urlscan.io logo urlscan.io
SecurityTrails logo

forms.office.com Open in urlscan Pro
13.107.9.194  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://urlz.fr/e1VJ
Effective URL: https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1W...
Submission: On November 11 via manual from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 34 IPs in 7 countries across 33 domains to perform 58 HTTP transactions. The main IP is 13.107.9.194, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is forms.office.com.
TLS certificate: Issued by GlobalSign Organization Validation CA... on February 19th 2020. Valid for: 2 years.
This is the only time forms.office.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 13.107.9.194 8068 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
8 151.139.241.23 33438 (HIGHWINDS2)
5 2600:9000:219... 16509 (AMAZON-02)
1 145.239.193.145 16276 (OVH)
1 198.148.27.133 19189 (PULSEPOINT)
1 1 185.86.137.113 201081 (SMARTADSE...)
1 68.232.35.16 15133 (EDGECAST)
1 2a02:2638::1c 44788 (ASN-CRITE...)
2 145.239.193.51 16276 (OVH)
1 51.89.9.251 16276 (OVH)
1 2620:116:800d... 16509 (AMAZON-02)
1 54.239.192.23 16509 (AMAZON-02)
1 54.230.228.146 16509 (AMAZON-02)
2 104.111.215.135 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:20a... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 34.120.207.148 15169 (GOOGLE)
1 2 54.195.113.118 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:219... 16509 (AMAZON-02)
1 176.34.189.119 16509 (AMAZON-02)
3 63.34.175.121 16509 (AMAZON-02)
1 13.224.93.62 16509 (AMAZON-02)
2 2 185.64.190.80 62713 (AS-PUBMATIC)
1 104.16.91.60 13335 (CLOUDFLAR...)
1 18.195.120.21 16509 (AMAZON-02)
2 2.16.177.90 20940 (AKAMAI-ASN1)
1 152.199.19.160 15133 (EDGECAST)
1 2 52.142.114.2 8075 (MICROSOFT...)
1 1 2620:1ec:c11:... 8068 (MICROSOFT...)
2 40.77.226.250 8075 (MICROSOFT...)
1 138.91.136.108 8075 (MICROSOFT...)
58 34
1    2606:4700:3038::6815:ead7 (United States)

ASN13335 (CLOUDFLARENET, US)
urlz.fr
1    2606:4700::6810:a723 (United States)

ASN13335 (CLOUDFLARENET, US)
ajax.cloudflare.com
4    13.107.9.194 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
forms.office.com
1    2a00:1450:4001:820::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
8    151.139.241.23 (Dallas, United States)

ASN33438 (HIGHWINDS2, US)
ads.themoneytizer.com
5    2600:9000:2190:f200:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)
quantcast.mgr.consensu.org
1    145.239.193.145 (France)

ASN16276 (OVH, FR)
g.themoneytizer.net
1    198.148.27.133 (New York, United States)

ASN19189 (PULSEPOINT, US)
tag.contextweb.com
1    185.86.137.113 (France)

ASN201081 (SMARTADSERVER, FR)
ww1097.smartadserver.com
1    68.232.35.16 (United States)

ASN15133 (EDGECAST, US)
ced-ns.sascdn.com
1    2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
2    145.239.193.51 (France)

ASN16276 (OVH, FR)
tag.leadplace.fr
1    51.89.9.251 (Germany)

ASN16276 (OVH, FR)
PTR: ip251.ip-51-89-9.eu
onetag-sys.com
1    2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
1    54.239.192.23 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-239-192-23.waw50.r.cloudfront.net
p.cpx.to
1    54.230.228.146 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-228-146.waw50.r.cloudfront.net
d2zur9cc2gf1tx.cloudfront.net
2    104.111.215.135 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-135.deploy.static.akamaitechnologies.com
js-sec.indexww.com
as-sec.casalemedia.com
1    2a00:1450:4001:81a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2600:9000:20ae:7200:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
1    2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    34.120.207.148 (United States)

ASN15169 (GOOGLE, US)
api.rlcdn.com
2    54.195.113.118 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
match.adsrvr.org
1    2a00:1450:4001:821::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2600:9000:2190:5800:3:a4cd:8380:93a1 (United States)

ASN16509 (AMAZON-02, US)
test.quantcast.mgr.consensu.org
1    176.34.189.119 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-176-34-189-119.eu-west-1.compute.amazonaws.com
adtrack.adleadevent.com
3    63.34.175.121 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-175-121.eu-west-1.compute.amazonaws.com
s.cpx.to
1    13.224.93.62 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-93-62.zrh50.r.cloudfront.net
audit-tcfv2.quantcast.mgr.consensu.org
2    185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
1    104.16.91.60 (United States)

ASN13335 (CLOUDFLARENET, US)
dmp.truoptik.com
1    18.195.120.21 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
pool.grid-data.bidswitch.net
2    2.16.177.90 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-16-177-90.deploy.static.akamaitechnologies.com
cdn.forms.office.net
1    152.199.19.160 (United States)

ASN15133 (EDGECAST, US)
az725175.vo.msecnd.net
2    52.142.114.2 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.office.com
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
2    40.77.226.250 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
web.vortex.data.microsoft.com
1    138.91.136.108 (San Jose, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
browser.pipe.aria.microsoft.com
Apex Domain
Subdomains		 Transfer
8 themoneytizer.com
ads.themoneytizer.com
210 KB
7 consensu.org
quantcast.mgr.consensu.org
test.quantcast.mgr.consensu.org
audit-tcfv2.quantcast.mgr.consensu.org
287 KB
6 office.com
forms.office.com
c.office.com
117 KB
4 cpx.to
p.cpx.to
s.cpx.to
5 KB
3 microsoft.com
web.vortex.data.microsoft.com
browser.pipe.aria.microsoft.com
804 B
2 office.net
cdn.forms.office.net
83 KB
2 pubmatic.com
image2.pubmatic.com
1 KB
2 adsrvr.org
match.adsrvr.org
1004 B
2 google-analytics.com
www.google-analytics.com
19 KB
2 leadplace.fr
tag.leadplace.fr
3 KB
1 bing.com
c.bing.com
192 B
1 msecnd.net
az725175.vo.msecnd.net
18 KB
1 bidswitch.net
pool.grid-data.bidswitch.net
300 B
1 truoptik.com
dmp.truoptik.com
1 casalemedia.com
as-sec.casalemedia.com
305 B
1 adleadevent.com
adtrack.adleadevent.com
518 B
1 googleapis.com
ajax.googleapis.com
30 KB
1 rlcdn.com
api.rlcdn.com
323 B
1 quantcount.com
rules.quantcount.com
996 B
1 indexww.com
js-sec.indexww.com
13 KB
1 cloudfront.net
d2zur9cc2gf1tx.cloudfront.net
26 KB
1 quantserve.com
secure.quantserve.com
9 KB
1 onetag-sys.com
onetag-sys.com
1 criteo.com
gum.criteo.com
370 B
1 sascdn.com
ced-ns.sascdn.com
10 KB
1 smartadserver.com
ww1097.smartadserver.com
132 B
1 contextweb.com
tag.contextweb.com
10 KB
1 themoneytizer.net
g.themoneytizer.net
271 B
1 googletagmanager.com
www.googletagmanager.com
38 KB
1 cloudflare.com
ajax.cloudflare.com
4 KB
1 urlz.fr
urlz.fr
3 KB
0 creative-serving.com Failed
ads.creative-serving.com Failed
0 zeotap.com Failed
spl.zeotap.com Failed
58 33
Domain Requested by
8 ads.themoneytizer.com ajax.cloudflare.com
ads.themoneytizer.com
5 quantcast.mgr.consensu.org urlz.fr
quantcast.mgr.consensu.org
4 forms.office.com urlz.fr
cdn.forms.office.net
3 s.cpx.to p.cpx.to
2 web.vortex.data.microsoft.com az725175.vo.msecnd.net
2 c.office.com 1 redirects forms.office.com
2 cdn.forms.office.net forms.office.com
2 image2.pubmatic.com 2 redirects
2 match.adsrvr.org 1 redirects js-sec.indexww.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 tag.leadplace.fr ads.themoneytizer.com
tag.leadplace.fr
1 browser.pipe.aria.microsoft.com cdn.forms.office.net
1 c.bing.com 1 redirects
1 az725175.vo.msecnd.net forms.office.com
1 pool.grid-data.bidswitch.net
1 dmp.truoptik.com
1 audit-tcfv2.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
1 as-sec.casalemedia.com js-sec.indexww.com
1 adtrack.adleadevent.com ajax.googleapis.com
1 test.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
1 ajax.googleapis.com d2zur9cc2gf1tx.cloudfront.net
1 api.rlcdn.com js-sec.indexww.com
1 rules.quantcount.com secure.quantserve.com
1 js-sec.indexww.com ads.themoneytizer.com
1 d2zur9cc2gf1tx.cloudfront.net ads.themoneytizer.com
1 p.cpx.to ads.themoneytizer.com
1 secure.quantserve.com ads.themoneytizer.com
1 onetag-sys.com ads.themoneytizer.com
1 gum.criteo.com ads.themoneytizer.com
1 ced-ns.sascdn.com
1 ww1097.smartadserver.com 1 redirects
1 tag.contextweb.com ads.themoneytizer.com
1 g.themoneytizer.net ads.themoneytizer.com
1 www.googletagmanager.com ajax.cloudflare.com
1 ajax.cloudflare.com urlz.fr
1 urlz.fr
0 ads.creative-serving.com Failed
0 spl.zeotap.com Failed ads.themoneytizer.com
58 38

This site contains links to these domains. Also see Links.

Domain
go.microsoft.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-08-12 -
2021-08-12		 a year crt.sh
ajax.cloudflare.com
DigiCert ECC Secure Server CA		 2020-08-11 -
2022-08-16		 2 years crt.sh
forms.office.com
GlobalSign Organization Validation CA - SHA256 - G3		 2020-02-19 -
2022-02-19		 2 years crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-10-20 -
2021-01-12		 3 months crt.sh
*.themoneytizer.com
Sectigo RSA Domain Validation Secure Server CA		 2019-02-15 -
2021-02-14		 2 years crt.sh
quantcast.mgr.consensu.org
Amazon		 2020-05-22 -
2021-06-22		 a year crt.sh
g.themoneytizer.net
GoGetSSL RSA DV CA		 2019-10-16 -
2022-01-17		 2 years crt.sh
*.contextweb.com
DigiCert SHA2 Secure Server CA		 2020-05-07 -
2022-05-12		 2 years crt.sh
*.sascdn.com
DigiCert SHA2 Secure Server CA		 2020-05-08 -
2022-05-25		 2 years crt.sh
*.criteo.com
DigiCert ECC Secure Server CA		 2020-09-04 -
2020-12-03		 3 months crt.sh
*.leadplace.fr
Gandi Standard SSL CA 2		 2020-09-11 -
2021-09-12		 a year crt.sh
onetag-sys.com
Let's Encrypt Authority X3		 2020-11-02 -
2021-01-31		 3 months crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA		 2020-10-02 -
2021-10-07		 a year crt.sh
p.cpx.to
Sectigo RSA Domain Validation Secure Server CA		 2020-01-27 -
2021-02-08		 a year crt.sh
*.cloudfront.net
DigiCert Global CA G2		 2020-05-26 -
2021-04-21		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2020-03-02 -
2021-04-01		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2020-04-14 -
2021-04-23		 a year crt.sh
*.adsrvr.org
Trustwave Organization Validation SHA256 CA, Level 1		 2019-03-07 -
2021-04-19		 2 years crt.sh
upload.video.google.com
GTS CA 1O1		 2020-10-28 -
2021-01-20		 3 months crt.sh
*.quantcast.mgr.consensu.org
Amazon		 2020-05-22 -
2021-06-22		 a year crt.sh
adtrack.adleadevent.com
Amazon		 2020-06-15 -
2021-07-15		 a year crt.sh
s.cpx.to
Sectigo RSA Domain Validation Secure Server CA		 2020-01-27 -
2021-02-08		 a year crt.sh
*.truoptik.com
Go Daddy Secure Certificate Authority - G2		 2020-10-19 -
2021-11-20		 a year crt.sh
pool.grid-data.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2020-03-06 -
2022-03-06		 2 years crt.sh
cdn.forms.office.net
Microsoft IT TLS CA 1		 2019-07-29 -
2021-07-29		 2 years crt.sh
*.vo.msecnd.net
Microsoft IT TLS CA 2		 2020-03-18 -
2022-03-18		 2 years crt.sh
c.msn.com
Microsoft RSA TLS CA 01		 2020-10-07 -
2021-10-07		 a year crt.sh
*.vortex.data.microsoft.com
Microsoft RSA TLS CA 02		 2020-10-05 -
2021-10-05		 a year crt.sh
*.events.data.microsoft.com
Microsoft Azure TLS Issuing CA 01		 2020-09-14 -
2021-09-09		 a year crt.sh

This page contains 6 frames:

Primary Page: https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
Frame ID: BD0C304B707D00D258AEBB628A737575
Requests: 54 HTTP requests in this frame

Frame: https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
Frame ID: 1462B86A8F8E8E3E132237D25522C2FA
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1605105986971
Frame ID: AA7E341F8838AA8B5D3AC16E07D52D9E
Requests: 1 HTTP requests in this frame

Frame: https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
Frame ID: 49B7DD59ABFA888CB0469AE35CEE2AE7
Requests: 1 HTTP requests in this frame

Frame: https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
Frame ID: E0EB65DEF1BCE06A0AE52937B11481D9
Requests: 1 HTTP requests in this frame

Frame: https://tag.leadplace.fr/wckr.php?nogdpr&gdpr=1&gdpr_consent=&id=MTIZ
Frame ID: 953DF87E5FD97676CAAAAE4F95EF1D21
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://urlz.fr/e1VJ Page URL
  2. https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVS... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

58
Requests

91 %
HTTPS

33 %
IPv6

33
Domains

38
Subdomains

34
IPs

7
Countries

893 kB
Transfer

3059 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://urlz.fr/e1VJ Page URL
  2. https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • https://ww1097.smartadserver.com/config.js?nwid=1097 HTTP 302
  • https://ced-ns.sascdn.com/diff/js/smart.js
Request Chain 25
  • https://id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/12/0/9/1.gif?gdpr=1&gdpr_consent= HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-ZHMOKS-ZV2a_gU5W5dEXCFWPsdKURKafE1zwxAu5eA&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F3%2F8%2F2.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/12/3/8/2.gif?puid=589c5fab-f942-4f00-b6c0-6124616642b9&gdpr=1&gdpr_consent= HTTP 302
  • https://sync.crwdcntrl.net/map/c=13953/tp=IDFI/gdpr=1/gdpr_consent=?https://id5-sync.com/c/12/19/7/3.gif?puid=${profile_id}&gdpr=1&gdpr_consent= HTTP 302
  • https://sync.crwdcntrl.net/map/ct=y/c=13953/tp=IDFI/gdpr=1/gdpr_consent=?https://id5-sync.com/c/12/19/7/3.gif?puid=${profile_id}&gdpr=1&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/12/19/7/3.gif?puid=995077e462db488fb7727118f17cd192&gdpr=1&gdpr_consent= HTTP 302
  • https://ads.creative-serving.com/id5_cm?callback=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F101%2F6%2F4.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3D
Request Chain 42
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12773%26ref%3D%26hn_ver%3D11%26fid%3D8562c82f-5ea6-4342-adc9-8ea3367f88bf HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12773%2526ref%253D%2526hn_ver%253D11%2526fid%253D8562c82f-5ea6-4342-adc9-8ea3367f88bf HTTP 302
  • https://s.cpx.to/an_fire?app_nexus_uid=876432037312674305&pid=12773&ref=&hn_ver=11&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf
Request Chain 43
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D8562c82f-5ea6-4342-adc9-8ea3367f88bf HTTP 302
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D8562c82f-5ea6-4342-adc9-8ea3367f88bf HTTP 302
  • https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=BC55DCFD-5781-4EAD-8AC6-90D5C6E4A24E&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf
Request Chain 45
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf&google_tc= HTTP 302
  • https://s.cpx.to/ca.png?dsp=dbm&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf&google_gid=CAESECu1vLLLrZAPgJojntVYmhQ&google_cver=1
Request Chain 46
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1 HTTP 302
  • https://s.cpx.to/sync?dsp_uid=87dc6231-b1c2-4bee-a335-c047a8cbb495&dsp=TTD
Request Chain 47
  • https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D8562c82f-5ea6-4342-adc9-8ea3367f88bf HTTP 302
  • https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D8562c82f-5ea6-4342-adc9-8ea3367f88bf&cklb=1 HTTP 302
  • https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=825942577872066094&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf
Request Chain 54
  • https://c.office.com/c.gif HTTP 302
  • https://c.bing.com/c.gif?&CtsSyncId=C25D4D040D914F509741C77392E00977&RedC=c.office.com&MXFR=21D54634447C6F77134F494B407C6408 HTTP 302
  • https://c.office.com/c.gif?&CtsSyncId=C25D4D040D914F509741C77392E00977&MUID=2631409FBEBC6D7719164FE0BABC66E0

58 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
e1VJ
urlz.fr/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://urlz.fr/e1VJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3038::6815:ead7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4259d85a8e573027a5790c583f2afead0e844ee846a2638f15820a51c3da8be5

Request headers

:method
GET
:authority
urlz.fr
:scheme
https
:path
/e1VJ
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Wed, 11 Nov 2020 14:46:26 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=dc258bfedac2facd78b4f5a429bbea0ed1605105986; expires=Fri, 11-Dec-20 14:46:26 GMT; path=/; domain=.urlz.fr; HttpOnly; SameSite=Lax
cf-cache-status
DYNAMIC
cf-request-id
06595ec2140000060557b7e000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vnSMPZMh5hpaD4Ky99CLonYfqJ2T7sS6fDc6poOEtTxEXMtABOtA6YfOikQIqfNV6GxsHyG%2Bonne4UtRaXCw8Kq0t6lxI1SndYN2s72TKG1ERVQm"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
5f08cd7cebe30605-FRA
content-encoding
br
rocket-loader.min.js
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Requested by
Host: urlz.fr
URL: https://urlz.fr/e1VJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:a723 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 11 Nov 2020 14:46:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to":"cf-nel","max_age":604800}
status
200
vary
Accept-Encoding
cf-request-id
06595ec26800002bca6d2e1000000001
last-modified
Mon, 09 Nov 2020 16:26:32 GMT
server
cloudflare
x-frame-options
DENY
etag
W/"5fa96db8-3016"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JNwumeiO0gwF8ZPdI%2BAw8m%2BM8VtFgHj1PFut3wwmcri2bS7%2FVF0wqDSbUIJM3Z64llRUroPJCg2fsVMxirchbVfLMNiHzjV5ucTBLgeu28%2FVGRkIfwjektrMPlc7hmVK"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
5f08cd7d7cf12bca-FRA
expires
Fri, 13 Nov 2020 14:46:26 GMT
ResponsePage.aspx
forms.office.com/Pages/ Frame 1462 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
Requested by
Host: urlz.fr
URL: https://urlz.fr/e1VJ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.9.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
forms.office.com
:scheme
https
:path
/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://urlz.fr/e1VJ
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://urlz.fr/e1VJ

Response headers

status
200
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
text/html; charset=utf-8
content-encoding
gzip
expires
0
vary
Accept-Encoding
p3p
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
set-cookie
DcLcid=ui=1033&data=1033; expires=Thu, 11-Feb-2021 14:46:26 GMT; path=/; samesite=none; secure; HttpOnly __RequestVerificationToken=ENHJDeeatVHLgUg64bhcSPfUOa86FLypcCMYWEXKa7wDNZLjzoCGeTLKI0jyELA_0DPb_WUV8BkqJG0YmwWaJTBTB8Hczy8PgyABZcSpWh81; path=/; samesite=none; secure; HttpOnly AADNonce.forms=34455f04-af5d-44fe-9117-a2b4a290642b.637407027864300254; domain=forms.office.com; path=/; samesite=none; secure; HttpOnly
x-routingofficecluster
neu-000.forms.office.com
x-routingofficefe
FormsSingleBox_IN_13
x-routingofficeversion
16.0.13506.34204
x-routingsessionid
499f9985-0924-4ccf-ae62-d586a34f323b
x-routingcorrelationid
fe4d93bc-4f1b-4738-abef-2a0d6c762ffe
x-correlationid
fe4d93bc-4f1b-4738-abef-2a0d6c762ffe
x-usersessionid
499f9985-0924-4ccf-ae62-d586a34f323b
x-officefe
FormsSingleBox_IN_7
x-officeversion
16.0.13506.34204
x-officecluster
neu-000.forms.office.com
x-failurereason
MissingCookieOrToken
x-robots-tag
noindex, nofollow
link
<https://cdn.forms.office.net/forms>; rel=preconnect; crossorigin=anonymous
x-aspnet-version
x-powered-by
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-msedge-ref
Ref A: 09B6070691B84248B116051A024CB6B9 Ref B: DB3EDGE0815 Ref C: 2020-11-11T14:46:26Z
date
Wed, 11 Nov 2020 14:46:26 GMT
js
www.googletagmanager.com/gtag/ 		95 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-162669458-1
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
369e3f033b9759ec7433cc409b2d803c9ec59c66ec81ac12d62334108b52e258
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 11 Nov 2020 14:46:26 GMT
content-encoding
br
vary
Accept-Encoding
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38326
x-xss-protection
0
last-modified
Wed, 11 Nov 2020 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 11 Nov 2020 14:46:26 GMT
requestform.js
ads.themoneytizer.com/s/ 		75 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=6
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.241.23 Dallas, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
nginx / PHP/5.4.45
Resource Hash
cea447ae7696795e4be40189c7b7750b51c91f71b217b99d4d578dc0d319a094

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 11 Nov 2020 14:46:26 GMT
content-encoding
gzip
server
nginx
x-powered-by
PHP/5.4.45
vary
Accept-Encoding
x-cache
HIT
content-type
text/html; charset=UTF-8
status
200
cache-control
max-age=86400
accept-ranges
bytes
expires
Thu, 12 Nov 2020 14:46:26 GMT
gen.js
ads.themoneytizer.com/s/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.themoneytizer.com/s/gen.js?type=6
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.241.23 Dallas, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
nginx / PHP/5.4.45
Resource Hash
df8c0a338715a333687f5a25f14e5baedc7781aed18495b55a693734fed62e3b

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 11 Nov 2020 14:46:26 GMT
content-encoding
gzip
server
nginx
x-powered-by
PHP/5.4.45
vary
Accept-Encoding
x-cache
HIT
content-type
text/html; charset=UTF-8
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
3356
expires
Thu, 12 Nov 2020 14:45:47 GMT
requestform.js
ads.themoneytizer.com/s/ 		78 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=28
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.241.23 Dallas, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
nginx / PHP/5.4.45
Resource Hash
9b0d34b215897e4a81fa6880225430b1a352dc4a82d4dbeaa44f2817a1bfe1c5

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 11 Nov 2020 14:46:26 GMT
content-encoding
gzip
server
nginx
x-powered-by
PHP/5.4.45
vary
Accept-Encoding
x-cache
HIT
content-type
text/html; charset=UTF-8
status
200
cache-control
max-age=86400
accept-ranges
bytes
expires
Thu, 12 Nov 2020 14:46:26 GMT
gen.js
ads.themoneytizer.com/s/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.themoneytizer.com/s/gen.js?type=28
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.241.23 Dallas, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
nginx / PHP/5.4.45
Resource Hash
df8c0a338715a333687f5a25f14e5baedc7781aed18495b55a693734fed62e3b

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 11 Nov 2020 14:46:26 GMT
content-encoding
gzip
server
nginx
x-powered-by
PHP/5.4.45
vary
Accept-Encoding
x-cache
HIT
content-type
text/html; charset=UTF-8
status
200
cache-control
max-age=86400
accept-ranges
bytes
expires
Thu, 12 Nov 2020 14:46:26 GMT
requestform.js
ads.themoneytizer.com/s/ 		78 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=1
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.241.23 Dallas, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
nginx / PHP/5.4.45
Resource Hash
0f2a4ba1b696f59dd222aa8874cc25c0899d68b1625e422881869ea205e1571d

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 11 Nov 2020 14:46:26 GMT
content-encoding
gzip
server
nginx
x-powered-by
PHP/5.4.45
vary
Accept-Encoding
x-cache
HIT
content-type
text/html; charset=UTF-8
status
200
cache-control
max-age=86400
accept-ranges
bytes
expires
Thu, 12 Nov 2020 14:46:26 GMT
gen.js
ads.themoneytizer.com/s/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.themoneytizer.com/s/gen.js?type=1
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.241.23 Dallas, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
nginx / PHP/5.4.45
Resource Hash
df8c0a338715a333687f5a25f14e5baedc7781aed18495b55a693734fed62e3b

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 11 Nov 2020 14:46:26 GMT
content-encoding
gzip
server
nginx
x-powered-by
PHP/5.4.45
vary
Accept-Encoding
x-cache
HIT
content-type
text/html; charset=UTF-8
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
3356
expires
Thu, 12 Nov 2020 14:46:22 GMT
choice.js
quantcast.mgr.consensu.org/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js
Requested by
Host: urlz.fr
URL: https://urlz.fr/e1VJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:f200:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c5adc1b2c4e9c9950cdd5f72bf4ff419bec31fb7a89d377c4e30380261a2ebab

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 11 Nov 2020 14:45:42 GMT
content-encoding
br
etag
"1af0efb9ff34918f748749751fa208d1"
last-modified
Wed, 23 Sep 2020 01:32:11 GMT
server
AmazonS3
age
45
x-amz-server-side-encryption
AES256
vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
status
200
x-amz-cf-pop
ZRH50-C1
x-amz-cf-id
n5Gw8JCrlJee7T3NQ_-jLmENkt7fxtySyQBKJsKWy70L_JmNdPe8oA==
via
1.1 eb7b239aed47669f8a7b6ac95bc8aff1.cloudfront.net (CloudFront)
/
g.themoneytizer.net/g/ 		26 B
271 B 		Script
General
Check archive.org
Download Go to
Full URL
https://g.themoneytizer.net/g/
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/gen.js?type=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
145.239.193.145 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
278393caf9e3b1246267fb79e95027449f041bbf8e8774a4cf46d72cc09b7405

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 11 Nov 2020 14:46:27 GMT
Server
nginx
X-IPLB-Request-ID
B9D4AB4B:5178_91EFC191:01BB_5FABF943_9FECEE5:22CEA
X-IPLB-Instance
29895
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
moneybile.js
ads.themoneytizer.com/ 		38 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.themoneytizer.com/moneybile.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/gen.js?type=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.241.23 Dallas, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
nginx /
Resource Hash
4006e0481f9cfffd3a579c3dcbdad1b6953e844c1e3c76a8d9f86844c98d87a3

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 11 Nov 2020 14:46:26 GMT
content-encoding
gzip
last-modified
Mon, 13 Jul 2020 16:40:37 GMT
server
nginx
etag
"7ff1-981e-5aa5559ba8e59"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
16267
expires
Thu, 12 Nov 2020 14:45:33 GMT
getjs.static.js
tag.contextweb.com/ 		30 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.contextweb.com/getjs.static.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/gen.js?type=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.148.27.133 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software
envoy /
Resource Hash
7b95feb0faa8a803225604b1353755447550ce19b3b167143402a44aba46e011

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Wed, 11 Nov 2020 14:46:27 GMT
content-encoding
gzip
x-envoy-upstream-service-time
2
server
envoy
content-length
10423
content-type
application/x-javascript; charset=utf-8
smart.js
ced-ns.sascdn.com/diff/js/
Redirect Chain
  • https://ww1097.smartadserver.com/config.js?nwid=1097
  • https://ced-ns.sascdn.com/diff/js/smart.js
32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ced-ns.sascdn.com/diff/js/smart.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.16 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BC2) /
Resource Hash
6e8c871975be29bb26543d00cd18fa047e4b4375c0f5618d29be2d6d3be67386

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 11 Nov 2020 14:46:27 GMT
content-encoding
gzip
last-modified
Tue, 10 Nov 2020 10:03:04 GMT
server
ECS (amb/6BC2)
age
16947
etag
"adbdf97f38751662c160738a7d673f87:1605002589.581548"
vary
Accept-Encoding
x-cache
HIT
content-type
application/x-javascript
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
9998

Redirect headers

location
https://ced-ns.sascdn.com/diff/js/smart.js
date
Wed, 11 Nov 2020 14:46:26 GMT
content-length
0
sync
gum.criteo.com/ 		49 B
370 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sync?c=147&r=2&j=criteoCallback
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/gen.js?type=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
005c3133bf387e1b00a5ec25effc468f7752591adac19a3782d200bf68a970f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
date
Wed, 11 Nov 2020 14:46:26 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
status
200
cache-control
private, max-age=3600
server-processing-duration-in-ticks
643
content-length
165
expires
60
libJsLP.js
tag.leadplace.fr/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.leadplace.fr/libJsLP.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/gen.js?type=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
145.239.193.51 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
06410fe0d6024ba0c2e0945c3ada3b0e1d3396ceadc0b413f188553fe487abde

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 11 Nov 2020 14:46:27 GMT
Last-Modified
Tue, 25 Aug 2020 14:23:09 GMT
Server
nginx/1.14.2
ETag
"5f451ecd-bf2"
X-IPLB-Instance
29923
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
3058
/
onetag-sys.com/usync/ Frame AA7E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1605105986971
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/gen.js?type=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.89.9.251 , Germany, ASN16276 (OVH, FR),
Reverse DNS
ip251.ip-51-89-9.eu
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

:method
GET
:authority
onetag-sys.com
:scheme
https
:path
/usync/?pubId=2a897e3f18e6769&cb=1605105986971
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://urlz.fr/e1VJ
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://urlz.fr/e1VJ

Response headers

status
200
content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
strict-transport-security
max-age=2592000
/
spl.zeotap.com/ Frame 49B7 		0
0
quant.js
secure.quantserve.com/ 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
87d73170be9a2e277c57d324c4e05ec0ac60ed3c0191fa29e7a31133b4c4c119

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 11 Nov 2020 14:46:27 GMT
content-encoding
gzip
etag
"O/+l6c17R2TQ0JQMJXOiXA=="
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Wed, 18 Nov 2020 14:46:27 GMT
px.js
p.cpx.to/p/12773/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p.cpx.to/p/12773/px.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.239.192.23 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-239-192-23.waw50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1ea660bcfc791da8eddbd1f6e7240bef0312064964e6cdee0d74c38e6a2ed043

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 08 Nov 2020 23:44:54 GMT
Content-Encoding
UTF-8
Connection
keep-alive
Last-Modified
Tue, 25 Aug 2020 15:08:48 GMT
Server
AmazonS3
Age
226893
ETag
"72097b27945ea3b5376f41afb8b17432"
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 465e661d27b2b6a1c349a5550c745b0f.cloudfront.net (CloudFront)
Cache-Control
max-age=2419200
X-Amz-Cf-Pop
WAW50-C1
Accept-Ranges
bytes
Content-Length
1631
X-Amz-Cf-Id
K8eM-8GpvUDsx-qPRaezsqQ00nUsvI0R_CF58ceMA47RSNcuN3n-PA==
notifyme.js
d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/ 		25 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.230.228.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-228-146.waw50.r.cloudfront.net
Software
Apache /
Resource Hash
b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 10 Nov 2020 20:08:18 GMT
Via
1.1 b6a3e4c49d0265073859268bbecf413b.cloudfront.net (CloudFront)
Last-Modified
Mon, 18 Feb 2019 16:54:28 GMT
Server
Apache
Age
113589
X-Cache
Hit from cloudfront
Content-Type
text/javascript
Connection
keep-alive
X-Amz-Cf-Pop
WAW50-C1
Accept-Ranges
bytes
Content-Length
25704
X-Amz-Cf-Id
EjCJymMr5fEvmmi4TNA-bI5Bbws43Y1kOi8AiUpugfpFzugeIMXoLQ==
186329-261067657875242.js
js-sec.indexww.com/ht/p/ 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/ht/p/186329-261067657875242.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-135.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
28138ab3b7a79737ca25c5323519407a663119cf46fec73aaf5361894a67fb51

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 11 Nov 2020 14:46:27 GMT
Content-Encoding
gzip
Last-Modified
Wed, 11 Nov 2020 14:01:06 GMT
Server
Apache
ETag
"764d7f-925a-5b3d539fffb0e"
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=927
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
Content-Length
12743
Expires
Wed, 11 Nov 2020 15:01:54 GMT
prebid.js
ads.themoneytizer.com/moneybid4_6/build/dist/ 		462 KB
145 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.themoneytizer.com/moneybid4_6/build/dist/prebid.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.241.23 Dallas, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
nginx /
Resource Hash
8976799612c70228d22c74a2cc0ef59e54f1eacfdb8e086056ab85c75ca0da72

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 11 Nov 2020 14:46:26 GMT
content-encoding
gzip
last-modified
Wed, 04 Nov 2020 20:44:00 GMT
server
nginx
etag
"3db4-738b9-5b34e09fdddd7"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
148403
expires
Thu, 12 Nov 2020 14:45:59 GMT
ResponsePage.aspx
forms.office.com/Pages/ Frame E0EB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
Requested by
Host: urlz.fr
URL: https://urlz.fr/e1VJ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.9.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
forms.office.com
:scheme
https
:path
/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://urlz.fr/e1VJ
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
DcLcid=ui=1033&data=1033; __RequestVerificationToken=ENHJDeeatVHLgUg64bhcSPfUOa86FLypcCMYWEXKa7wDNZLjzoCGeTLKI0jyELA_0DPb_WUV8BkqJG0YmwWaJTBTB8Hczy8PgyABZcSpWh81; AADNonce.forms=34455f04-af5d-44fe-9117-a2b4a290642b.637407027864300254; MSFPC=GUID=bd042a4a3f334f8a9619b4fa4d56b5cb&HASH=bd04&LV=202011&V=4&LU=1605105986912
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://urlz.fr/e1VJ

Response headers

status
200
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
text/html; charset=utf-8
content-encoding
gzip
expires
0
vary
Accept-Encoding
p3p
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
set-cookie
DcLcid=ui=1033&data=1033; expires=Thu, 11-Feb-2021 14:46:27 GMT; path=/; samesite=none; secure; HttpOnly
x-routingofficecluster
weu-001.forms.office.com
x-routingofficefe
FormsSingleBox_IN_10
x-routingofficeversion
16.0.13506.34204
x-routingsessionid
6e972dfc-14d5-4b9a-b72d-7ed514e7856e
x-routingcorrelationid
f78ade4d-a6d3-49f9-be3d-16bc504a34af
x-correlationid
f78ade4d-a6d3-49f9-be3d-16bc504a34af
x-usersessionid
6e972dfc-14d5-4b9a-b72d-7ed514e7856e
x-officefe
FormsSingleBox_IN_10
x-officeversion
16.0.13506.34204
x-officecluster
weu-001.forms.office.com
x-failurereason
MissingCookieOrToken
x-robots-tag
noindex, nofollow
link
<https://cdn.forms.office.net/forms>; rel=preconnect; crossorigin=anonymous
x-aspnet-version
x-powered-by
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-msedge-ref
Ref A: CA2D874D43024A7382010214A7B52A11 Ref B: DB3EDGE0815 Ref C: 2020-11-11T14:46:27Z
date
Wed, 11 Nov 2020 14:46:27 GMT
id5_cm
ads.creative-serving.com/
Redirect Chain
  • https://id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=
  • https://id5-sync.com/c/12/0/9/1.gif?gdpr=1&gdpr_consent=
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-ZHMOKS-ZV2a_gU5W5dEXCFWPsdKURKafE1zwxAu5eA&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F3%2F8%2F2.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D1%26gd...
  • https://id5-sync.com/c/12/3/8/2.gif?puid=589c5fab-f942-4f00-b6c0-6124616642b9&gdpr=1&gdpr_consent=
  • https://sync.crwdcntrl.net/map/c=13953/tp=IDFI/gdpr=1/gdpr_consent=?https://id5-sync.com/c/12/19/7/3.gif?puid=${profile_id}&gdpr=1&gdpr_consent=
  • https://sync.crwdcntrl.net/map/ct=y/c=13953/tp=IDFI/gdpr=1/gdpr_consent=?https://id5-sync.com/c/12/19/7/3.gif?puid=${profile_id}&gdpr=1&gdpr_consent=
  • https://id5-sync.com/c/12/19/7/3.gif?puid=995077e462db488fb7727118f17cd192&gdpr=1&gdpr_consent=
  • https://ads.creative-serving.com/id5_cm?callback=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F101%2F6%2F4.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3D
0
0
analytics.js
www.google-analytics.com/ 		46 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-162669458-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
5439
date
Wed, 11 Nov 2020 13:15:48 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Wed, 11 Nov 2020 15:15:48 GMT
cmp2.js
quantcast.mgr.consensu.org/tcfv2/ 		263 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/tcfv2/cmp2.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:f200:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ff465494895c140fd64990db088bc91035c73c5a35fd77d97f7530004d65fda6

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 11 Nov 2020 14:45:43 GMT
content-encoding
gzip
last-modified
Thu, 05 Nov 2020 21:40:29 GMT
server
AmazonS3
age
44
etag
"23437f9f6f5cacf447062304df25440f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
status
200
x-amz-meta-qc-ineu
True
x-amz-cf-pop
ZRH50-C1
x-amz-cf-id
ulKvj16rKwMzIht0RkQbxyA0kLg756ycicSZB_1GhUcmv45ClOnlmQ==
via
1.1 eb7b239aed47669f8a7b6ac95bc8aff1.cloudfront.net (CloudFront)
rules-p-6Fv0cGNfc_bw8.js
rules.quantcount.com/ 		1 KB
996 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:7200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
46d5273d735391f5c05f0fb82df9a363a290419c3aeea2d64dfc0d46de9a9681

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 11 Nov 2020 14:29:57 GMT
content-encoding
gzip
last-modified
Mon, 19 Mar 2018 22:28:36 GMT
server
AmazonS3
age
991
etag
W/"9a93052877e57b42aeefaab6e7ec5f90"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
status
200
cache-control
max-age=3600
x-amz-cf-pop
WAW50-C1
x-amz-cf-id
_waHMykG_WckWC_nURgerg4zn6cEATXK2ioYGXCoBCw4qIL1ZsyVrA==
via
1.1 dce4c8b7b9f77858bc00bb5154e30f3c.cloudfront.net (CloudFront)
collect
www.google-analytics.com/j/ 		1 B
403 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=918806381&t=pageview&_s=1&dl=https%3A%2F%2Furlz.fr%2Fe1VJ&ul=en-us&de=UTF-8&dt=Microsoft%20Forms&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=66968658&gjid=1897995655&cid=303245094.1605105987&tid=UA-162669458-1&_gid=308750805.1605105987&_r=1&gtm=2ouas1&z=560229966
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 11 Nov 2020 14:46:27 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
text/plain
access-control-allow-origin
https://urlz.fr
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
google-atp-list.json
quantcast.mgr.consensu.org/tcfv2/ 		156 KB
37 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/tcfv2/google-atp-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:f200:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4d91424b790479d34c143c27a89a58d7eec95e776766f6684de150b0b66490de

Request headers

Accept
application/json, text/plain, */*
Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 11 Nov 2020 03:00:29 GMT
content-encoding
br
age
42359
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Wed, 11 Nov 2020 03:00:27 GMT
server
AmazonS3
etag
W/"718473e9115eb0901b11be4f7e9dd8bf"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json
via
1.1 9c70db7b93d63d4e23f775d04664db64.cloudfront.net (CloudFront)
cache-control
max-age:86400
x-amz-cf-pop
ZRH50-C1
x-amz-cf-id
stD95snbnUl5FrrtV07xYFfsM70qWMS-79j2CsOeBRf_m2hUF2pCuw==
identity
api.rlcdn.com/api/ 		44 B
323 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/186329-261067657875242.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.207.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Wed, 11 Nov 2020 14:46:27 GMT
via
1.1 google
x-content-type-options
nosniff
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
status
451
access-control-allow-methods
GET, OPTIONS
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://urlz.fr
access-control-allow-credentials
true
alt-svc
clear
content-length
44
rid
match.adsrvr.org/track/ 		109 B
539 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=186329
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/186329-261067657875242.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.195.113.118 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
b2f651691425359a2955ce1670d4b75acb5d4e4a2041b7092f806c751c73be97

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Wed, 11 Nov 2020 14:46:27 GMT
x-aspnet-version
4.0.30319
status
200
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://urlz.fr
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
109
expires
Fri, 11 Dec 2020 14:46:27 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.0.0/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
Requested by
Host: d2zur9cc2gf1tx.cloudfront.net
URL: https://d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 08 Nov 2020 00:31:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
310514
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30186
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 08 Nov 2021 00:31:13 GMT
cmp-list.json
test.quantcast.mgr.consensu.org/GVL-v2/ 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://test.quantcast.mgr.consensu.org/GVL-v2/cmp-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:5800:3:a4cd:8380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
23ff951b336ec84bff274980c2bf57c62ee7cd156df66962e571a6d974f2c7a0

Request headers

Accept
application/json, text/plain, */*
Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 11 Nov 2020 03:00:35 GMT
content-encoding
br
age
42352
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Tue, 10 Nov 2020 19:52:29 GMT
server
AmazonS3
etag
W/"0fef2cd5f702d065f34adaa1ba5e5806"
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-version-id
IRZGPM39g.nP5uqi54LhI2PHBUp4lhYI
via
1.1 5e318b3ea3fa81a8c20898c2f8c40e7c.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-cf-pop
ZRH50-C1
content-type
application/json
x-amz-cf-id
R91Zp0TI-9PRlIwpp8Rc8AdxRxX0OKh01OJn8HdQmv4E0wGnyYvNwQ==
notifyme.php
adtrack.adleadevent.com/ 		0
518 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
176.34.189.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-176-34-189-119.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 11 Nov 2020 14:46:27 GMT
Content-Encoding
gzip
Last-Modified
Wed, 11 Nov 2020 14:46:27 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://urlz.fr
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
Expires
Sat, 26 Jul 1997 05:00:00 GMT
vendor-list.json
quantcast.mgr.consensu.org/GVL-v2/ 		206 KB
29 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/GVL-v2/vendor-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:f200:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dc131bdacfc1e8443a7b502cccd6659791ee066975ed4ea22e32483125044a8d

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 10 Nov 2020 23:59:14 GMT
content-encoding
gzip
age
53234
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Thu, 05 Nov 2020 23:59:10 GMT
server
AmazonS3
etag
"ccca29f7226d70794a323a4f53558c3d"
vary
Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
via
1.1 9c70db7b93d63d4e23f775d04664db64.cloudfront.net (CloudFront)
cache-control
max-age:518400
access-control-allow-credentials
true
x-amz-cf-pop
ZRH50-C1
x-amz-cf-id
NvOVPsi6f8r6bD2ucFm2brq4ikLnC55r5sEM6W8THIJ96XVNdFyMjw==
headerstats
as-sec.casalemedia.com/ 		0
305 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/headerstats?s=415712&u=https%3A%2F%2Furlz.fr%2Fe1VJ&v=3
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/186329-261067657875242.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-135.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Wed, 11 Nov 2020 14:46:27 GMT
Server
Apache
Access-Control-Allow-Origin
https://urlz.fr
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Wed, 11 Nov 2020 14:46:27 GMT
wckr.php
tag.leadplace.fr/ Frame 953D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tag.leadplace.fr/wckr.php?nogdpr&gdpr=1&gdpr_consent=&id=MTIZ
Requested by
Host: tag.leadplace.fr
URL: https://tag.leadplace.fr/libJsLP.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
145.239.193.51 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash

Request headers

Host
tag.leadplace.fr
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://urlz.fr/e1VJ
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://urlz.fr/e1VJ

Response headers

Server
nginx/1.14.2
Date
Wed, 11 Nov 2020 14:46:27 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
X-IPLB-Instance
29923
fire.js
s.cpx.to/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.cpx.to/fire.js?pid=12773&ref=&hn_ver=11&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf
Requested by
Host: p.cpx.to
URL: https://p.cpx.to/p/12773/px.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.34.175.121 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-34-175-121.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Wed, 11 Nov 2020 14:46:27 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Content-Length
1044
Expires
Tue, 27 Oct 2020 11:18:49 GMT
cmp2ui-en.js
quantcast.mgr.consensu.org/tcfv2/21/ 		518 KB
145 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/tcfv2/21/cmp2ui-en.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:f200:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d57977eb4dce878622263a6b26a0656d995c2ed7020341bff8f69ce1e5c82d0f

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 21:40:31 GMT
content-encoding
gzip
age
493557
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
access-control-max-age
604800
access-control-allow-origin
*
last-modified
Thu, 05 Nov 2020 21:39:54 GMT
server
AmazonS3
etag
W/"daf04faba84df4c84506f95af29844ea"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
via
1.1 eb7b239aed47669f8a7b6ac95bc8aff1.cloudfront.net (CloudFront)
cache-control
max-age=604800
x-amz-cf-pop
ZRH50-C1
x-amz-cf-id
qq5rohWAh6BePNS-CvCwk56sdw7cv2wYJnZ7aJajnK_yE-IWQFDSgw==
/
audit-tcfv2.quantcast.mgr.consensu.org/ 		80 B
513 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://audit-tcfv2.quantcast.mgr.consensu.org/?log=%7B%22accountId%22%3A%226Fv0cGNfc_bw8%22%2C%22publisher%22%3A%22themoneytizer.com%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.21%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22Q1fPtWxTMOlDK0x3oBN44w%22%2C%22clientTimestamp%22%3A1605105987317%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-o4l09je0l38h8iyrjbna%22%7D
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/21/cmp2ui-en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.93.62 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-93-62.zrh50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

Accept
application/json, text/plain, */*
Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 10 Nov 2020 16:19:58 GMT
via
1.1 5e318b3ea3fa81a8c20898c2f8c40e7c.cloudfront.net (CloudFront)
vary
Origin
age
80790
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
content-length
80
last-modified
Tue, 26 Nov 2019 14:21:44 GMT
server
AmazonS3
etag
"0614149d8033903db5de46d6c184bbfd"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/html
access-control-allow-origin
*
x-amz-cf-pop
ZRH50-C1
accept-ranges
bytes
x-amz-cf-id
jBsaNqa8-EP1cmF_7eCM-TbI64spn3_QutLZhAV_n6SwkLtIi5aUHQ==
an_fire
s.cpx.to/
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12773%26ref%3D%26hn_ver%3D11%26fid%3D8562c82f-5ea6-4342-adc9-8ea3367f88bf
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12773%2526ref%253D%2526hn_ver%253D11%2526fid%253D8562c82f-5ea6-4342-a...
  • https://s.cpx.to/an_fire?app_nexus_uid=876432037312674305&pid=12773&ref=&hn_ver=11&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf
0
0
sync
s.cpx.to/
Redirect Chain
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D8562c82f-5ea6-4342-adc9-8ea3367f88bf
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D8562c82f-5ea6-4342-adc9-8ea3367f88bf
  • https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=BC55DCFD-5781-4EAD-8AC6-90D5C6E4A24E&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf
95 B
881 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=BC55DCFD-5781-4EAD-8AC6-90D5C6E4A24E&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.34.175.121 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-34-175-121.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Wed, 11 Nov 2020 14:46:27 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Content-Length
95
Expires
Wed, 11 Nov 2020 14:46:27 GMT

Redirect headers

Location
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=BC55DCFD-5781-4EAD-8AC6-90D5C6E4A24E&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf
Date
Wed, 11 Nov 2020 14:46:27 GMT
X-Cnection
close
Server
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
447
Content-Type
text/html; charset=iso-8859-1
sync.gif
dmp.truoptik.com/0362536315099b06/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.truoptik.com/0362536315099b06/sync.gif?cbk=https%3A%2F%2Fs.cpx.to%2Fsync&dsp=TRUOPTIK&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf&fck=6d23b39b6b8e1f1e&cbp=dsp_uid
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.91.60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
ca.png
s.cpx.to/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf&google_tc=
  • https://s.cpx.to/ca.png?dsp=dbm&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf&google_gid=CAESECu1vLLLrZAPgJojntVYmhQ&google_cver=1
0
0
sync
s.cpx.to/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
  • https://s.cpx.to/sync?dsp_uid=87dc6231-b1c2-4bee-a335-c047a8cbb495&dsp=TTD
95 B
876 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/sync?dsp_uid=87dc6231-b1c2-4bee-a335-c047a8cbb495&dsp=TTD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.34.175.121 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-34-175-121.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Wed, 11 Nov 2020 14:46:27 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Content-Length
95
Expires
Wed, 11 Nov 2020 14:46:27 GMT

Redirect headers

pragma
no-cache
date
Wed, 11 Nov 2020 14:46:27 GMT
x-aspnet-version
4.0.30319
status
302
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://s.cpx.to/sync?dsp_uid=87dc6231-b1c2-4bee-a335-c047a8cbb495&dsp=TTD
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
179
sync
s.cpx.to/
Redirect Chain
  • https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D8562c82f-5ea6-4342-adc9-8ea3367f88bf
  • https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D8562c82f-5ea6-4342-adc9-8ea3367f88bf&cklb=1
  • https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=825942577872066094&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf
0
0
sync
pool.grid-data.bidswitch.net/ 		43 B
300 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pool.grid-data.bidswitch.net/sync?pid=42
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.120.21 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://urlz.fr/e1VJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 11 Nov 2020 14:46:27 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Content-Length
43
Content-Type
image/gif
Primary Request ResponsePage.aspx
forms.office.com/Pages/ 		402 KB
116 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
Requested by
Host: urlz.fr
URL: https://urlz.fr/e1VJ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.9.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ed9404588c33679b7e98389b4659334fa512d4547be55985f3a3fc63a5ca105c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
forms.office.com
:scheme
https
:path
/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://urlz.fr/e1VJ
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
DcLcid=ui=1033&data=1033; __RequestVerificationToken=ENHJDeeatVHLgUg64bhcSPfUOa86FLypcCMYWEXKa7wDNZLjzoCGeTLKI0jyELA_0DPb_WUV8BkqJG0YmwWaJTBTB8Hczy8PgyABZcSpWh81; AADNonce.forms=34455f04-af5d-44fe-9117-a2b4a290642b.637407027864300254; MSFPC=GUID=bd042a4a3f334f8a9619b4fa4d56b5cb&HASH=bd04&LV=202011&V=4&LU=1605105986912
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://urlz.fr/e1VJ

Response headers

status
200
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
text/html; charset=utf-8
content-encoding
gzip
expires
0
vary
Accept-Encoding
p3p
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
set-cookie
DcLcid=ui=1033&data=1033; expires=Thu, 11-Feb-2021 14:46:27 GMT; path=/; samesite=none; secure; HttpOnly
x-routingofficecluster
weu-001.forms.office.com
x-routingofficefe
FormsSingleBox_IN_1
x-routingofficeversion
16.0.13506.34204
x-routingsessionid
854a630c-8791-4ac9-8b99-54d5f73d81fd
x-routingcorrelationid
c8af86f4-da7c-4b4c-8ec6-229864f2430c
x-correlationid
c8af86f4-da7c-4b4c-8ec6-229864f2430c
x-usersessionid
854a630c-8791-4ac9-8b99-54d5f73d81fd
x-officefe
FormsSingleBox_IN_4
x-officeversion
16.0.13506.34204
x-officecluster
weu-001.forms.office.com
x-failurereason
MissingCookieOrToken
x-robots-tag
noindex, nofollow
link
<https://cdn.forms.office.net/forms>; rel=preconnect; crossorigin=anonymous
x-aspnet-version
x-powered-by
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-msedge-ref
Ref A: E9801AEF8F6B4D13B13C98EC919DD473 Ref B: DB3EDGE0815 Ref C: 2020-11-11T14:46:27Z
date
Wed, 11 Nov 2020 14:46:27 GMT
light-response-page.chunk.vendors.2064c15.js
cdn.forms.office.net/forms/scripts/dists/ 		133 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.vendors.2064c15.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.177.90 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-177-90.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
58304476d3a72662b9edd601e177a877f24ace513bd9ff1a0f6971204994bd80

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 11 Nov 2020 14:46:27 GMT
content-encoding
br
content-md5
iFmlXNvF9StT+PVLg97OQw==
status
200
content-length
43252
x-ms-lease-status
unlocked
last-modified
Fri, 06 Nov 2020 08:48:25 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D88230B961B126
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
557f3696-e01e-005b-4e1d-b453a8000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Thu, 11 Nov 2021 14:46:27 GMT
light-response-page.chunk.ext.7b32dfa.js
cdn.forms.office.net/forms/scripts/dists/ 		156 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.ext.7b32dfa.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.177.90 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-177-90.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
425fb21ba23eae697a5e7e409fd8136a8befe31e4bf86255c03c837972dacd48

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 11 Nov 2020 14:46:27 GMT
content-encoding
br
content-md5
XHVl2eI75wNw9YM45f5iOQ==
status
200
content-length
41036
x-ms-lease-status
unlocked
last-modified
Sat, 07 Nov 2020 02:08:48 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D882C2104C8C06
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
4b30493f-201e-010d-5abc-b4fd8d000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Thu, 11 Nov 2021 14:46:27 GMT
jsll-4.js
az725175.vo.msecnd.net/scripts/ 		55 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://az725175.vo.msecnd.net/scripts/jsll-4.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.19.160 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/8B30) /
Resource Hash
0cd276ca60dcb0f9d19cdf696f5c75e68ba28ed9115b0171c6138cfdbad5c694

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 11 Nov 2020 14:46:27 GMT
content-encoding
gzip
content-md5
6MuJ0polBYxf+MsUfabf2Q==
age
786
x-cache
HIT
status
200
content-length
18365
x-ms-lease-status
unlocked
last-modified
Wed, 07 Oct 2020 19:06:44 GMT
server
ECAcc (ama/8B30)
etag
0x8D86AF42210ED79
vary
Accept-Encoding
content-type
text/javascript; charset="utf-8"
x-ms-request-id
d3ec9550-c01e-0055-4237-b8245c000000
cache-control
public, max-age=1800, immutable
x-ms-version
2009-09-19
'en-us'
forms.office.com/formapi/api/e5cf4c3f-cfbe-4d48-9553-040e0b3e3416/users/263c829f-4843-409f-b858-3db078f81bd7/forms('P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u'... 		2 B
467 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/formapi/api/e5cf4c3f-cfbe-4d48-9553-040e0b3e3416/users/263c829f-4843-409f-b858-3db078f81bd7/forms('P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u')/localeResource/'en-us'
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.ext.7b32dfa.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.9.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

odata-version
4.0
x-correlationid
9adeb79b-19b2-4cd0-866a-d190623908d7
x-usersessionid
854a630c-8791-4ac9-8b99-54d5f73d81fd
x-ms-form-request-ring
business
authorization
content-type
application/json
accept
application/json
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
odata-maxverion
4.0
__requestverificationtoken
bzypPadXHlMWaxKbXIzftQA1_cpYPE3g9yAiZRAZCBrOOaX3HyaJl6wZWul0s7cQKKeukm63yvWw8oEe4OGExCLXJhwynGDvxp9jRJBvL9E1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
shareinvitationkey
undefined
x-ms-form-request-source
ms-formweb

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
x-aspnet-version
x-officeversion
16.0.13506.34204
x-officefe
FormsSingleBox_IN_0, FormsSingleBox_IN_6
p3p
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
status
200
content-length
34
x-routingofficefe
FormsSingleBox_IN_9
pragma
no-cache
x-routingofficeversion
16.0.13506.34204
x-correlationid
9adeb79b-19b2-4cd0-866a-d190623908d7
x-officecluster
neu-000.forms.office.com
x-usersessionid
854a630c-8791-4ac9-8b99-54d5f73d81fd
x-powered-by
date
Wed, 11 Nov 2020 14:46:27 GMT
vary
Accept-Encoding
content-type
application/json; charset=utf-8
x-routingcorrelationid
9adeb79b-19b2-4cd0-866a-d190623908d7
cache-control
no-cache
x-failurereason
MissingCookieOrToken
x-routingsessionid
854a630c-8791-4ac9-8b99-54d5f73d81fd
x-msedge-ref
Ref A: 556B0B662042429F8CE75B2C6FBE5110 Ref B: DB3EDGE0815 Ref C: 2020-11-11T14:46:27Z
x-robots-tag
noindex, nofollow
x-routingofficecluster
neu-000.forms.office.com
expires
-1
truncated
/ 		4 KB
4 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3bae6a22d3a541378e9e28de2d914a9bca8d0caa7174643030821f6016c662da

Request headers

Origin
https://forms.office.com
Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
font/woff2;charset=utf-8
c.gif
c.office.com/
Redirect Chain
  • https://c.office.com/c.gif
  • https://c.bing.com/c.gif?&CtsSyncId=C25D4D040D914F509741C77392E00977&RedC=c.office.com&MXFR=21D54634447C6F77134F494B407C6408
  • https://c.office.com/c.gif?&CtsSyncId=C25D4D040D914F509741C77392E00977&MUID=2631409FBEBC6D7719164FE0BABC66E0
42 B
214 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.office.com/c.gif?&CtsSyncId=C25D4D040D914F509741C77392E00977&MUID=2631409FBEBC6D7719164FE0BABC66E0
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 11 Nov 2020 14:46:27 GMT
etag
"4ac1f9bd94acd61:0"
last-modified
Tue, 27 Oct 2020 19:09:49 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
status
200
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42

Redirect headers

pragma
no-cache
date
Wed, 11 Nov 2020 14:46:27 GMT
x-msedge-ref
Ref A: 9C60C46BD2BA4308BE753B57484A7BFC Ref B: FRAEDGE1315 Ref C: 2020-11-11T14:46:27Z
x-powered-by
ASP.NET
status
302
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.office.com/c.gif?&CtsSyncId=C25D4D040D914F509741C77392E00977&MUID=2631409FBEBC6D7719164FE0BABC66E0
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
t.js
web.vortex.data.microsoft.com/collect/v1/ 		45 B
407 B 		Script
General
Check archive.org
Download Go to
Full URL
https://web.vortex.data.microsoft.com/collect/v1/t.js?ver=%272.1%27&name=%27Ms.Webi.PageView%27&time=%272020-11-11T14%3A46%3A27.688Z%27&os=%27MacOS%27&appId=%27JS%3Aforms.office.com%27&-ver=%271.0%27&-impressionGuid=%27a8068432-44c5-4bba-8b46-d245f54c53b2%27&-pageName=%27ResponsePage.aspx%27&-uri=%27https%3A%2F%2Fforms.office.com%2FPages%2FResponsePage.aspx%3Fid%3DP0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u%27&-referrerUri=%27https%3A%2F%2Furlz.fr%2Fe1VJ%27&-resHeight=1200&-resWidth=1600&-pageTags=%27%7B%22metaTags%22%3A%7B%7D%7D%27&-behavior=0&*baseType=%27Ms.Content.PageView%27&*cookieEnabled=true&*isJs=true&*title=%27T%C3%A9l%C3%A9travail%20%3A%20Comment%20Dataprotect%20vous%20accompagne%20%C3%A0%20s%C3%A9curiser%20vos%20donn%C3%A9es%20avec%20MobileIron%27&*isLoggedIn=false&*flashInstalled=false&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.3.3%27&ext-javascript-domain=%27forms.office.com%27&ext-javascript-msfpc=%27GUID%3Dbd042a4a3f334f8a9619b4fa4d56b5cb%26HASH%3Dbd04%26LV%3D202011%26V%3D4%26LU%3D1605105986912%27&ext-javascript-userConsent=false&$mscomCookies=false
Requested by
Host: az725175.vo.msecnd.net
URL: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.77.226.250 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c9a4dd7b50eeb82a90457cb58ab085c427494828b3c8c8b5649c6c51b3c65175
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 11 Nov 2020 14:46:27 GMT
X-Content-Type-Options
nosniff
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control
no-cache, no-store
MS-CV
/JwNXz1ED06R5CVnaDTEug.0
Content-Type
application/javascript
Content-Length
45
Expires
0
v1
web.vortex.data.microsoft.com/collect/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://web.vortex.data.microsoft.com/collect/v1?$mscomCookies=false&ext-javascript-msfpc=%27GUID%3Dbd042a4a3f334f8a9619b4fa4d56b5cb%26HASH%3Dbd04%26LV%3D202011%26V%3D4%26LU%3D1605105986912%27
Requested by
Host: az725175.vo.msecnd.net
URL: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.77.226.250 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://forms.office.com
Access-Control-Allow-Headers
Accept, Authorization, Content-Type, Origin, X-Xbl-Contract-Version, X-Xbl-Device-Type, Xbl-Authz-Actor-10, WithCredentials
Access-Control-Allow-Credentials
true
/
browser.pipe.aria.microsoft.com/Collector/3.0/ 		0
397 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://browser.pipe.aria.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.6.0&x-apikey=2ddc7e5f54754fc68f3ae1c5b7f3eb20-1883aa8c-4c7b-42d1-b3d6-c9cdb5956783-7092&client-time-epoch-millis=1605105989796&time-delta-to-apply-millis=use-collector-delta
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.ext.7b32dfa.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
138.91.136.108 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=P0zP5b7PSE2VUwQOCz40Fp-CPCZDSJ9AuFg9sHj4G9dUOEhVSEI2Uzc0WVJQN09DNFY1WExKMTJYQS4u
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 11 Nov 2020 14:46:30 GMT
Server
Microsoft-HTTPAPI/2.0
time-delta-millis
615
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
kill-tokens, kill-duration-seconds, time-delta-millis
Access-Control-Allow-Headers
Accept, Content-Type, Content-Encoding, Client-Id
Content-Length
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
spl.zeotap.com
URL
https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
Domain
ads.creative-serving.com
URL
https://ads.creative-serving.com/id5_cm?callback=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F101%2F6%2F4.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3D
Domain
s.cpx.to
URL
https://s.cpx.to/an_fire?app_nexus_uid=876432037312674305&pid=12773&ref=&hn_ver=11&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf
Domain
s.cpx.to
URL
https://s.cpx.to/ca.png?dsp=dbm&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf&google_gid=CAESECu1vLLLrZAPgJojntVYmhQ&google_cver=1
Domain
s.cpx.to
URL
https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=825942577872066094&fid=8562c82f-5ea6-4342-adc9-8ea3367f88bf

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes string| formsInitialVisibility object| NavKeyPoints function| reloadNoCdn object| OfficeFormServerInfo object| FormPrefetchCache object| perf__ function| setPublicPath function| replaceChunkSrc object| webpackJsonp object| lrpIoC object| awa string| behaviorKey

5 Cookies

Domain/Path Name / Value
.office.com/ Name: MUID
Value: 2631409FBEBC6D7719164FE0BABC66E0
.forms.office.com/ Name: AADNonce.forms
Value: 34455f04-af5d-44fe-9117-a2b4a290642b.637407027864300254
forms.office.com/ Name: MSFPC
Value: GUID=bd042a4a3f334f8a9619b4fa4d56b5cb&HASH=bd04&LV=202011&V=4&LU=1605105986912
forms.office.com/ Name: __RequestVerificationToken
Value: ENHJDeeatVHLgUg64bhcSPfUOa86FLypcCMYWEXKa7wDNZLjzoCGeTLKI0jyELA_0DPb_WUV8BkqJG0YmwWaJTBTB8Hczy8PgyABZcSpWh81
forms.office.com/ Name: DcLcid
Value: ui=1033&data=1033

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.creative-serving.com
ads.themoneytizer.com
adtrack.adleadevent.com
ajax.cloudflare.com
ajax.googleapis.com
api.rlcdn.com
as-sec.casalemedia.com
audit-tcfv2.quantcast.mgr.consensu.org
az725175.vo.msecnd.net
browser.pipe.aria.microsoft.com
c.bing.com
c.office.com
cdn.forms.office.net
ced-ns.sascdn.com
d2zur9cc2gf1tx.cloudfront.net
dmp.truoptik.com
forms.office.com
g.themoneytizer.net
gum.criteo.com
image2.pubmatic.com
js-sec.indexww.com
match.adsrvr.org
onetag-sys.com
p.cpx.to
pool.grid-data.bidswitch.net
quantcast.mgr.consensu.org
rules.quantcount.com
s.cpx.to
secure.quantserve.com
spl.zeotap.com
tag.contextweb.com
tag.leadplace.fr
test.quantcast.mgr.consensu.org
urlz.fr
web.vortex.data.microsoft.com
ww1097.smartadserver.com
www.google-analytics.com
www.googletagmanager.com
ads.creative-serving.com
s.cpx.to
spl.zeotap.com
104.111.215.135
104.16.91.60
13.107.9.194
13.224.93.62
138.91.136.108
145.239.193.145
145.239.193.51
151.139.241.23
152.199.19.160
176.34.189.119
18.195.120.21
185.64.190.80
185.86.137.113
198.148.27.133
2.16.177.90
2600:9000:20ae:7200:6:44e3:f8c0:93a1
2600:9000:2190:5800:3:a4cd:8380:93a1
2600:9000:2190:f200:9:46dc:4700:93a1
2606:4700:3038::6815:ead7
2606:4700::6810:a723
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2620:1ec:c11::200
2a00:1450:4001:801::200e
2a00:1450:4001:81a::200e
2a00:1450:4001:820::2008
2a00:1450:4001:821::200a
2a02:2638::1c
34.120.207.148
40.77.226.250
51.89.9.251
52.142.114.2
54.195.113.118
54.230.228.146
54.239.192.23
63.34.175.121
68.232.35.16
005c3133bf387e1b00a5ec25effc468f7752591adac19a3782d200bf68a970f0
06410fe0d6024ba0c2e0945c3ada3b0e1d3396ceadc0b413f188553fe487abde
0cd276ca60dcb0f9d19cdf696f5c75e68ba28ed9115b0171c6138cfdbad5c694
0f2a4ba1b696f59dd222aa8874cc25c0899d68b1625e422881869ea205e1571d
1ea660bcfc791da8eddbd1f6e7240bef0312064964e6cdee0d74c38e6a2ed043
23ff951b336ec84bff274980c2bf57c62ee7cd156df66962e571a6d974f2c7a0
266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d
278393caf9e3b1246267fb79e95027449f041bbf8e8774a4cf46d72cc09b7405
28138ab3b7a79737ca25c5323519407a663119cf46fec73aaf5361894a67fb51
369e3f033b9759ec7433cc409b2d803c9ec59c66ec81ac12d62334108b52e258
3bae6a22d3a541378e9e28de2d914a9bca8d0caa7174643030821f6016c662da
4006e0481f9cfffd3a579c3dcbdad1b6953e844c1e3c76a8d9f86844c98d87a3
4259d85a8e573027a5790c583f2afead0e844ee846a2638f15820a51c3da8be5
425fb21ba23eae697a5e7e409fd8136a8befe31e4bf86255c03c837972dacd48
46d5273d735391f5c05f0fb82df9a363a290419c3aeea2d64dfc0d46de9a9681
4d91424b790479d34c143c27a89a58d7eec95e776766f6684de150b0b66490de
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
58304476d3a72662b9edd601e177a877f24ace513bd9ff1a0f6971204994bd80
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e8c871975be29bb26543d00cd18fa047e4b4375c0f5618d29be2d6d3be67386
7b95feb0faa8a803225604b1353755447550ce19b3b167143402a44aba46e011
87d73170be9a2e277c57d324c4e05ec0ac60ed3c0191fa29e7a31133b4c4c119
8976799612c70228d22c74a2cc0ef59e54f1eacfdb8e086056ab85c75ca0da72
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9b0d34b215897e4a81fa6880225430b1a352dc4a82d4dbeaa44f2817a1bfe1c5
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
b2f651691425359a2955ce1670d4b75acb5d4e4a2041b7092f806c751c73be97
b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213
c5adc1b2c4e9c9950cdd5f72bf4ff419bec31fb7a89d377c4e30380261a2ebab
c9a4dd7b50eeb82a90457cb58ab085c427494828b3c8c8b5649c6c51b3c65175
cea447ae7696795e4be40189c7b7750b51c91f71b217b99d4d578dc0d319a094
d57977eb4dce878622263a6b26a0656d995c2ed7020341bff8f69ce1e5c82d0f
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
dc131bdacfc1e8443a7b502cccd6659791ee066975ed4ea22e32483125044a8d
df8c0a338715a333687f5a25f14e5baedc7781aed18495b55a693734fed62e3b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
ed9404588c33679b7e98389b4659334fa512d4547be55985f3a3fc63a5ca105c
ff465494895c140fd64990db088bc91035c73c5a35fd77d97f7530004d65fda6