjJlNDEzN2UzZmZiNGQ1ZGEyYTY1YjE0OWI1NDc1ZTY0ZDFkNGNlIn0%3D; expires=Fri, 06-Aug-2021 13:49:21 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a973a9442f7-FRA

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 15ms
15ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250560.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6IlZpcHc0cHZETGVMV3QwMWozdWdDY3c9PSIsInZhbHVlIjoidmdOZ2hrQUNXXC80R2pOSXdOeDlHbEIrNDd1TzlcL2EzUmVUY2NOS1Q4ckw3RzQxblVQWHlVMDhadUVzYm02d3B6IiwibWFjIjoiMzdiMjVmMDJhNTcxM2NmZTk2ZWQzOTQ3ZjNiZjAyM2FiMGU3YzIxNzRkOWIzZTFjYzYzZjk1ZGMyYmVlMTNlYyJ9; c=eyJpdiI6IkhaWmNiNmJ2SUFIWHVGODlXZnhDcHc9PSIsInZhbHVlIjoicm1yWk0xaUp1Y3V1SEVDMnVCZEMxc3VYTURRbjZsUFYyTDVxMlhPSzVkcFRDcCsrWE1DMXE0Rk5UdW52aVNiTyIsIm1hYyI6ImM2ZWZhN2QyNjYwMGM3NDdmYzRmZDZjOWNiYWZjMDBmMzIxYzE2YWQ2MGU4YWEwNDg1MGZiZDM3MDRlMzY1MjYifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2324
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:55:13 GMT
server: cloudflare
etag: "610d1511-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mDW3quSrqeV5v6vCi%2FzxPBf5QF2bH4TmrJo4gVcka1U6YwQSGfy88gbBVqQfgxeqQsrXDld5a3xL1CwTEAG6RGzKb8dXvjUJdAxRFxa3b6qIB4WGl4vplVOVJvTFarGjVhtIJsMtn94zbQ4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a973a9a42f7-FRA

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 47ms
46ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:21 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 48ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:21 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK 2ef65ed4-beb7-4139-acec-80c7038b9a8f
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/2ef65ed4-beb7-4139-acec-80c7038b9a8f
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 24ms
20ms Image
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 16ms
14ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dae34939244e213c68b00452772818739ff77e23eefc25acc3a141fa1f506648

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51136
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:21 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2140
date: Fri, 06 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 56ms
55ms Script
application/javascript 13.224.96.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d4261e9b3b427b4faba85d775a6dbd131cf86cbd42945ba05ae2ebad8f8f36e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 3
etag: W/4e117f3a38c123981a4b3509540d1697
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: _-rg3Wmo9AWFIDW4nbWYaTvp0-SX-3kf2Imt2mPrCngTw5bFwFumpA==
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 50ms
50ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:21 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 48ms
48ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:21 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.3576262557841319
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: b6a6463b285c1fdc27b7022ff01564762e81117074a3f3781cc931fe389afc70

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-f3a3"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62371
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 121ms
121ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D60D53A279C34294A37B44CA833D8B14F&h=fe9b8582c0d96af381d293a2d11d8a7f&t=false&r=0.5265770851949787

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:21 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
57 B 8ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=1805223748&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=1821568338.1628250557&tid=UA-192660002-1&_gid=1967650473.1628250557&gtm=2wg840MSK8GMG&z=678471692

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 05:58:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 21041
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 213ms
212ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6ImJUd0FTV2JCS0llME52SXlnbncwMlE9PSIsInZhbHVlIjoidXFlZlMxaTdmUDJxaDZZTUJ5N3lMVzlLaFdRblVKZG1HS1U5NkhlSVhMbFplWFhuM0U3Vk5hS0t1a0ZRMFRPayIsIm1hYyI6Ijg2NzcxMDg5ZTM1YmY4NmZjZDRhMTFmZGEzYWZjYmU0MzAxZmUyMjA3YjQ5MTk2NWRkYmNmMjIyYzhiOWM2YjYifQ==
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6ImJUd0FTV2JCS0llME52SXlnbncwMlE9PSIsInZhbHVlIjoidXFlZlMxaTdmUDJxaDZZTUJ5N3lMVzlLaFdRblVKZG1HS1U5NkhlSVhMbFplWFhuM0U3Vk5hS0t1a0ZRMFRPayIsIm1hYyI6Ijg2NzcxMDg5ZTM1YmY4NmZjZDRhMTFmZGEzYWZjYmU0MzAxZmUyMjA3YjQ5MTk2NWRkYmNmMjIyYzhiOWM2YjYifQ%3D%3D; c=eyJpdiI6IlVkb3pObmtWdEx6YUM1ODA0VlExbnc9PSIsInZhbHVlIjoidU5UNVlod2ZBd2orNWJGb1pDYitIZGoySG9Wa2pva09iWHdPTFFFWmxIdzBhQXpsazhZOXcrYVwvSG1GbVJRcXYiLCJtYWMiOiI2NTJhOTQyM2FjZDcwMjI1ZTBkZTYxMzk4YjJlNDEzN2UzZmZiNGQ1ZGEyYTY1YjE0OWI1NDc1ZTY0ZDFkNGNlIn0%3D; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250561.0; _ga=GA1.1.1821568338.1628250557
content-length: 188
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6ImJUd0FTV2JCS0llME52SXlnbncwMlE9PSIsInZhbHVlIjoidXFlZlMxaTdmUDJxaDZZTUJ5N3lMVzlLaFdRblVKZG1HS1U5NkhlSVhMbFplWFhuM0U3Vk5hS0t1a0ZRMFRPayIsIm1hYyI6Ijg2NzcxMDg5ZTM1YmY4NmZjZDRhMTFmZGEzYWZjYmU0MzAxZmUyMjA3YjQ5MTk2NWRkYmNmMjIyYzhiOWM2YjYifQ==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Ap%2BWgMEIYxK%2B1FXwx1xa3%2BtR%2FVra7s5Ez9NwxduEWdbdYTo0KFODJFuCVAJ84rqGLofwB8fgNDnRtQFNfJ%2FYduhAsCi%2BBa3hp63Mp6dhvtdejnbwqsbQPEKA5u%2BcCSHI3VISLPmcjNyK6I%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Ik9Wc1BwNkZxWjRScjVwc0RrTFRpZ0E9PSIsInZhbHVlIjoiRWF0dFhHcVNpZk1LcDJLUnppQmduWThNUFlKTG5OOW96T3FOY1JwVUZPS0pzOHd1MlB0bVFYcVllb2NoSHV4eCIsIm1hYyI6IjEzZGRmZTA3ODQ4YjMzNWNjN2I1ZWM2N2E2NTIwOWI4NDNhMjY2ZWE4NDU5ZGRiNzI3MTExZmEwZTcyZDQ1ODUifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:21 GMT; Max-Age=7200; path=/ c=eyJpdiI6IjA4Wk1hdEttam1qVDM0bnZ2Z3ZnK3c9PSIsInZhbHVlIjoiUjBGQnZ0NkJsWTNxd0JRWDNiMkV3NGo1K2xpYzYrZGYrWU1TNHhPV3ZCU2orNEU3bFMrYzc5dXd4Ukg3d0ZUMCIsIm1hYyI6ImE4OTVlZTk1OTFiY2FhZWMyMjQzYmMzZDAyNzVjZDIzOTk5OGMyNjMzY2FlZTg4YjAxZThkMzAzYWE4MWI0MTQifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:21 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a986dae42f7-FRA

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 62ms
61ms Script
application/javascript 13.224.96.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77476
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: J867wpQOw6iHBDu3X9Ulu-XNsHkyLmh0NM7UBJe4W0DgI9VJqggxYw==

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 85ms
85ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.30997491548600964&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 57ms
57ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.3176506742588694
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 668C 2 KB
1 KB 54ms
54ms Document
text/html 13.224.96.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-92.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: Id9uAchYj_8VpB5yeCI4mxBjWk2NYW_NNIbupkIOeohkXEm7PEeFFA==
age: 1683171

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 48ms
48ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:20 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-133"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js
cdn.pushcrew.com/js/ 248 KB
70 KB 128ms
128ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Fri, 06 Aug 2021 12:19:21 GMT

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 52ms
52ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:21 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 48ms
48ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:21 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 166ms
166ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f63887cb683a44f44a17ec63843d50e9837ad03d56bd3f01aed68e020914899

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D60D53A279C34294A37B44CA833D8B14F|fe9b8582c0d96af381d293a2d11d8a7f; _gid=GA1.2.1967650473.1628250557; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=20453335-5579-4e4e-b755-52aa1f1205a7; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250557.1.1.1628250561.0; _ga=GA1.1.1821568338.1628250557; XSRF-TOKEN=eyJpdiI6Ik9Wc1BwNkZxWjRScjVwc0RrTFRpZ0E9PSIsInZhbHVlIjoiRWF0dFhHcVNpZk1LcDJLUnppQmduWThNUFlKTG5OOW96T3FOY1JwVUZPS0pzOHd1MlB0bVFYcVllb2NoSHV4eCIsIm1hYyI6IjEzZGRmZTA3ODQ4YjMzNWNjN2I1ZWM2N2E2NTIwOWI4NDNhMjY2ZWE4NDU5ZGRiNzI3MTExZmEwZTcyZDQ1ODUifQ%3D%3D; c=eyJpdiI6IjA4Wk1hdEttam1qVDM0bnZ2Z3ZnK3c9PSIsInZhbHVlIjoiUjBGQnZ0NkJsWTNxd0JRWDNiMkV3NGo1K2xpYzYrZGYrWU1TNHhPV3ZCU2orNEU3bFMrYzc5dXd4Ukg3d0ZUMCIsIm1hYyI6ImE4OTVlZTk1OTFiY2FhZWMyMjQzYmMzZDAyNzVjZDIzOTk5OGMyNjMzY2FlZTg4YjAxZThkMzAzYWE4MWI0MTQifQ%3D%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IkxSMldvVWZvRmNYQ2poQ3YxNWsrUGc9PSIsInZhbHVlIjoiVHZxQ2tXVCtzOFZPNDFKZVNQNTZFSjZ0M1I5bEc4OXhSOVwvWjRSaEJFbG83ZFhGU2k5MTIzWEFxa3I2cEVRODEiLCJtYWMiOiIwZmI4MTU4NjczMDNiNDc3NjdmNjQyZjQ1ZDJhMWUxZmU3ZGJkODllMTBmYjA3ZDNmOThiNGY5MDQ3OTk4MjhiIn0%3D; expires=Fri, 06-Aug-2021 13:49:21 GMT; Max-Age=7200; path=/ c=eyJpdiI6Ik5BNFlrY096dE9hRXBKUU5ZQlhoM1E9PSIsInZhbHVlIjoiVGZLV1IwYnVGeGY2VEl1WkhRb1FMWXU2VXA0RnF6b0xoMEJLUUVPbHg0U3dzdUFaXC91TzFkZWwrNVVQR2ZITTgiLCJtYWMiOiJiYTE1ZmU0MjJiOWNkYzk2NGIzNWIwZjdjODc2N2YzNDUzZGM3ZjcyNDk1Y2UwMTUyODRhNGFlZTY2OTBiNWFhIn0%3D; expires=Fri, 06-Aug-2021 13:49:21 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 2
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C9cke4KRFinOAM9nsIQU4v9st2Q2MHLPy737OTZxpZBw4lUTagD1FlgwvlC46sKjcsRqPBlmJQAlica4IoYQFe5Q43OcnQlBmow8ls1F5cYJ9I1zR7KPu19LzQWsGisJsAag9Z9oBkEk5ZA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67a80a9acc0742f7-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 47ms
47ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 06 Aug 2021 11:49:21 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 17ms
16ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IkxSMldvVWZvRmNYQ2poQ3YxNWsrUGc9PSIsInZhbHVlIjoiVHZxQ2tXVCtzOFZPNDFKZVNQNTZFSjZ0M1I5bEc4OXhSOVwvWjRSaEJFbG83ZFhGU2k5MTIzWEFxa3I2cEVRODEiLCJtYWMiOiIwZmI4MTU4NjczMDNiNDc3NjdmNjQyZjQ1ZDJhMWUxZmU3ZGJkODllMTBmYjA3ZDNmOThiNGY5MDQ3OTk4MjhiIn0%3D; c=eyJpdiI6Ik5BNFlrY096dE9hRXBKUU5ZQlhoM1E9PSIsInZhbHVlIjoiVGZLV1IwYnVGeGY2VEl1WkhRb1FMWXU2VXA0RnF6b0xoMEJLUUVPbHg0U3dzdUFaXC91TzFkZWwrNVVQR2ZITTgiLCJtYWMiOiJiYTE1ZmU0MjJiOWNkYzk2NGIzNWIwZjdjODc2N2YzNDUzZGM3ZjcyNDk1Y2UwMTUyODRhNGFlZTY2OTBiNWFhIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3672
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fkKRNQE8z2O39QOzqHm2gwBG1DoVqV%2FCrCZZXtgtn03TkipjNp1EO3yHYAVFEkYzx9tNGEmZCFrf0ynA%2Bh%2BvOrrYsBWWbH8VQaiuoG0cGhvniH%2BnkC%2Bim9ApaDSj1Ivp9%2BhzO7%2F%2FxH7BWeo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a9bef3542f7-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
759 B 22ms
21ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IkxSMldvVWZvRmNYQ2poQ3YxNWsrUGc9PSIsInZhbHVlIjoiVHZxQ2tXVCtzOFZPNDFKZVNQNTZFSjZ0M1I5bEc4OXhSOVwvWjRSaEJFbG83ZFhGU2k5MTIzWEFxa3I2cEVRODEiLCJtYWMiOiIwZmI4MTU4NjczMDNiNDc3NjdmNjQyZjQ1ZDJhMWUxZmU3ZGJkODllMTBmYjA3ZDNmOThiNGY5MDQ3OTk4MjhiIn0%3D; c=eyJpdiI6Ik5BNFlrY096dE9hRXBKUU5ZQlhoM1E9PSIsInZhbHVlIjoiVGZLV1IwYnVGeGY2VEl1WkhRb1FMWXU2VXA0RnF6b0xoMEJLUUVPbHg0U3dzdUFaXC91TzFkZWwrNVVQR2ZITTgiLCJtYWMiOiJiYTE1ZmU0MjJiOWNkYzk2NGIzNWIwZjdjODc2N2YzNDUzZGM3ZjcyNDk1Y2UwMTUyODRhNGFlZTY2OTBiNWFhIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3672
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0uDOqSsXsMaTsxqHgSUwJEgUdQLsTD2FF3%2B2US805E8bFpTBdXQZYE9VXSaTE57%2BPGI4ufvncup8B1mTC9xjRvB6dOlVjrueKGTT3WinMGGDLbUw2ueDZ16Cwz9j0Y1Jd9qX0PY3iL6Yxts%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80a9bef3842f7-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 9ms
8ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000049794a1-0060df28ef-12ed1804-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 52ms
51ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 27ms
21ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 28ms
22ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 23ms
18ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IkxSMldvVWZvRmNYQ2poQ3YxNWsrUGc9PSIsInZhbHVlIjoiVHZxQ2tXVCtzOFZPNDFKZVNQNTZFSjZ0M1I5bEc4OXhSOVwvWjRSaEJFbG83ZFhGU2k5MTIzWEFxa3I2cEVRODEiLCJtYWMiOiIwZmI4MTU4NjczMDNiNDc3NjdmNjQyZjQ1ZDJhMWUxZmU3ZGJkODllMTBmYjA3ZDNmOThiNGY5MDQ3OTk4MjhiIn0%3D; c=eyJpdiI6Ik5BNFlrY096dE9hRXBKUU5ZQlhoM1E9PSIsInZhbHVlIjoiVGZLV1IwYnVGeGY2VEl1WkhRb1FMWXU2VXA0RnF6b0xoMEJLUUVPbHg0U3dzdUFaXC91TzFkZWwrNVVQR2ZITTgiLCJtYWMiOiJiYTE1ZmU0MjJiOWNkYzk2NGIzNWIwZjdjODc2N2YzNDUzZGM3ZjcyNDk1Y2UwMTUyODRhNGFlZTY2OTBiNWFhIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3671
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:28:14 GMT
server: cloudflare
etag: "610d0ebe-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uh3IUuLOoA7JK1%2BRs9869DinT6cLxh3Tmx3R95bU6uu9dw9ryqyEjeGAel5XQcVMmac3Q3FLv4%2FzXUEpyIleiHvmxT7%2FQJZ39c9rFLbYvX8mAwzGTKqr2BfyptoM3FiklM1aLLJBG2zk9sA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a9c485842f7-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 27ms
22ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 28ms
22ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794ba-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 28ms
23ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b6-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 18ms
17ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bc-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 18ms
17ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794be-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 11ms
5ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 11ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 10ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bd-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 7ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 7ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bc-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 7ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bb-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
5ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b8-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a5-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 8ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 8ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a3-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 20ms
17ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IkxSMldvVWZvRmNYQ2poQ3YxNWsrUGc9PSIsInZhbHVlIjoiVHZxQ2tXVCtzOFZPNDFKZVNQNTZFSjZ0M1I5bEc4OXhSOVwvWjRSaEJFbG83ZFhGU2k5MTIzWEFxa3I2cEVRODEiLCJtYWMiOiIwZmI4MTU4NjczMDNiNDc3NjdmNjQyZjQ1ZDJhMWUxZmU3ZGJkODllMTBmYjA3ZDNmOThiNGY5MDQ3OTk4MjhiIn0%3D; c=eyJpdiI6Ik5BNFlrY096dE9hRXBKUU5ZQlhoM1E9PSIsInZhbHVlIjoiVGZLV1IwYnVGeGY2VEl1WkhRb1FMWXU2VXA0RnF6b0xoMEJLUUVPbHg0U3dzdUFaXC91TzFkZWwrNVVQR2ZITTgiLCJtYWMiOiJiYTE1ZmU0MjJiOWNkYzk2NGIzNWIwZjdjODc2N2YzNDUzZGM3ZjcyNDk1Y2UwMTUyODRhNGFlZTY2OTBiNWFhIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3671
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BMS2N6WlmO5AdEErVaz0hbEXvco6bBnk7EXHIja9j40FGNC%2F0xwqwrgR%2BSdskpjoeYwKceaBSMZ7T%2FKXb02J5T%2BjP2eXDzWeTtuAAOLovu3IKU4hft76cmlZclR%2Br8waK%2FP4aFdkW2L6yeQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67a80a9c486042f7-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 9ms
8ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IkxSMldvVWZvRmNYQ2poQ3YxNWsrUGc9PSIsInZhbHVlIjoiVHZxQ2tXVCtzOFZPNDFKZVNQNTZFSjZ0M1I5bEc4OXhSOVwvWjRSaEJFbG83ZFhGU2k5MTIzWEFxa3I2cEVRODEiLCJtYWMiOiIwZmI4MTU4NjczMDNiNDc3NjdmNjQyZjQ1ZDJhMWUxZmU3ZGJkODllMTBmYjA3ZDNmOThiNGY5MDQ3OTk4MjhiIn0%3D; c=eyJpdiI6Ik5BNFlrY096dE9hRXBKUU5ZQlhoM1E9PSIsInZhbHVlIjoiVGZLV1IwYnVGeGY2VEl1WkhRb1FMWXU2VXA0RnF6b0xoMEJLUUVPbHg0U3dzdUFaXC91TzFkZWwrNVVQR2ZITTgiLCJtYWMiOiJiYTE1ZmU0MjJiOWNkYzk2NGIzNWIwZjdjODc2N2YzNDUzZGM3ZjcyNDk1Y2UwMTUyODRhNGFlZTY2OTBiNWFhIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 03 Aug 2021 14:21:05 GMT
server: cloudflare
etag: W/"610950d1-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q1sokyM1jQ5p5YOZzhxvzWomaGd2o4n47UYml14zpF76JphE48ka0fA%2BaEDyl6iNMHRt0yXuT0hIm0Jv4hjS0f7CxsOoP5tra4%2FZ9QFogG465M8ta01cuSBAxQoGUbUV770g2sV2neUgyi0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a9c1f9a42f7-FRA
vary: Accept-Encoding
expires: Sun, 08 Aug 2021 11:49:21 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 13ms
12ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IkxSMldvVWZvRmNYQ2poQ3YxNWsrUGc9PSIsInZhbHVlIjoiVHZxQ2tXVCtzOFZPNDFKZVNQNTZFSjZ0M1I5bEc4OXhSOVwvWjRSaEJFbG83ZFhGU2k5MTIzWEFxa3I2cEVRODEiLCJtYWMiOiIwZmI4MTU4NjczMDNiNDc3NjdmNjQyZjQ1ZDJhMWUxZmU3ZGJkODllMTBmYjA3ZDNmOThiNGY5MDQ3OTk4MjhiIn0%3D; c=eyJpdiI6Ik5BNFlrY096dE9hRXBKUU5ZQlhoM1E9PSIsInZhbHVlIjoiVGZLV1IwYnVGeGY2VEl1WkhRb1FMWXU2VXA0RnF6b0xoMEJLUUVPbHg0U3dzdUFaXC91TzFkZWwrNVVQR2ZITTgiLCJtYWMiOiJiYTE1ZmU0MjJiOWNkYzk2NGIzNWIwZjdjODc2N2YzNDUzZGM3ZjcyNDk1Y2UwMTUyODRhNGFlZTY2OTBiNWFhIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3671
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:36 GMT
server: cloudflare
etag: W/"610d0f4c-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wiZgTecME8U0jJ%2F50qoj9rLy72lNWsnI%2Fhhbn6hbudA1mPHC%2FSBt1odzX03BZUzlsMaBRcRbtaY0HRLWfxEyqi6yMu90Gsy1M8HLRpoV5II6MulMlIXfhvyyfv%2FAfsWLhrCF3QeIYfC9mJQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a9c2fc742f7-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 25ms
25ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IkxSMldvVWZvRmNYQ2poQ3YxNWsrUGc9PSIsInZhbHVlIjoiVHZxQ2tXVCtzOFZPNDFKZVNQNTZFSjZ0M1I5bEc4OXhSOVwvWjRSaEJFbG83ZFhGU2k5MTIzWEFxa3I2cEVRODEiLCJtYWMiOiIwZmI4MTU4NjczMDNiNDc3NjdmNjQyZjQ1ZDJhMWUxZmU3ZGJkODllMTBmYjA3ZDNmOThiNGY5MDQ3OTk4MjhiIn0%3D; c=eyJpdiI6Ik5BNFlrY096dE9hRXBKUU5ZQlhoM1E9PSIsInZhbHVlIjoiVGZLV1IwYnVGeGY2VEl1WkhRb1FMWXU2VXA0RnF6b0xoMEJLUUVPbHg0U3dzdUFaXC91TzFkZWwrNVVQR2ZITTgiLCJtYWMiOiJiYTE1ZmU0MjJiOWNkYzk2NGIzNWIwZjdjODc2N2YzNDUzZGM3ZjcyNDk1Y2UwMTUyODRhNGFlZTY2OTBiNWFhIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4594
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vERW9JZkUznQ9nNNOePztR4m62nngySmKx5nuh2PQT%2BXMkwp%2FYantLANjtcPvrcRZ2bDSY%2Fnv5R1DPt7TFp907Kk9z%2B44ozytqj3QWAHO%2FkyFpyLHlQ8%2BFeqw%2FXlIqJU6xi9DTWBWzTPzok%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80a9c381942f7-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 8ms
8ms Script
application/javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx00000000000000495929e-0060df28ef-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 54ms
51ms Script
text/plain 18.195.123.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.123.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-123-247.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:21 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 153ms
50ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:22 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 20ms
18ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ebf9aea91580923f108d8e9c9fa03581c3c58fcd1ab8712d4ed593fbde60062

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Jul 2021 15:47:47 GMT
server: cloudflare
age: 4762
etag: W/"61041f23-9787"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VO67%2BdzYj1tsnj3pSuDNazXnZLXxiMijP3Vh%2BDRCISofeQcQYSnRgOxZ273nUBYz4xotCJiGWLB4gBIz3d%2BEgKTpxtjDhYhpzlR9y3QsviIOVCf8rOtHwy9gPkRtqn9JHOu%2FCzhglbR0J5Wt6g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80a9c4c0c4a67-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
41 KB 17ms
15ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ee25e98eb177cc22fba819b261e53fdcdb837d1ca65533dbc186fa9f1f9550a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41863
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Aug 2021 11:49:21 GMT

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 52ms
51ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.9157601133357662
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: b29ae543915e7cb76345185f728909c589c27327cb6c0d51f7396d5f6acf1b62

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:21 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 23ms
22ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a8f778-0060df3204-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 19ms
19ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593a6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:21 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 9ms
7ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593e6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:22 GMT

HEAD
H2 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 41ms
38ms Fetch
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
etag: 14869471898732562513
vary: Accept-Encoding, Origin
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private, max-age=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:22 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 49ms
47ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 6ea7f0797f15c05234cec6600782b57fd76b282f55414927ff21b520070fbefd

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:22 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
540 B 52ms
51ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

80801878b3e2bd0f071f62df1eeff677a35ed8c6ff048dddf6dc123b8b074dba

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 48ms
48ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:22 GMT
Server: nginx/1.19.10
Etag: c4654687-fd1b-4733-8146-d2c4b8e12f3a
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H2 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 18ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:22 GMT

GET
H2 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 19ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:22 GMT

GET
H2 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 17ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:22 GMT

GET
H2 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 17ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:22 GMT

GET
H2 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 18ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:22 GMT

GET
H3-29 200 locate Show response
tgfunnls.org/ 141 B
1 KB 65ms
65ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6ffea4eb17e3268759f83f8abca64a9ed7755ff19d8d6b05e7aa354ae6d4f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6IkxSMldvVWZvRmNYQ2poQ3YxNWsrUGc9PSIsInZhbHVlIjoiVHZxQ2tXVCtzOFZPNDFKZVNQNTZFSjZ0M1I5bEc4OXhSOVwvWjRSaEJFbG83ZFhGU2k5MTIzWEFxa3I2cEVRODEiLCJtYWMiOiIwZmI4MTU4NjczMDNiNDc3NjdmNjQyZjQ1ZDJhMWUxZmU3ZGJkODllMTBmYjA3ZDNmOThiNGY5MDQ3OTk4MjhiIn0=
accept-language: en-US
sec-fetch-dest: empty
cookie: XSRF-TOKEN=eyJpdiI6IkxSMldvVWZvRmNYQ2poQ3YxNWsrUGc9PSIsInZhbHVlIjoiVHZxQ2tXVCtzOFZPNDFKZVNQNTZFSjZ0M1I5bEc4OXhSOVwvWjRSaEJFbG83ZFhGU2k5MTIzWEFxa3I2cEVRODEiLCJtYWMiOiIwZmI4MTU4NjczMDNiNDc3NjdmNjQyZjQ1ZDJhMWUxZmU3ZGJkODllMTBmYjA3ZDNmOThiNGY5MDQ3OTk4MjhiIn0%3D; c=eyJpdiI6Ik5BNFlrY096dE9hRXBKUU5ZQlhoM1E9PSIsInZhbHVlIjoiVGZLV1IwYnVGeGY2VEl1WkhRb1FMWXU2VXA0RnF6b0xoMEJLUUVPbHg0U3dzdUFaXC91TzFkZWwrNVVQR2ZITTgiLCJtYWMiOiJiYTE1ZmU0MjJiOWNkYzk2NGIzNWIwZjdjODc2N2YzNDUzZGM3ZjcyNDk1Y2UwMTUyODRhNGFlZTY2OTBiNWFhIn0%3D
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IkxSMldvVWZvRmNYQ2poQ3YxNWsrUGc9PSIsInZhbHVlIjoiVHZxQ2tXVCtzOFZPNDFKZVNQNTZFSjZ0M1I5bEc4OXhSOVwvWjRSaEJFbG83ZFhGU2k5MTIzWEFxa3I2cEVRODEiLCJtYWMiOiIwZmI4MTU4NjczMDNiNDc3NjdmNjQyZjQ1ZDJhMWUxZmU3ZGJkODllMTBmYjA3ZDNmOThiNGY5MDQ3OTk4MjhiIn0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RG4IzwCUhMJnpZbK%2FN1yLqN46gyWQ5teQfpwNru8kriRi%2Fg7fJTATMhfy506p2h%2FTFAFTmyCC%2Be2YMmyCxxkNQP3EUZ%2BxHJg1aoAyHW7EfqJ%2FFJavYMsRh5U9IPwoK%2BHPboEvELDt0979V0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IllrTVRneUVsdmpzNkZcLzZZRjF1QjlRPT0iLCJ2YWx1ZSI6InlQNlhsdURHd3MwcG5YWFwvZ2FjSktaMjRoV0JxdVpNdHdSTUxZb2NYb0ZcL0pyWFhuVDJoMzhtSXMrVGFrVnNPZiIsIm1hYyI6IjNlNWFjYTlhNDZkMDIwOTMzOWMzYzA3MTY4N2Y2ZDE1MTU2MGY3ZDQzZTdjMzMzYmEzZWJkOWU0NjliZmQxOTYifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:22 GMT; Max-Age=7200; path=/ c=eyJpdiI6InFRM2NROXRwc1pvcmhFbUVYWWdpMXc9PSIsInZhbHVlIjoiMWZUZGZxYUdCQWRoXC9zbWxLODBkV2p3cDV3OUhcL3JTSmZCNTB4dVlmNHVNMDI5ZTk5YitxNTJHUWR2RzF4Q290IiwibWFjIjoiZTdiOTJhNzEwYzM1NTFjODE2MGNlYWQ2ZWE3ZTFlOGE3ZGYwMDAzYTdlNDQ1MzE4MDk0YjViZGNkODc0NDZjOSJ9; expires=Fri, 06-Aug-2021 13:49:22 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a9d1acb42f7-FRA

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 12ms
11ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IkxSMldvVWZvRmNYQ2poQ3YxNWsrUGc9PSIsInZhbHVlIjoiVHZxQ2tXVCtzOFZPNDFKZVNQNTZFSjZ0M1I5bEc4OXhSOVwvWjRSaEJFbG83ZFhGU2k5MTIzWEFxa3I2cEVRODEiLCJtYWMiOiIwZmI4MTU4NjczMDNiNDc3NjdmNjQyZjQ1ZDJhMWUxZmU3ZGJkODllMTBmYjA3ZDNmOThiNGY5MDQ3OTk4MjhiIn0%3D; c=eyJpdiI6Ik5BNFlrY096dE9hRXBKUU5ZQlhoM1E9PSIsInZhbHVlIjoiVGZLV1IwYnVGeGY2VEl1WkhRb1FMWXU2VXA0RnF6b0xoMEJLUUVPbHg0U3dzdUFaXC91TzFkZWwrNVVQR2ZITTgiLCJtYWMiOiJiYTE1ZmU0MjJiOWNkYzk2NGIzNWIwZjdjODc2N2YzNDUzZGM3ZjcyNDk1Y2UwMTUyODRhNGFlZTY2OTBiNWFhIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2325
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:55:13 GMT
server: cloudflare
etag: "610d1511-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IoIQ5oRP32uiCjeYHpvwjs%2FbvrE%2BRbxJ03bO27vXPpYiulFn%2BYR3ZdqiegxkW42aYw%2BCvamjQY%2BQUuypArgqb8CV%2FXEP%2FqcxzMOEyLn2gk9wGZaABAUz1oBNSGtqFquTqUnv4WnOCw2eWH4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80a9d1ace42f7-FRA

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 47ms
47ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:22 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 47ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:22 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK 1429e042-b312-469f-b7d2-daba708ec8fd
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/1429e042-b312-469f-b7d2-daba708ec8fd
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 14ms
14ms Image
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 47ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:22 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 47ms
47ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:22 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

caf7ecf5748d7e3e027c4c06c569b3a6fb8f0f78f0dc3ff8c888b2299747e496

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51136
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:22 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2141
date: Fri, 06 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 55ms
54ms Script
application/javascript 13.224.96.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d4261e9b3b427b4faba85d775a6dbd131cf86cbd42945ba05ae2ebad8f8f36e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 4
etag: W/4e117f3a38c123981a4b3509540d1697
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: 3xcvKoyYgFHP3CqCxJlkjA4CnKq00JyXscp-OpDJniGCsDIVai59Kw==
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 186ms
185ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6IllrTVRneUVsdmpzNkZcLzZZRjF1QjlRPT0iLCJ2YWx1ZSI6InlQNlhsdURHd3MwcG5YWFwvZ2FjSktaMjRoV0JxdVpNdHdSTUxZb2NYb0ZcL0pyWFhuVDJoMzhtSXMrVGFrVnNPZiIsIm1hYyI6IjNlNWFjYTlhNDZkMDIwOTMzOWMzYzA3MTY4N2Y2ZDE1MTU2MGY3ZDQzZTdjMzMzYmEzZWJkOWU0NjliZmQxOTYifQ==
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=eyJpdiI6IllrTVRneUVsdmpzNkZcLzZZRjF1QjlRPT0iLCJ2YWx1ZSI6InlQNlhsdURHd3MwcG5YWFwvZ2FjSktaMjRoV0JxdVpNdHdSTUxZb2NYb0ZcL0pyWFhuVDJoMzhtSXMrVGFrVnNPZiIsIm1hYyI6IjNlNWFjYTlhNDZkMDIwOTMzOWMzYzA3MTY4N2Y2ZDE1MTU2MGY3ZDQzZTdjMzMzYmEzZWJkOWU0NjliZmQxOTYifQ%3D%3D; c=eyJpdiI6InFRM2NROXRwc1pvcmhFbUVYWWdpMXc9PSIsInZhbHVlIjoiMWZUZGZxYUdCQWRoXC9zbWxLODBkV2p3cDV3OUhcL3JTSmZCNTB4dVlmNHVNMDI5ZTk5YitxNTJHUWR2RzF4Q290IiwibWFjIjoiZTdiOTJhNzEwYzM1NTFjODE2MGNlYWQ2ZWE3ZTFlOGE3ZGYwMDAzYTdlNDQ1MzE4MDk0YjViZGNkODc0NDZjOSJ9
content-length: 179
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IllrTVRneUVsdmpzNkZcLzZZRjF1QjlRPT0iLCJ2YWx1ZSI6InlQNlhsdURHd3MwcG5YWFwvZ2FjSktaMjRoV0JxdVpNdHdSTUxZb2NYb0ZcL0pyWFhuVDJoMzhtSXMrVGFrVnNPZiIsIm1hYyI6IjNlNWFjYTlhNDZkMDIwOTMzOWMzYzA3MTY4N2Y2ZDE1MTU2MGY3ZDQzZTdjMzMzYmEzZWJkOWU0NjliZmQxOTYifQ==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WABOUWnF7LdWa4Uh%2FAvs3j6YfxwiHip28xNpc8cyWXStlZ%2FGdTeMORFzdR5cHZ3P0DsZ2HBIhgmCWGR2YpNmaTnFJ9vh4bEEG%2FizaZxOFwgui6CmuAu2DRK%2BYvGYT1yNk7G%2F2dO%2FbY4zmFk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjJmaEJtQTcrUjhrV3RcLzBKdUZOeGRRPT0iLCJ2YWx1ZSI6IjB0NGxXSnM4bklxRlwvZmZvVXNYMkVGTkg2bmk4M0VYcG10RmpYMGMzNERTZUZUWkZPczA3Q1FMV3hEazdIYlRvIiwibWFjIjoiMjYyNjhkN2Y0ZDQ2Y2Y2NmNiZTMzODYzOWU0NjQ4OWI1YTRhMmM5MWQ5MjI3YWExMTIyOWIyM2MzZDIxYWNiZSJ9; expires=Fri, 06-Aug-2021 13:49:22 GMT; Max-Age=7200; path=/ c=eyJpdiI6IklKQVhoU0JoQVBnbHV0ekJVcEZrNEE9PSIsInZhbHVlIjoibjQ1c3NtK0pkNXZTK2pTNlwvK3FhbCs5ZEU2XC9JWGpMdFJBdkdocHRrOEwzRmo1T1d6YWdnMWFvMklXbk1hdjNsIiwibWFjIjoiNWU3OTg2OGZkMWI5ZDExODA5MGZlZDViN2M0YjZkMWRjMzQyMjc2MTdmZWY0YWU1MzkyMjBiYTJjODE0ZDdjNCJ9; expires=Fri, 06-Aug-2021 13:49:22 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80a9dac3242f7-FRA

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.9157601133357662
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: b6a6463b285c1fdc27b7022ff01564762e81117074a3f3781cc931fe389afc70

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-f3a3"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62371
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 121ms
121ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D2252A66867B4271FEDDACC5ED674072A&h=0345963cf3ce5aea161bc3f4dc901c6e&t=false&r=0.5933456080536494

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:21 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
28 B 13ms
13ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=1545890575&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=706044885&gjid=1569392983&cid=1201118004.1628250562&tid=UA-192660002-1&_gid=477042603.1628250562&_r=1&gtm=2wg840MSK8GMG&z=1637043341

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 collect
www.google-analytics.com/g/ 0
22 B 14ms
13ms Ping
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-Y6C8Y8V9BH&gtm=2oe840&_p=1545890575&sr=1600x1200&ul=en-us&cid=1201118004.1628250562&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&dr=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&dt=Daily%20Profit&sid=1628250562&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:22 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-192660002-1&cid=1201118004.1628250562&jid=706044885&gjid=1569392983&_gid=477042603.1628250562&_u=YEBAAEAAAAAAAC~&z=341119687

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 06 Aug 2021 11:49:22 GMT
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 62ms
61ms Script
application/javascript 13.224.96.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77477
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: FuT9fuUzh3LPv0me4lR5V7nFs7BqT3tVFf91gMRvdo8VeLroOH4g2A==

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 49ms
48ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.3708019663818318&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 18ms
17ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-192660002-1&cid=1201118004.1628250562&jid=706044885&_u=YEBAAEAAAAAAAC~&z=82762394

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 19ms
18ms Image
image/gif 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-192660002-1&cid=1201118004.1628250562&jid=706044885&_u=YEBAAEAAAAAAAC~&z=82762394

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 51ms
50ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.8617471464972946
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame A1BD 2 KB
1 KB 56ms
55ms Document
text/html 13.224.96.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-92.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: zej2O3BD3B2mjd3zsjxYPAl8Pi_WmNZSBQoE4BXH8VtcdSEjoEnA4g==
age: 1683172

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 49ms
48ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:21 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-133"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 49ms
49ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:22 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 48ms
47ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:22 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js
cdn.pushcrew.com/js/ 248 KB
70 KB 129ms
128ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Fri, 06 Aug 2021 12:19:22 GMT

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 226ms
225ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8dc08e79aa2722c475e058d943e12d66c16e6f5b488ebc6f995bc0e15c7e13e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.0.1628250562.0; _ga=GA1.1.1201118004.1628250562; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjJmaEJtQTcrUjhrV3RcLzBKdUZOeGRRPT0iLCJ2YWx1ZSI6IjB0NGxXSnM4bklxRlwvZmZvVXNYMkVGTkg2bmk4M0VYcG10RmpYMGMzNERTZUZUWkZPczA3Q1FMV3hEazdIYlRvIiwibWFjIjoiMjYyNjhkN2Y0ZDQ2Y2Y2NmNiZTMzODYzOWU0NjQ4OWI1YTRhMmM5MWQ5MjI3YWExMTIyOWIyM2MzZDIxYWNiZSJ9; c=eyJpdiI6IklKQVhoU0JoQVBnbHV0ekJVcEZrNEE9PSIsInZhbHVlIjoibjQ1c3NtK0pkNXZTK2pTNlwvK3FhbCs5ZEU2XC9JWGpMdFJBdkdocHRrOEwzRmo1T1d6YWdnMWFvMklXbk1hdjNsIiwibWFjIjoiNWU3OTg2OGZkMWI5ZDExODA5MGZlZDViN2M0YjZkMWRjMzQyMjc2MTdmZWY0YWU1MzkyMjBiYTJjODE0ZDdjNCJ9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IklvMjhVbHFraW9XSW5wa3V3XC9tTEdRPT0iLCJ2YWx1ZSI6IkttZ0hGUGZcL1wvT0JNdTU3ak9yeVRMWUNobVFlMXlNY01NRVdEejVTQ2ttVWE1UFBQMlwveWptNnNVeTk5c040TkMiLCJtYWMiOiI0NmRmOTJmMDY5MWVmMDk1NGZmMWE1MWUyMGQzYzdkMjc3OTAyYTU1YmJjZDI3ZDM1NWM3OTZmM2Y3ZjI3OTY4In0%3D; expires=Fri, 06-Aug-2021 13:49:22 GMT; Max-Age=7200; path=/ c=eyJpdiI6IkdIS2Jta1wvQVRSdDBZT3g2M0FpS1VBPT0iLCJ2YWx1ZSI6IjYzdGg2TUNIWU9aSyt2STQzQlFrMG1JKytKa2l1V2wrdFFXSXFTbUluUUpMTXNcL2o3QysxZTJ5Uk9RenBFVVwvTSIsIm1hYyI6ImQxMWNjYTU4ODg1YjY0MmVkNWY5YWVlNzJjNDk2ZTNkODE5NjA0ZWUyNzc3ZDYzOWQ1ZDkxZjMyNGEzMGViN2YifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:22 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 1
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lNrHUlnx1DkdOYg4uz0j4GSPQo9OJqxkoSgywQ7Z33FPjJV9npWAwAoq7w2ccFD2z4lV8ezBjGLKciBD%2FyIopSzjcnkrBHsZZYG6%2BtMcMnRk%2BEj9VvYFpxXLqfnHN9%2BIYK11oN1LiyWI%2Bv4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67a80aa06ba142f7-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 47ms
47ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 06 Aug 2021 11:49:22 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 16ms
15ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.0.1628250562.0; _ga=GA1.1.1201118004.1628250562; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IklvMjhVbHFraW9XSW5wa3V3XC9tTEdRPT0iLCJ2YWx1ZSI6IkttZ0hGUGZcL1wvT0JNdTU3ak9yeVRMWUNobVFlMXlNY01NRVdEejVTQ2ttVWE1UFBQMlwveWptNnNVeTk5c040TkMiLCJtYWMiOiI0NmRmOTJmMDY5MWVmMDk1NGZmMWE1MWUyMGQzYzdkMjc3OTAyYTU1YmJjZDI3ZDM1NWM3OTZmM2Y3ZjI3OTY4In0%3D; c=eyJpdiI6IkdIS2Jta1wvQVRSdDBZT3g2M0FpS1VBPT0iLCJ2YWx1ZSI6IjYzdGg2TUNIWU9aSyt2STQzQlFrMG1JKytKa2l1V2wrdFFXSXFTbUluUUpMTXNcL2o3QysxZTJ5Uk9RenBFVVwvTSIsIm1hYyI6ImQxMWNjYTU4ODg1YjY0MmVkNWY5YWVlNzJjNDk2ZTNkODE5NjA0ZWUyNzc3ZDYzOWQ1ZDkxZjMyNGEzMGViN2YifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3673
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eT0qXHaYSk89cA2%2BF2qp0RYqNj%2BXJ8Ah8t0pIJ0BsUPAE6YpXAu1FEUGacRiACM%2FI1phVHCxkF4IPx%2FxCHwIkhV2KBNsB1rvPLlWbnP1skZH8ZSXlFQqO53y0K1v5VEF5JF7l4xlFOPc7gU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80aa1ef3d42f7-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
759 B 15ms
14ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.0.1628250562.0; _ga=GA1.1.1201118004.1628250562; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IklvMjhVbHFraW9XSW5wa3V3XC9tTEdRPT0iLCJ2YWx1ZSI6IkttZ0hGUGZcL1wvT0JNdTU3ak9yeVRMWUNobVFlMXlNY01NRVdEejVTQ2ttVWE1UFBQMlwveWptNnNVeTk5c040TkMiLCJtYWMiOiI0NmRmOTJmMDY5MWVmMDk1NGZmMWE1MWUyMGQzYzdkMjc3OTAyYTU1YmJjZDI3ZDM1NWM3OTZmM2Y3ZjI3OTY4In0%3D; c=eyJpdiI6IkdIS2Jta1wvQVRSdDBZT3g2M0FpS1VBPT0iLCJ2YWx1ZSI6IjYzdGg2TUNIWU9aSyt2STQzQlFrMG1JKytKa2l1V2wrdFFXSXFTbUluUUpMTXNcL2o3QysxZTJ5Uk9RenBFVVwvTSIsIm1hYyI6ImQxMWNjYTU4ODg1YjY0MmVkNWY5YWVlNzJjNDk2ZTNkODE5NjA0ZWUyNzc3ZDYzOWQ1ZDkxZjMyNGEzMGViN2YifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3673
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ia81ax2n%2FVwweamuAwZ8qGU9xQ1Vu2fOll1KKrRIFClKk2TwSjyFztNXGqkm8Z%2FDwLP87HXUhl3E%2Bbcvhsc8Xc6APEocNK4y9uX479JlKQdpdFxOoGXsUM1bFp5ei9aqt034exX6ZSrjldA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80aa1ef3f42f7-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 10ms
9ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000049794a1-0060df28ef-12ed1804-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 53ms
52ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 29ms
23ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 29ms
24ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 23ms
19ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.0.1628250562.0; _ga=GA1.1.1201118004.1628250562; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IklvMjhVbHFraW9XSW5wa3V3XC9tTEdRPT0iLCJ2YWx1ZSI6IkttZ0hGUGZcL1wvT0JNdTU3ak9yeVRMWUNobVFlMXlNY01NRVdEejVTQ2ttVWE1UFBQMlwveWptNnNVeTk5c040TkMiLCJtYWMiOiI0NmRmOTJmMDY5MWVmMDk1NGZmMWE1MWUyMGQzYzdkMjc3OTAyYTU1YmJjZDI3ZDM1NWM3OTZmM2Y3ZjI3OTY4In0%3D; c=eyJpdiI6IkdIS2Jta1wvQVRSdDBZT3g2M0FpS1VBPT0iLCJ2YWx1ZSI6IjYzdGg2TUNIWU9aSyt2STQzQlFrMG1JKytKa2l1V2wrdFFXSXFTbUluUUpMTXNcL2o3QysxZTJ5Uk9RenBFVVwvTSIsIm1hYyI6ImQxMWNjYTU4ODg1YjY0MmVkNWY5YWVlNzJjNDk2ZTNkODE5NjA0ZWUyNzc3ZDYzOWQ1ZDkxZjMyNGEzMGViN2YifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3672
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:28:14 GMT
server: cloudflare
etag: "610d0ebe-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nE4k3UDrEFTBc71%2BPKsOcIZBlByvPiHLurlV1AC9i4OOh319dt%2FWJTFCXyJaqJ%2FQYZblE%2BGvA7DluSdEORuQZBsRx1Q%2FsyYDZykfEzSLQmtznU6GHN8iSBGqM%2FzrGRhKlPzHP9ujW5wN6P4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80aa2483942f7-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 29ms
24ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 30ms
25ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794ba-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 30ms
25ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b6-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 21ms
20ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bc-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 22ms
22ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794be-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 13ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 13ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 10ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bd-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 11ms
8ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bc-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bb-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b8-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a5-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 8ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 9ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a3-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 20ms
17ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.0.1628250562.0; _ga=GA1.1.1201118004.1628250562; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IklvMjhVbHFraW9XSW5wa3V3XC9tTEdRPT0iLCJ2YWx1ZSI6IkttZ0hGUGZcL1wvT0JNdTU3ak9yeVRMWUNobVFlMXlNY01NRVdEejVTQ2ttVWE1UFBQMlwveWptNnNVeTk5c040TkMiLCJtYWMiOiI0NmRmOTJmMDY5MWVmMDk1NGZmMWE1MWUyMGQzYzdkMjc3OTAyYTU1YmJjZDI3ZDM1NWM3OTZmM2Y3ZjI3OTY4In0%3D; c=eyJpdiI6IkdIS2Jta1wvQVRSdDBZT3g2M0FpS1VBPT0iLCJ2YWx1ZSI6IjYzdGg2TUNIWU9aSyt2STQzQlFrMG1JKytKa2l1V2wrdFFXSXFTbUluUUpMTXNcL2o3QysxZTJ5Uk9RenBFVVwvTSIsIm1hYyI6ImQxMWNjYTU4ODg1YjY0MmVkNWY5YWVlNzJjNDk2ZTNkODE5NjA0ZWUyNzc3ZDYzOWQ1ZDkxZjMyNGEzMGViN2YifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3672
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EzF3ozceKDNVr6XRHWui%2FyeBT5MNKRCeI5NUp0Sgum7vodwFUGrqqT8a0N0dnQuU%2B3xijluscZmDJeSIkuTOA058qzvmKDtbfTzp66KB9SHVx9X2%2FhQmOzhdLI5nf6fuMTx8Kosehjxgm1k%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67a80aa2483e42f7-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 8ms
8ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.0.1628250562.0; _ga=GA1.1.1201118004.1628250562; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IklvMjhVbHFraW9XSW5wa3V3XC9tTEdRPT0iLCJ2YWx1ZSI6IkttZ0hGUGZcL1wvT0JNdTU3ak9yeVRMWUNobVFlMXlNY01NRVdEejVTQ2ttVWE1UFBQMlwveWptNnNVeTk5c040TkMiLCJtYWMiOiI0NmRmOTJmMDY5MWVmMDk1NGZmMWE1MWUyMGQzYzdkMjc3OTAyYTU1YmJjZDI3ZDM1NWM3OTZmM2Y3ZjI3OTY4In0%3D; c=eyJpdiI6IkdIS2Jta1wvQVRSdDBZT3g2M0FpS1VBPT0iLCJ2YWx1ZSI6IjYzdGg2TUNIWU9aSyt2STQzQlFrMG1JKytKa2l1V2wrdFFXSXFTbUluUUpMTXNcL2o3QysxZTJ5Uk9RenBFVVwvTSIsIm1hYyI6ImQxMWNjYTU4ODg1YjY0MmVkNWY5YWVlNzJjNDk2ZTNkODE5NjA0ZWUyNzc3ZDYzOWQ1ZDkxZjMyNGEzMGViN2YifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 03 Aug 2021 14:21:05 GMT
server: cloudflare
etag: W/"610950d1-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1FroMPrEAtguNjZARHiiovrdBaXlCvTKF2monjMZbb005YU%2FKgpcnnns%2FAjGrSys3%2FQtlcQbbnX3NwKqibyP%2BLc5y3CWiUTK5okXFK70M5KfGvPEmPjOdE26UtBqQxAwthpnkXYU8odT9Cs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80aa20f8b42f7-FRA
vary: Accept-Encoding
expires: Sun, 08 Aug 2021 11:49:22 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 22ms
16ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.0.1628250562.0; _ga=GA1.1.1201118004.1628250562; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IklvMjhVbHFraW9XSW5wa3V3XC9tTEdRPT0iLCJ2YWx1ZSI6IkttZ0hGUGZcL1wvT0JNdTU3ak9yeVRMWUNobVFlMXlNY01NRVdEejVTQ2ttVWE1UFBQMlwveWptNnNVeTk5c040TkMiLCJtYWMiOiI0NmRmOTJmMDY5MWVmMDk1NGZmMWE1MWUyMGQzYzdkMjc3OTAyYTU1YmJjZDI3ZDM1NWM3OTZmM2Y3ZjI3OTY4In0%3D; c=eyJpdiI6IkdIS2Jta1wvQVRSdDBZT3g2M0FpS1VBPT0iLCJ2YWx1ZSI6IjYzdGg2TUNIWU9aSyt2STQzQlFrMG1JKytKa2l1V2wrdFFXSXFTbUluUUpMTXNcL2o3QysxZTJ5Uk9RenBFVVwvTSIsIm1hYyI6ImQxMWNjYTU4ODg1YjY0MmVkNWY5YWVlNzJjNDk2ZTNkODE5NjA0ZWUyNzc3ZDYzOWQ1ZDkxZjMyNGEzMGViN2YifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3672
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:36 GMT
server: cloudflare
etag: W/"610d0f4c-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=10PEdVJYjO1kLMipomMt44PznJRea8RMMibvjzPfo9JHq764RZdU2J5n8SVTveBhhnfoLBlCsQYhKAiOmNV4FwHycKty4l31v7A5pObNeKqSwuNk9Puuf0VKGP66DC5n35ncE5G7w%2B14Dbs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80aa2483442f7-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 36ms
31ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.0.1628250562.0; _ga=GA1.1.1201118004.1628250562; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IklvMjhVbHFraW9XSW5wa3V3XC9tTEdRPT0iLCJ2YWx1ZSI6IkttZ0hGUGZcL1wvT0JNdTU3ak9yeVRMWUNobVFlMXlNY01NRVdEejVTQ2ttVWE1UFBQMlwveWptNnNVeTk5c040TkMiLCJtYWMiOiI0NmRmOTJmMDY5MWVmMDk1NGZmMWE1MWUyMGQzYzdkMjc3OTAyYTU1YmJjZDI3ZDM1NWM3OTZmM2Y3ZjI3OTY4In0%3D; c=eyJpdiI6IkdIS2Jta1wvQVRSdDBZT3g2M0FpS1VBPT0iLCJ2YWx1ZSI6IjYzdGg2TUNIWU9aSyt2STQzQlFrMG1JKytKa2l1V2wrdFFXSXFTbUluUUpMTXNcL2o3QysxZTJ5Uk9RenBFVVwvTSIsIm1hYyI6ImQxMWNjYTU4ODg1YjY0MmVkNWY5YWVlNzJjNDk2ZTNkODE5NjA0ZWUyNzc3ZDYzOWQ1ZDkxZjMyNGEzMGViN2YifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4595
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pB%2FRUoig7UHnfxTmTMgGpQY38058eao%2FuhtMVWEDDlAiXrlhoVlcdpsVcx1rrespam2uINAHLNl%2F9kIYgB3sHii3KGCM2nBurpqLEvOSkJ5ArXiBQPJopfq03tU%2BtGxy4BYnHXtUnYJrOvo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80aa2483642f7-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 12ms
7ms Script
application/javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx00000000000000495929e-0060df28ef-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 57ms
54ms Script
text/plain 18.195.123.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.123.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-123-247.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:22 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 154ms
51ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:23 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 31ms
28ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ebf9aea91580923f108d8e9c9fa03581c3c58fcd1ab8712d4ed593fbde60062

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Jul 2021 15:47:47 GMT
server: cloudflare
age: 4763
etag: W/"61041f23-9787"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fZ5K2xGJga0c4kEW115uw46hKL431ouvmP8WPt8bnxn4aob54AMnvNQ%2BbCUzf3Be3V9SMVLVsBABmszLa0PdFlWY9BcKbQO1WpU3OTEgK6VTTHnRmi5Gtgax3bqBcfnvHJaAGha2fcxe9E3yOg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80aa249a94401-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
41 KB 40ms
37ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ee25e98eb177cc22fba819b261e53fdcdb837d1ca65533dbc186fa9f1f9550a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41863
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Aug 2021 11:49:22 GMT

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 51ms
49ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.6317989062239935
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: ca64a1b49cb123f093a1e472ccc396219a8b6a689483e5560a90950d732eb6aa

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:22 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 21ms
20ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a8f778-0060df3204-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 23ms
22ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593a6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 9ms
7ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593e6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:22 GMT

GET
H3-29 200 tag-18c0c42595158c9943ee0260eecc4fc3.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/ 214 KB
61 KB 48ms
47ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.6317989062239935
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: b6a6463b285c1fdc27b7022ff01564762e81117074a3f3781cc931fe389afc70

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-f3a3"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62371
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 131ms
130ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D2252A66867B4271FEDDACC5ED674072A&h=0345963cf3ce5aea161bc3f4dc901c6e&t=false&r=0.36275085403234897

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:23 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 28ms
28ms Fetch
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 14869471898732562513
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 06 Aug 2021 11:49:23 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 47ms
46ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 99a94e2c2b2f906727415dd48e32790896e7caebfb15b64912252c44bb129503

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:23 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 49ms
49ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

57509dc2e3207e23bdf29a1c1a15b924f986d9a89d2d59bbdd388fcad8c1abf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:23 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 47ms
46ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:23 GMT
Server: nginx/1.19.10
Etag: 1149c003-a111-485e-9c66-101f4b666f1f
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 16ms
14ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:23 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:23 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 17ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:23 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:23 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 72ms
71ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:23 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:23 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 16ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:23 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:23 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 16ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:23 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:23 GMT

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 17ms
17ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.0.1628250562.0; _ga=GA1.1.1201118004.1628250562; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IklvMjhVbHFraW9XSW5wa3V3XC9tTEdRPT0iLCJ2YWx1ZSI6IkttZ0hGUGZcL1wvT0JNdTU3ak9yeVRMWUNobVFlMXlNY01NRVdEejVTQ2ttVWE1UFBQMlwveWptNnNVeTk5c040TkMiLCJtYWMiOiI0NmRmOTJmMDY5MWVmMDk1NGZmMWE1MWUyMGQzYzdkMjc3OTAyYTU1YmJjZDI3ZDM1NWM3OTZmM2Y3ZjI3OTY4In0%3D; c=eyJpdiI6IkdIS2Jta1wvQVRSdDBZT3g2M0FpS1VBPT0iLCJ2YWx1ZSI6IjYzdGg2TUNIWU9aSyt2STQzQlFrMG1JKytKa2l1V2wrdFFXSXFTbUluUUpMTXNcL2o3QysxZTJ5Uk9RenBFVVwvTSIsIm1hYyI6ImQxMWNjYTU4ODg1YjY0MmVkNWY5YWVlNzJjNDk2ZTNkODE5NjA0ZWUyNzc3ZDYzOWQ1ZDkxZjMyNGEzMGViN2YifQ%3D%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:23 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2326
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:55:13 GMT
server: cloudflare
etag: "610d1511-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VG5qjWL45u3rp4jyTJsoNYN1C55qemHLKsE1mxUMxgdJofF%2FB1ZL0UHsjtV7Kz4VADEaoE8WzyKV%2F9joeXIIprKU540O4rdrxHs6mbqSOdpKns1%2FYgd5RmxDem5qEgQ%2Fl85eR1xIH379cIY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80aa41d2e42f7-FRA

GET
H3-29 200 locate Show response
tgfunnls.org/ 141 B
1 KB 83ms
83ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6ffea4eb17e3268759f83f8abca64a9ed7755ff19d8d6b05e7aa354ae6d4f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6IklvMjhVbHFraW9XSW5wa3V3XC9tTEdRPT0iLCJ2YWx1ZSI6IkttZ0hGUGZcL1wvT0JNdTU3ak9yeVRMWUNobVFlMXlNY01NRVdEejVTQ2ttVWE1UFBQMlwveWptNnNVeTk5c040TkMiLCJtYWMiOiI0NmRmOTJmMDY5MWVmMDk1NGZmMWE1MWUyMGQzYzdkMjc3OTAyYTU1YmJjZDI3ZDM1NWM3OTZmM2Y3ZjI3OTY4In0=
accept-language: en-US
sec-fetch-dest: empty
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.0.1628250562.0; _ga=GA1.1.1201118004.1628250562; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IklvMjhVbHFraW9XSW5wa3V3XC9tTEdRPT0iLCJ2YWx1ZSI6IkttZ0hGUGZcL1wvT0JNdTU3ak9yeVRMWUNobVFlMXlNY01NRVdEejVTQ2ttVWE1UFBQMlwveWptNnNVeTk5c040TkMiLCJtYWMiOiI0NmRmOTJmMDY5MWVmMDk1NGZmMWE1MWUyMGQzYzdkMjc3OTAyYTU1YmJjZDI3ZDM1NWM3OTZmM2Y3ZjI3OTY4In0%3D; c=eyJpdiI6IkdIS2Jta1wvQVRSdDBZT3g2M0FpS1VBPT0iLCJ2YWx1ZSI6IjYzdGg2TUNIWU9aSyt2STQzQlFrMG1JKytKa2l1V2wrdFFXSXFTbUluUUpMTXNcL2o3QysxZTJ5Uk9RenBFVVwvTSIsIm1hYyI6ImQxMWNjYTU4ODg1YjY0MmVkNWY5YWVlNzJjNDk2ZTNkODE5NjA0ZWUyNzc3ZDYzOWQ1ZDkxZjMyNGEzMGViN2YifQ%3D%3D
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IklvMjhVbHFraW9XSW5wa3V3XC9tTEdRPT0iLCJ2YWx1ZSI6IkttZ0hGUGZcL1wvT0JNdTU3ak9yeVRMWUNobVFlMXlNY01NRVdEejVTQ2ttVWE1UFBQMlwveWptNnNVeTk5c040TkMiLCJtYWMiOiI0NmRmOTJmMDY5MWVmMDk1NGZmMWE1MWUyMGQzYzdkMjc3OTAyYTU1YmJjZDI3ZDM1NWM3OTZmM2Y3ZjI3OTY4In0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:23 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rHRT4Jwg9BivLK7Tn6ZyyU9mYB3G7LGjp7kqfR%2FFkGdBLl7OS3wKUwxM1%2FI4ZZ5gdh5k6qtIqwXyr5BzB5EZKoVWbDvNGw8UKLDfTlBP6wMqEG3dcpb5XEPWbPFPvGUzZaFUfrzgDXyFKVQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InpkV2ltSnlwSDNHTW1JVzA1NUVzbXc9PSIsInZhbHVlIjoiWHZFOWRpdU9EYVJMeEtTVFV1VnBONHpVd00yRUpVT3g0NUZOTnFpSjVVV2IzeW5nRGdhZ29cL0tKRkVhbm45UDgiLCJtYWMiOiI0NWI5MjhkYjVhMjNmN2JjZTY4ZmY5MGYxMjljMDdmMGFjYTc1NjE3ODE5ODBjNWEyOTM0ZmJkMTc0MWY1MDYxIn0%3D; expires=Fri, 06-Aug-2021 13:49:23 GMT; Max-Age=7200; path=/ c=eyJpdiI6IkRZWGxLS1VHbWFkQkl0SE1rSW1SaVE9PSIsInZhbHVlIjoiUjdLTTlBRDRtZjRBcUt1eDFJTHZSRk9zOFVDdUVBeVM1RzllT0RHTkV5TTF2ZDN6SG9INkU1dit5dldXTGZCXC8iLCJtYWMiOiI3OWQzM2M2Y2E1OGFiNTg1YWMzMDFjNzZiNGQyN2E5MDg2MTc0YzBiODMxNThlYzA5OTZlMWJhZjE3MmE3NWI4In0%3D; expires=Fri, 06-Aug-2021 13:49:23 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80aa45dcd42f7-FRA

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 47ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:23 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK 944a3694-3752-4c15-957b-7152e77c69e0
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/944a3694-3752-4c15-957b-7152e77c69e0
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 48ms
48ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:23 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 17ms
17ms Image
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

de85b8ee97824c5e846f3000562fd9b83fc14b62da6e812fbad4c9ad49eb0458

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:23 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51134
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:23 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2142
date: Fri, 06 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 55ms
54ms Script
application/javascript 13.224.96.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d4261e9b3b427b4faba85d775a6dbd131cf86cbd42945ba05ae2ebad8f8f36e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 5
etag: W/4e117f3a38c123981a4b3509540d1697
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: I7EP3tgVyDlRzgJF6XiNqfdCNBIJoL69pZV0qVAoIGmT-5gSuU9CBQ==
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 47ms
47ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:23 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 49ms
49ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:23 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 152ms
148ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6InpkV2ltSnlwSDNHTW1JVzA1NUVzbXc9PSIsInZhbHVlIjoiWHZFOWRpdU9EYVJMeEtTVFV1VnBONHpVd00yRUpVT3g0NUZOTnFpSjVVV2IzeW5nRGdhZ29cL0tKRkVhbm45UDgiLCJtYWMiOiI0NWI5MjhkYjVhMjNmN2JjZTY4ZmY5MGYxMjljMDdmMGFjYTc1NjE3ODE5ODBjNWEyOTM0ZmJkMTc0MWY1MDYxIn0=
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.0.1628250562.0; _ga=GA1.1.1201118004.1628250562; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6InpkV2ltSnlwSDNHTW1JVzA1NUVzbXc9PSIsInZhbHVlIjoiWHZFOWRpdU9EYVJMeEtTVFV1VnBONHpVd00yRUpVT3g0NUZOTnFpSjVVV2IzeW5nRGdhZ29cL0tKRkVhbm45UDgiLCJtYWMiOiI0NWI5MjhkYjVhMjNmN2JjZTY4ZmY5MGYxMjljMDdmMGFjYTc1NjE3ODE5ODBjNWEyOTM0ZmJkMTc0MWY1MDYxIn0%3D; c=eyJpdiI6IkRZWGxLS1VHbWFkQkl0SE1rSW1SaVE9PSIsInZhbHVlIjoiUjdLTTlBRDRtZjRBcUt1eDFJTHZSRk9zOFVDdUVBeVM1RzllT0RHTkV5TTF2ZDN6SG9INkU1dit5dldXTGZCXC8iLCJtYWMiOiI3OWQzM2M2Y2E1OGFiNTg1YWMzMDFjNzZiNGQyN2E5MDg2MTc0YzBiODMxNThlYzA5OTZlMWJhZjE3MmE3NWI4In0%3D
content-length: 179
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6InpkV2ltSnlwSDNHTW1JVzA1NUVzbXc9PSIsInZhbHVlIjoiWHZFOWRpdU9EYVJMeEtTVFV1VnBONHpVd00yRUpVT3g0NUZOTnFpSjVVV2IzeW5nRGdhZ29cL0tKRkVhbm45UDgiLCJtYWMiOiI0NWI5MjhkYjVhMjNmN2JjZTY4ZmY5MGYxMjljMDdmMGFjYTc1NjE3ODE5ODBjNWEyOTM0ZmJkMTc0MWY1MDYxIn0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 06 Aug 2021 11:49:23 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a%2BUqyhH82t7H1BPSzCxUvflSY0z2c1Zx64EJf9b264%2FfQxD%2F6AeWQhWhlqlduGFJ6L%2BA%2BslUqOz4rAtxZEJAsXpovyD75VJBL0YJFiE2eiPQHCQFHo4XJbxHImdD27LBNLpO2WkzDR3p4cs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImJMMlJTSG4rZHJlQ3J1UEhXUTBLK3c9PSIsInZhbHVlIjoiRzVuZWlcL29rN1BMQ0pHMExmZTl6MUpidFwvamFLTFh5ZWNoMUJEMmJ4S1wvOVNySDFyUGZETWRqOVRcL0NXY2dUVEsiLCJtYWMiOiI5Y2NjOTU5ODRmZWRhMDUwZGY1YzRlYzgyYmRiZTU4OGNlMDc4NTQ5Y2NjYjFkY2M3NDM0Yjg0OTJhNmZhOTExIn0%3D; expires=Fri, 06-Aug-2021 13:49:23 GMT; Max-Age=7200; path=/ c=eyJpdiI6IjBFMEw5NTVGeTFSV3BSWnNocldtMlE9PSIsInZhbHVlIjoieVRLQnBMQzlXUk14VjBJeHJRdkpzT3p5a25YS3V4SzZLUkpSWXFrMmNqYWZDZWMyTnpIYXpQU2RvdWZcL1lxVVwvIiwibWFjIjoiMmU3ZTkyN2NhOTJiZjgyNmVkM2QwNTdkMzdkOTM4Njc1MWRiMTM2NGU1ZTcwZGQ0OWY1MTExZDFjYzRiODUxYiJ9; expires=Fri, 06-Aug-2021 13:49:23 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80aa4ffa242f7-FRA

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 49ms
49ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.8786201790849821&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:23 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 52ms
51ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.7900142118919158
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:23 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
60 B 11ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=95461410&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=1201118004.1628250562&tid=UA-192660002-1&_gid=477042603.1628250562&gtm=2wg840MSK8GMG&z=1124701902

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 05:58:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 21043
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 62ms
62ms Script
application/javascript 13.224.96.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77478
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: XWWaZjYAulh7IWLeitIytGsD1gejIZxx2mpH4_EYhVqMI_HNeYtMdQ==

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 51ms
51ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:22 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-133"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 1921 2 KB
1 KB 55ms
54ms Document
text/html 13.224.96.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-92.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: 7azpMEcyZ1D4WZHP59EsBF7XAhlfmLQSDhjJKiveEjnvjVB4-t1Oew==
age: 1683173

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js
cdn.pushcrew.com/js/ 248 KB
70 KB 131ms
130ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:23 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Fri, 06 Aug 2021 12:19:23 GMT

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 53ms
52ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:23 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 47ms
47ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:23 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 185ms
184ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1fd3cade8071f7229a87ae67baa9e6bbdaeda2bf4c31223c9362a410027d42b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.1.1628250563.0; _ga=GA1.1.1201118004.1628250562; XSRF-TOKEN=eyJpdiI6ImJMMlJTSG4rZHJlQ3J1UEhXUTBLK3c9PSIsInZhbHVlIjoiRzVuZWlcL29rN1BMQ0pHMExmZTl6MUpidFwvamFLTFh5ZWNoMUJEMmJ4S1wvOVNySDFyUGZETWRqOVRcL0NXY2dUVEsiLCJtYWMiOiI5Y2NjOTU5ODRmZWRhMDUwZGY1YzRlYzgyYmRiZTU4OGNlMDc4NTQ5Y2NjYjFkY2M3NDM0Yjg0OTJhNmZhOTExIn0%3D; c=eyJpdiI6IjBFMEw5NTVGeTFSV3BSWnNocldtMlE9PSIsInZhbHVlIjoieVRLQnBMQzlXUk14VjBJeHJRdkpzT3p5a25YS3V4SzZLUkpSWXFrMmNqYWZDZWMyTnpIYXpQU2RvdWZcL1lxVVwvIiwibWFjIjoiMmU3ZTkyN2NhOTJiZjgyNmVkM2QwNTdkMzdkOTM4Njc1MWRiMTM2NGU1ZTcwZGQ0OWY1MTExZDFjYzRiODUxYiJ9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Fri, 06 Aug 2021 11:49:23 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjQzQ21Ea2V2NEU2YTFsRUpManBPNHc9PSIsInZhbHVlIjoiV1ZUN1h3TTF4YXBWWFVKMUZyM2ZJaEFIbndIRTNCWHVzNmRXNU5SaWFMQzRmOEVha010TzRVSFlwd043RlFnSiIsIm1hYyI6ImFlYTNmZTY0YjZlYTg2NjI5OTVlOWRkNTY0NjQ0NGNmMTgxYzJkOTBmOGYyODAxM2FkNzgwMjMxNjI2NzM2ZWIifQ%3D%3D; expires=Fri, 06-Aug-2021 13:49:23 GMT; Max-Age=7200; path=/ c=eyJpdiI6IjVnTTZOSVlra0VpSjhRUllDVDBxS2c9PSIsInZhbHVlIjoickJYbUhEN0Y4Z3hScHNRZGMrY1wvblBWQ3lQRXJEaFpyUHRYYWFoS251Q2Q1Wjl0Z0p3cjBjZUhYblByNEJSZEMiLCJtYWMiOiI3OGFhMzAwZjBmOWEwYjY3ODZmOTAyM2JiMWI1NDRhYTExYzRiY2NjMmRkZWUyMWNlMDRmNzM0MWVhZTc3ZWYxIn0%3D; expires=Fri, 06-Aug-2021 13:49:23 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 3
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xs0hJo0d7MtMPt44tyU%2FXdzl5I0Wke5AvxOA9pj00uXTv4qcqAVNwJywCRXPn%2BLROYLruonRJrCqFFjax2vXi34E6f0yPp%2FfPCN5mfdTSwl0PuoDeMMqkvC4ze1Cb6hlIRu1nyql3InF0bI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67a80aa7ef2442f7-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 48ms
47ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 06 Aug 2021 11:49:23 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 16ms
15ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.1.1628250563.0; _ga=GA1.1.1201118004.1628250562; XSRF-TOKEN=eyJpdiI6IjQzQ21Ea2V2NEU2YTFsRUpManBPNHc9PSIsInZhbHVlIjoiV1ZUN1h3TTF4YXBWWFVKMUZyM2ZJaEFIbndIRTNCWHVzNmRXNU5SaWFMQzRmOEVha010TzRVSFlwd043RlFnSiIsIm1hYyI6ImFlYTNmZTY0YjZlYTg2NjI5OTVlOWRkNTY0NjQ0NGNmMTgxYzJkOTBmOGYyODAxM2FkNzgwMjMxNjI2NzM2ZWIifQ%3D%3D; c=eyJpdiI6IjVnTTZOSVlra0VpSjhRUllDVDBxS2c9PSIsInZhbHVlIjoickJYbUhEN0Y4Z3hScHNRZGMrY1wvblBWQ3lQRXJEaFpyUHRYYWFoS251Q2Q1Wjl0Z0p3cjBjZUhYblByNEJSZEMiLCJtYWMiOiI3OGFhMzAwZjBmOWEwYjY3ODZmOTAyM2JiMWI1NDRhYTExYzRiY2NjMmRkZWUyMWNlMDRmNzM0MWVhZTc3ZWYxIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3675
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KJd5UkmKx51fjlYbafYpY2k4PTMZjqPgHNocqlW2jXLBdl7mKQSU6u5J0L3USf77Fwfi2Qh2XlwaJSL24Sgz0UQuggHnad%2BKV4mjYQ%2BCVN2forH3Jb0xqKL8AJKnu2jPtZB89NQNmBDwRmw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80aa91ab342f7-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
763 B 21ms
20ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.1.1628250563.0; _ga=GA1.1.1201118004.1628250562; XSRF-TOKEN=eyJpdiI6IjQzQ21Ea2V2NEU2YTFsRUpManBPNHc9PSIsInZhbHVlIjoiV1ZUN1h3TTF4YXBWWFVKMUZyM2ZJaEFIbndIRTNCWHVzNmRXNU5SaWFMQzRmOEVha010TzRVSFlwd043RlFnSiIsIm1hYyI6ImFlYTNmZTY0YjZlYTg2NjI5OTVlOWRkNTY0NjQ0NGNmMTgxYzJkOTBmOGYyODAxM2FkNzgwMjMxNjI2NzM2ZWIifQ%3D%3D; c=eyJpdiI6IjVnTTZOSVlra0VpSjhRUllDVDBxS2c9PSIsInZhbHVlIjoickJYbUhEN0Y4Z3hScHNRZGMrY1wvblBWQ3lQRXJEaFpyUHRYYWFoS251Q2Q1Wjl0Z0p3cjBjZUhYblByNEJSZEMiLCJtYWMiOiI3OGFhMzAwZjBmOWEwYjY3ODZmOTAyM2JiMWI1NDRhYTExYzRiY2NjMmRkZWUyMWNlMDRmNzM0MWVhZTc3ZWYxIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3675
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BqxnSHWmqo7DjyGWANY48mMAiteSl6LqRNOykF%2B5mQwx90kQ7DbeKuvq0dNh9sRonL3%2BhCvHe2MQCshT5bREgmyPnJT41eBffkyG%2BRWNdreoY8b1Mz%2Bv2WjWPqRVHnaZlw00UNk5x35u5jE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67a80aa91ab542f7-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 9ms
8ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000049794a1-0060df28ef-12ed1804-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 52ms
51ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 28ms
25ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 28ms
25ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 15ms
13ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.1.1628250563.0; _ga=GA1.1.1201118004.1628250562; XSRF-TOKEN=eyJpdiI6IjQzQ21Ea2V2NEU2YTFsRUpManBPNHc9PSIsInZhbHVlIjoiV1ZUN1h3TTF4YXBWWFVKMUZyM2ZJaEFIbndIRTNCWHVzNmRXNU5SaWFMQzRmOEVha010TzRVSFlwd043RlFnSiIsIm1hYyI6ImFlYTNmZTY0YjZlYTg2NjI5OTVlOWRkNTY0NjQ0NGNmMTgxYzJkOTBmOGYyODAxM2FkNzgwMjMxNjI2NzM2ZWIifQ%3D%3D; c=eyJpdiI6IjVnTTZOSVlra0VpSjhRUllDVDBxS2c9PSIsInZhbHVlIjoickJYbUhEN0Y4Z3hScHNRZGMrY1wvblBWQ3lQRXJEaFpyUHRYYWFoS251Q2Q1Wjl0Z0p3cjBjZUhYblByNEJSZEMiLCJtYWMiOiI3OGFhMzAwZjBmOWEwYjY3ODZmOTAyM2JiMWI1NDRhYTExYzRiY2NjMmRkZWUyMWNlMDRmNzM0MWVhZTc3ZWYxIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3674
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:28:14 GMT
server: cloudflare
etag: "610d0ebe-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ltEQ2vhBQj7u86UVvuAkZbflMQnrPwAwJ%2BNEenEbveNVgmlhmduDobm89BrP5HscKca8EAXr6MBpkcbT0XnwokGhQlcXEqzk2VE0rS0JW9nB5G9D%2B7pRbZpHRzAbmcZKu6g4lvE2DM%2FjotI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80aa97bb042f7-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 29ms
25ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 29ms
26ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794ba-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 29ms
26ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b6-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 19ms
18ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bc-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 23ms
22ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794be-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 17ms
12ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b7-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 17ms
12ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b7-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 16ms
12ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bd-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 14ms
13ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 14ms
13ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592bc-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 14ms
14ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794bb-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 14ms
5ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592b5-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 14ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794b8-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 14ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a5-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 12ms
6ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049592a6-0060df28ef-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 12ms
7ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049794a3-0060df28ef-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 16ms
14ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.1.1628250563.0; _ga=GA1.1.1201118004.1628250562; XSRF-TOKEN=eyJpdiI6IjQzQ21Ea2V2NEU2YTFsRUpManBPNHc9PSIsInZhbHVlIjoiV1ZUN1h3TTF4YXBWWFVKMUZyM2ZJaEFIbndIRTNCWHVzNmRXNU5SaWFMQzRmOEVha010TzRVSFlwd043RlFnSiIsIm1hYyI6ImFlYTNmZTY0YjZlYTg2NjI5OTVlOWRkNTY0NjQ0NGNmMTgxYzJkOTBmOGYyODAxM2FkNzgwMjMxNjI2NzM2ZWIifQ%3D%3D; c=eyJpdiI6IjVnTTZOSVlra0VpSjhRUllDVDBxS2c9PSIsInZhbHVlIjoickJYbUhEN0Y4Z3hScHNRZGMrY1wvblBWQ3lQRXJEaFpyUHRYYWFoS251Q2Q1Wjl0Z0p3cjBjZUhYblByNEJSZEMiLCJtYWMiOiI3OGFhMzAwZjBmOWEwYjY3ODZmOTAyM2JiMWI1NDRhYTExYzRiY2NjMmRkZWUyMWNlMDRmNzM0MWVhZTc3ZWYxIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3674
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:20 GMT
server: cloudflare
etag: W/"610d0f3c-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O7D9kvh36WCXla%2BonZdSn79vkO20fl3uOTmHQY6hi3rJRjL9L9XOIMn42LEgDKzfMiY3tUG9QOUl7fuhC3gxDPQhWISWIFUSK4T0Z9ZfTerzI3SB%2BzEIGUaQGoTpdkJ%2BtXDN155uy5Gd6jI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67a80aa97bb242f7-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 8ms
7ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.1.1628250563.0; _ga=GA1.1.1201118004.1628250562; XSRF-TOKEN=eyJpdiI6IjQzQ21Ea2V2NEU2YTFsRUpManBPNHc9PSIsInZhbHVlIjoiV1ZUN1h3TTF4YXBWWFVKMUZyM2ZJaEFIbndIRTNCWHVzNmRXNU5SaWFMQzRmOEVha010TzRVSFlwd043RlFnSiIsIm1hYyI6ImFlYTNmZTY0YjZlYTg2NjI5OTVlOWRkNTY0NjQ0NGNmMTgxYzJkOTBmOGYyODAxM2FkNzgwMjMxNjI2NzM2ZWIifQ%3D%3D; c=eyJpdiI6IjVnTTZOSVlra0VpSjhRUllDVDBxS2c9PSIsInZhbHVlIjoickJYbUhEN0Y4Z3hScHNRZGMrY1wvblBWQ3lQRXJEaFpyUHRYYWFoS251Q2Q1Wjl0Z0p3cjBjZUhYblByNEJSZEMiLCJtYWMiOiI3OGFhMzAwZjBmOWEwYjY3ODZmOTAyM2JiMWI1NDRhYTExYzRiY2NjMmRkZWUyMWNlMDRmNzM0MWVhZTc3ZWYxIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 03 Aug 2021 14:21:05 GMT
server: cloudflare
etag: W/"610950d1-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UlNBwwkAFivQbpx7RuQw0LeerkbKX%2FL449WyMFdJVXw%2Fr4O3mjQ90usxZaHkR3bCWO%2Fn1Ah%2FKmzND2FpTOGv4g4AqiwhHWDeBKoEKYxhq3GZKFt2vq8b2n92%2Fx2q1ojflQ5vK90Rgw6mpZ8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80aa93b1342f7-FRA
vary: Accept-Encoding
expires: Sun, 08 Aug 2021 11:49:24 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 12ms
11ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.1.1628250563.0; _ga=GA1.1.1201118004.1628250562; XSRF-TOKEN=eyJpdiI6IjQzQ21Ea2V2NEU2YTFsRUpManBPNHc9PSIsInZhbHVlIjoiV1ZUN1h3TTF4YXBWWFVKMUZyM2ZJaEFIbndIRTNCWHVzNmRXNU5SaWFMQzRmOEVha010TzRVSFlwd043RlFnSiIsIm1hYyI6ImFlYTNmZTY0YjZlYTg2NjI5OTVlOWRkNTY0NjQ0NGNmMTgxYzJkOTBmOGYyODAxM2FkNzgwMjMxNjI2NzM2ZWIifQ%3D%3D; c=eyJpdiI6IjVnTTZOSVlra0VpSjhRUllDVDBxS2c9PSIsInZhbHVlIjoickJYbUhEN0Y4Z3hScHNRZGMrY1wvblBWQ3lQRXJEaFpyUHRYYWFoS251Q2Q1Wjl0Z0p3cjBjZUhYblByNEJSZEMiLCJtYWMiOiI3OGFhMzAwZjBmOWEwYjY3ODZmOTAyM2JiMWI1NDRhYTExYzRiY2NjMmRkZWUyMWNlMDRmNzM0MWVhZTc3ZWYxIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3674
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:36 GMT
server: cloudflare
etag: W/"610d0f4c-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LSBhfEFIwTA8RPUgUUoMpv4KFPU0timJsUUviroepBd2ihbHi%2B9Kd1mZKwMT3DRqsSL%2B8%2FJsoVq2nDrAcik%2BhrYvsUN5sJ7STM80M01SoFxbdyLERx2xd0R43ya2FAGd9uuzpAwqcftZUbI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80aa95b3b42f7-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 28ms
27ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.1.1628250563.0; _ga=GA1.1.1201118004.1628250562; XSRF-TOKEN=eyJpdiI6IjQzQ21Ea2V2NEU2YTFsRUpManBPNHc9PSIsInZhbHVlIjoiV1ZUN1h3TTF4YXBWWFVKMUZyM2ZJaEFIbndIRTNCWHVzNmRXNU5SaWFMQzRmOEVha010TzRVSFlwd043RlFnSiIsIm1hYyI6ImFlYTNmZTY0YjZlYTg2NjI5OTVlOWRkNTY0NjQ0NGNmMTgxYzJkOTBmOGYyODAxM2FkNzgwMjMxNjI2NzM2ZWIifQ%3D%3D; c=eyJpdiI6IjVnTTZOSVlra0VpSjhRUllDVDBxS2c9PSIsInZhbHVlIjoickJYbUhEN0Y4Z3hScHNRZGMrY1wvblBWQ3lQRXJEaFpyUHRYYWFoS251Q2Q1Wjl0Z0p3cjBjZUhYblByNEJSZEMiLCJtYWMiOiI3OGFhMzAwZjBmOWEwYjY3ODZmOTAyM2JiMWI1NDRhYTExYzRiY2NjMmRkZWUyMWNlMDRmNzM0MWVhZTc3ZWYxIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4597
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:30:19 GMT
server: cloudflare
etag: W/"610d0f3b-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nNQgNsOiJ8CxCMh3brHYwSDbEzBTrE%2F96g1%2BrW4Tt2Scpy4EyM8Mu6tYF7Zf4KfXUEGyE3ee78kWcn46nQzKC311iLlb1P1NkZD%2FeSB%2B3dJqs%2BdNQ6PqVGEalFth7V%2Ffll2y7lGROepRL40%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67a80aa96b8142f7-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 10ms
9ms Script
application/javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx00000000000000495929e-0060df28ef-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 52ms
50ms Script
text/plain 18.195.123.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.123.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-123-247.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:24 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 152ms
51ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Aug 2021 11:49:24 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 20ms
19ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ebf9aea91580923f108d8e9c9fa03581c3c58fcd1ab8712d4ed593fbde60062

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Jul 2021 15:47:47 GMT
server: cloudflare
age: 4765
etag: W/"61041f23-9787"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xby3xXKaU5Iw4BPF4AumzpAbT%2FmcngmVINhqQ1DM3Kg%2FXnlzGdNXx%2FRaAcmiwhV4h2m82D%2BGJLQ%2FL7NCcKGgwyGLE1L7mN5soXr7jqQj3IizpBdjDUfeqFrAn%2Bo5xYe05H7haWB6ZWulIbuO5w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67a80aa97d8e4401-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
41 KB 17ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ee25e98eb177cc22fba819b261e53fdcdb837d1ca65533dbc186fa9f1f9550a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41863
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Aug 2021 11:49:24 GMT

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 52ms
51ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.701525743651118
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 9f3be0ac1398aa3eea469447948ef73ce4186751e5ec1dd0af0070379d19116e

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 11:49:23 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 19ms
18ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a8f778-0060df3204-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 20ms
19ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593a6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Sat, 06 Aug 2022 17:38:24 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 13ms
7ms Media
video/mp4 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000049593e6-0060df28f0-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Sat, 06 Aug 2022 17:38:24 GMT

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 32ms
31ms Fetch
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 14869471898732562513
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 06 Aug 2021 11:49:24 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 51ms
46ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 1396ca0be3e2b50985802c0e4fef7142fb1398f97f31a8c6343420cb0c26b578

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:24 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
542 B 54ms
50ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

a0d420884ac1d9eceb429814c0e4201e6a0339597623c5721b896155a1b247a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 56ms
49ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 11:49:24 GMT
Server: nginx/1.19.10
Etag: 3a191c82-5a09-40ae-bc59-5a160fc45e35
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 20ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:24 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 20ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:24 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 18ms
14ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:24 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 23ms
19ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:24 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 21ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:24 GMT

GET
H3-29 200 locate Show response
tgfunnls.org/ 141 B
1 KB 78ms
77ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6ffea4eb17e3268759f83f8abca64a9ed7755ff19d8d6b05e7aa354ae6d4f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6IjQzQ21Ea2V2NEU2YTFsRUpManBPNHc9PSIsInZhbHVlIjoiV1ZUN1h3TTF4YXBWWFVKMUZyM2ZJaEFIbndIRTNCWHVzNmRXNU5SaWFMQzRmOEVha010TzRVSFlwd043RlFnSiIsIm1hYyI6ImFlYTNmZTY0YjZlYTg2NjI5OTVlOWRkNTY0NjQ0NGNmMTgxYzJkOTBmOGYyODAxM2FkNzgwMjMxNjI2NzM2ZWIifQ==
accept-language: en-US
sec-fetch-dest: empty
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.1.1628250563.0; _ga=GA1.1.1201118004.1628250562; XSRF-TOKEN=eyJpdiI6IjQzQ21Ea2V2NEU2YTFsRUpManBPNHc9PSIsInZhbHVlIjoiV1ZUN1h3TTF4YXBWWFVKMUZyM2ZJaEFIbndIRTNCWHVzNmRXNU5SaWFMQzRmOEVha010TzRVSFlwd043RlFnSiIsIm1hYyI6ImFlYTNmZTY0YjZlYTg2NjI5OTVlOWRkNTY0NjQ0NGNmMTgxYzJkOTBmOGYyODAxM2FkNzgwMjMxNjI2NzM2ZWIifQ%3D%3D; c=eyJpdiI6IjVnTTZOSVlra0VpSjhRUllDVDBxS2c9PSIsInZhbHVlIjoickJYbUhEN0Y4Z3hScHNRZGMrY1wvblBWQ3lQRXJEaFpyUHRYYWFoS251Q2Q1Wjl0Z0p3cjBjZUhYblByNEJSZEMiLCJtYWMiOiI3OGFhMzAwZjBmOWEwYjY3ODZmOTAyM2JiMWI1NDRhYTExYzRiY2NjMmRkZWUyMWNlMDRmNzM0MWVhZTc3ZWYxIn0%3D
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IjQzQ21Ea2V2NEU2YTFsRUpManBPNHc9PSIsInZhbHVlIjoiV1ZUN1h3TTF4YXBWWFVKMUZyM2ZJaEFIbndIRTNCWHVzNmRXNU5SaWFMQzRmOEVha010TzRVSFlwd043RlFnSiIsIm1hYyI6ImFlYTNmZTY0YjZlYTg2NjI5OTVlOWRkNTY0NjQ0NGNmMTgxYzJkOTBmOGYyODAxM2FkNzgwMjMxNjI2NzM2ZWIifQ==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EU56YumvZMxxTZ7oryLCkznv9I3xRQD4wx90HDfEBqnHn8mcyNBuN5zYFw00cYZ59ZJxV4S4TG9UxRtGBznB%2BuDPRmj70BdQ4pab2v6ApDwx5ul5paJvGC3oYgjngH%2BTodqytTdGMnRkVaA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Ijg4UUVBM3B2dVQzQWREVlV5TmZSZnc9PSIsInZhbHVlIjoidlU3dEJ4ZWhyUHBcL29jc3d2a3J6bFF1SU84ZU1mQVFjOVlkMmxlVmpER1VpT2hXTmk0bTc0c2hcL01aRCtGK1lnIiwibWFjIjoiYzViMjc0YTI3MmUxMTVmYWE2MTM5NzhjYTUzNzc2OTZhNDJhNjhmNTJmZDA2MzliYjUxZGY4YWQ0MTZkYzlhNCJ9; expires=Fri, 06-Aug-2021 13:49:24 GMT; Max-Age=7200; path=/ c=eyJpdiI6IitCNEo0QWplTGpxYnlIRzI5XC9HWWlBPT0iLCJ2YWx1ZSI6IjhKNyt1TVl6VTFtYXgwZjN2b09qdUhOeTBaT1R3bUtEenlkU3YwREJoSHJOUEFwMGxBSjFqMjNWVXdVV1hvbjkiLCJtYWMiOiJhODM4OGIzZDBlYzhkZGY5YjQwNjg4YzJiMmNmODlhNDQyNWQzMTlhYmE4NmRjMWFmYzY3M2IzMDYzOTM4NjhkIn0%3D; expires=Fri, 06-Aug-2021 13:49:24 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80aaa3d6d42f7-FRA

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 16ms
15ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.1.1628250563.0; _ga=GA1.1.1201118004.1628250562; XSRF-TOKEN=eyJpdiI6IjQzQ21Ea2V2NEU2YTFsRUpManBPNHc9PSIsInZhbHVlIjoiV1ZUN1h3TTF4YXBWWFVKMUZyM2ZJaEFIbndIRTNCWHVzNmRXNU5SaWFMQzRmOEVha010TzRVSFlwd043RlFnSiIsIm1hYyI6ImFlYTNmZTY0YjZlYTg2NjI5OTVlOWRkNTY0NjQ0NGNmMTgxYzJkOTBmOGYyODAxM2FkNzgwMjMxNjI2NzM2ZWIifQ%3D%3D; c=eyJpdiI6IjVnTTZOSVlra0VpSjhRUllDVDBxS2c9PSIsInZhbHVlIjoickJYbUhEN0Y4Z3hScHNRZGMrY1wvblBWQ3lQRXJEaFpyUHRYYWFoS251Q2Q1Wjl0Z0p3cjBjZUhYblByNEJSZEMiLCJtYWMiOiI3OGFhMzAwZjBmOWEwYjY3ODZmOTAyM2JiMWI1NDRhYTExYzRiY2NjMmRkZWUyMWNlMDRmNzM0MWVhZTc3ZWYxIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2327
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Aug 2021 10:55:13 GMT
server: cloudflare
etag: "610d1511-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MHUes0rPIWcti4iweskeF1jwjXlM4kC2y6hwczdIsOefZjZjYAHJhNWlkRDBOAjMBDs1Zm0YHKtvKoedulruBlHwwMDzna2VOQcR726aBexSv%2BipCiytPqrLb29qonGP%2F1%2FKHZqu1sS3ytc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67a80aaa3d7542f7-FRA

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 46ms
46ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:24 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 47ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:24 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

de85b8ee97824c5e846f3000562fd9b83fc14b62da6e812fbad4c9ad49eb0458

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51134
x-xss-protection: 0
expires: Fri, 06 Aug 2021 11:49:24 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2143
date: Fri, 06 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 58ms
58ms Script
application/javascript 13.224.96.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d4261e9b3b427b4faba85d775a6dbd131cf86cbd42945ba05ae2ebad8f8f36e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 6
etag: W/4e117f3a38c123981a4b3509540d1697
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: Y7URT8Rn-RSNrBaGEh39NjWh4waSqK93EBhZRhRP6TnLQQsI2m81ew==
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)

GET
BLOB 200
OK 950f8365-dde8-47a7-903e-39a78c9fa916
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/950f8365-dde8-47a7-903e-39a78c9fa916
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 18ms
17ms Image
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 47ms
47ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Fri, 06 Aug 2021 11:49:24 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 48ms
47ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Fri, 06 Aug 2021 11:49:24 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-18c0c42595158c9943ee0260eecc4fc3.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.701525743651118
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: b6a6463b285c1fdc27b7022ff01564762e81117074a3f3781cc931fe389afc70

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 11:49:23 GMT
content-encoding: br
last-modified: Fri, 06 Aug 2021 11:48:12 GMT
server: gams1
etag: "610d217c-f3a3"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62371
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 121ms
121ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D2252A66867B4271FEDDACC5ED674072A&h=0345963cf3ce5aea161bc3f4dc901c6e&t=false&r=0.7117531459570581

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 11:49:23 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 166ms
165ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6Ijg4UUVBM3B2dVQzQWREVlV5TmZSZnc9PSIsInZhbHVlIjoidlU3dEJ4ZWhyUHBcL29jc3d2a3J6bFF1SU84ZU1mQVFjOVlkMmxlVmpER1VpT2hXTmk0bTc0c2hcL01aRCtGK1lnIiwibWFjIjoiYzViMjc0YTI3MmUxMTVmYWE2MTM5NzhjYTUzNzc2OTZhNDJhNjhmNTJmZDA2MzliYjUxZGY4YWQ0MTZkYzlhNCJ9
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D2252A66867B4271FEDDACC5ED674072A|0345963cf3ce5aea161bc3f4dc901c6e; _gid=GA1.2.477042603.1628250562; _gat_UA-192660002-1=1; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _hjid=e53aabcc-4329-46de-a294-30cc0ed5ce15; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628250562.1.1.1628250563.0; _ga=GA1.1.1201118004.1628250562; XSRF-TOKEN=eyJpdiI6Ijg4UUVBM3B2dVQzQWREVlV5TmZSZnc9PSIsInZhbHVlIjoidlU3dEJ4ZWhyUHBcL29jc3d2a3J6bFF1SU84ZU1mQVFjOVlkMmxlVmpER1VpT2hXTmk0bTc0c2hcL01aRCtGK1lnIiwibWFjIjoiYzViMjc0YTI3MmUxMTVmYWE2MTM5NzhjYTUzNzc2OTZhNDJhNjhmNTJmZDA2MzliYjUxZGY4YWQ0MTZkYzlhNCJ9; c=eyJpdiI6IitCNEo0QWplTGpxYnlIRzI5XC9HWWlBPT0iLCJ2YWx1ZSI6IjhKNyt1TVl6VTFtYXgwZjN2b09qdUhOeTBaT1R3bUtEenlkU3YwREJoSHJOUEFwMGxBSjFqMjNWVXdVV1hvbjkiLCJtYWMiOiJhODM4OGIzZDBlYzhkZGY5YjQwNjg4YzJiMmNmODlhNDQyNWQzMTlhYmE4NmRjMWFmYzY3M2IzMDYzOTM4NjhkIn0%3D
content-length: 179
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6Ijg4UUVBM3B2dVQzQWREVlV5TmZSZnc9PSIsInZhbHVlIjoidlU3dEJ4ZWhyUHBcL29jc3d2a3J6bFF1SU84ZU1mQVFjOVlkMmxlVmpER1VpT2hXTmk0bTc0c2hcL01aRCtGK1lnIiwibWFjIjoiYzViMjc0YTI3MmUxMTVmYWE2MTM5NzhjYTUzNzc2OTZhNDJhNjhmNTJmZDA2MzliYjUxZGY4YWQ0MTZkYzlhNCJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 06 Aug 2021 11:49:24 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PyL7JISmokup9p%2BvOtMkhPz4Ncb22kkVwrelh4dlIBj%2ByUKPkMHjYAAEveqB8qV2NRECu%2B2iXBOvWwDfSPJtzl7hO9xLwvKyD2oQQBubEEtOIKNfVXW%2B9EVRHha%2BZjVcRyGePcHLMKMYBSw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Im9cL0xBaDBNSm4zeUpVcVJaeVZTc0VRPT0iLCJ2YWx1ZSI6ImszTVZ2NmdwdTVvTkRnT1VUeTJ6ZHVqNnBzUThvV2pBRFZpNzRqcDQ0YTFHdkxLSFpFNXhDT0pWQzJ6TG1ubDUiLCJtYWMiOiI0MWJjOGRiYjRmMjgzMGIyNDkwZDYyZmM5NjcxNWNmOGZiMTljMjMyOWE5N2ViZGMwYWNhYWU2ODhhNjhhNjAwIn0%3D; expires=Fri, 06-Aug-2021 13:49:24 GMT; Max-Age=7200; path=/ c=eyJpdiI6Ik9kemNZUzl1UUE1RW13S09uKzNUcUE9PSIsInZhbHVlIjoiTVB6RDI2aThncnBMa2t3NDRpYkcxTHZuNWc1cENoV1p6M0hvWldlMmdnbUlzeWJNMldnQXdwXC9Ram93V2NZUXYiLCJtYWMiOiIxNTM0MzYyYjhkOWVjYmYwZmUyNDg3M2Q5OTgwOTE5MTFiZjYwOGU4YmQ2MTNhZDFkYjRiODliNWE4YTMyMGY2In0%3D; expires=Fri, 06-Aug-2021 13:49:24 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67a80aaacf6342f7-FRA

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
61 B 8ms
7ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=952936918&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=1201118004.1628250562&tid=UA-192660002-1&_gid=477042603.1628250562&gtm=2wg840MSK8GMG&z=2052452173

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 05:58:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 21044
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 62ms
61ms Script
application/javascript 13.224.96.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS