tgfunnls.org Open in urlscan Pro
2606:4700:3033::ac43:bc5b Public Scan

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:21:56 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H3-29 200 flags.png
tchfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 15ms
14ms Image
image/png 2606:4700:3031::ac43:da2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tchfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tchfunnls.org
URL: https://tchfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:da2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6IjZHbWtha1wvS1wvc1RWS09SekY2WW5Fdz09IiwidmFsdWUiOiJFeFdKMHVtRE1WQXd5UU9qVGZKUkx4VEh0VTRpR0NxdnpYSkVVdGRkWnlhZW9HWGFHRkpwbHdoQTMwZFhuWWl3IiwibWFjIjoiNzA4NzAwMDQ5NWRlMGQwNjk3ZDBlYjE3MmNkYjljODAzNDZjNTZkMTEyMjUyZWQzOWU4MzE0M2QxMDY2Mzg3MiJ9; c=eyJpdiI6IjdvVHZENXRkWlVsd0Rta0FJMXZhQmc9PSIsInZhbHVlIjoid3VVOVRONm5SbkpcL1dscDczSytPdzM1Sm12QysyaXFuVE9CblExTmJxTXJjYmgwSnJmQkpqR2k4eUljcGdCMzgiLCJtYWMiOiJhODAyNDI4ZmM3OWMyYTc2YTlkNjBlNTZhODZiZTRiYzA2OGQ5MjU1NGFjYTgwNDMzNDM1ZmY0MGE1ODRhMjZhIn0%3D; _vwo_uuid_v2=D91AC7FF8FA6AA9A0265947089A921080|02368fb74e7e9362956209b9074a9505
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tchfunnls.org
referer: https://tchfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tchfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:56 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5846
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: "61113bce-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IqhaD%2Bh7kMFpHIn1C3FKl8yJCsvXpwbOIG60Z%2BF9qB9%2BehJcRzkncg2OFDRlLOBDk3QCSMCD8kdPBB2qQZEENwlp2Uh3kjvaSfnnhuA8bQG1kl%2FXk0U76nI%2Fej1iDQA3NWtlpENwAhE3Kpge"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d32ef3e2b16-FRA

GET
H/1.1 200
OK trackpush.min.js Show response
s3.amazonaws.com/cdn.aimtell.com/trackpush/ 46 KB
13 KB 425ms
117ms Script
text/javascript 52.216.19.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/cdn.aimtell.com/trackpush/trackpush.min.js
Requested by: Host: tchfunnls.org
URL: https://tchfunnls.org/dly1st/?hitid=wrjbtgur9utgccm9il8eae0s&qze=3&aff_sub=IG23&aff_sub2=FTMG_DE_DAILY_DE-SUG-002&aff_sub3=110821&aff_sub4=60efeebff729d90017e8589b&tpsiteid=24220
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.19.75 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 839741000c77d2606bc8b695ba0bb9cc4b8ef484f8b6babd649e6bef0d607f3e

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:21:57 GMT
Content-Encoding: gzip
Last-Modified: Mon, 09 Aug 2021 21:49:58 GMT
Server: AmazonS3
x-amz-request-id: SZVHP41XK0VHMYSF
ETag: "7b9b2666c275fd54fa2196529ed1929e"
Content-Type: text/javascript
Cache-Control: max-age=86400
Accept-Ranges: bytes
Content-Length: 13023
x-amz-id-2: 0clnEUB0WW8Ie0EC465QN6TSNBwPM9tR1/SOJ3uQdPJzmj8N3EiUhLN2NmBVWOgpNwixMZeTqcI=

GET
H3-29 200 locate Show response
tchfunnls.org/ 150 B
1 KB 181ms
181ms XHR
application/json 2606:4700:3031::ac43:da2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tchfunnls.org/locate

Requested by

Host: tchfunnls.org
URL: https://tchfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:da2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

126f29647a5fd666abd70f0bfe4f9a9b972c2e385e09554cf2fea5ffe35f62fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6IjZHbWtha1wvS1wvc1RWS09SekY2WW5Fdz09IiwidmFsdWUiOiJFeFdKMHVtRE1WQXd5UU9qVGZKUkx4VEh0VTRpR0NxdnpYSkVVdGRkWnlhZW9HWGFHRkpwbHdoQTMwZFhuWWl3IiwibWFjIjoiNzA4NzAwMDQ5NWRlMGQwNjk3ZDBlYjE3MmNkYjljODAzNDZjNTZkMTEyMjUyZWQzOWU4MzE0M2QxMDY2Mzg3MiJ9
accept-language: en-US
sec-fetch-dest: empty
cookie: XSRF-TOKEN=eyJpdiI6IjZHbWtha1wvS1wvc1RWS09SekY2WW5Fdz09IiwidmFsdWUiOiJFeFdKMHVtRE1WQXd5UU9qVGZKUkx4VEh0VTRpR0NxdnpYSkVVdGRkWnlhZW9HWGFHRkpwbHdoQTMwZFhuWWl3IiwibWFjIjoiNzA4NzAwMDQ5NWRlMGQwNjk3ZDBlYjE3MmNkYjljODAzNDZjNTZkMTEyMjUyZWQzOWU4MzE0M2QxMDY2Mzg3MiJ9; c=eyJpdiI6IjdvVHZENXRkWlVsd0Rta0FJMXZhQmc9PSIsInZhbHVlIjoid3VVOVRONm5SbkpcL1dscDczSytPdzM1Sm12QysyaXFuVE9CblExTmJxTXJjYmgwSnJmQkpqR2k4eUljcGdCMzgiLCJtYWMiOiJhODAyNDI4ZmM3OWMyYTc2YTlkNjBlNTZhODZiZTRiYzA2OGQ5MjU1NGFjYTgwNDMzNDM1ZmY0MGE1ODRhMjZhIn0%3D; _vwo_uuid_v2=D91AC7FF8FA6AA9A0265947089A921080|02368fb74e7e9362956209b9074a9505
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tchfunnls.org
referer: https://tchfunnls.org/dly1st/?hitid=wrjbtgur9utgccm9il8eae0s&qze=3&aff_sub=IG23&aff_sub2=FTMG_DE_DAILY_DE-SUG-002&aff_sub3=110821&aff_sub4=60efeebff729d90017e8589b&tpsiteid=24220
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tchfunnls.org/dly1st/?hitid=wrjbtgur9utgccm9il8eae0s&qze=3&aff_sub=IG23&aff_sub2=FTMG_DE_DAILY_DE-SUG-002&aff_sub3=110821&aff_sub4=60efeebff729d90017e8589b&tpsiteid=24220
X-XSRF-TOKEN: eyJpdiI6IjZHbWtha1wvS1wvc1RWS09SekY2WW5Fdz09IiwidmFsdWUiOiJFeFdKMHVtRE1WQXd5UU9qVGZKUkx4VEh0VTRpR0NxdnpYSkVVdGRkWnlhZW9HWGFHRkpwbHdoQTMwZFhuWWl3IiwibWFjIjoiNzA4NzAwMDQ5NWRlMGQwNjk3ZDBlYjE3MmNkYjljODAzNDZjNTZkMTEyMjUyZWQzOWU4MzE0M2QxMDY2Mzg3MiJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:56 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3E7GHATzp40p4ALqEKE8uen5KwkMbruz1DZtf2XLcrEzyYzCZ4vba7h9%2Fp0BzLCSCKFn7Wf94ZUecWUdaz%2BY6xIU4w3kvR79tMbhaiZ39QF4Pav9RcbgurmLFSKSjxu90uip6vi%2FuxcUoGSn"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Ikdrc3poQXNOR05yUzlKYkQ0VUh6UUE9PSIsInZhbHVlIjoiZmN6MVVcL0RUMkRMb2tpRlhJMWpTbmIrMVNOK2pDS0ZDbENCMlwvSXg0bTBPOUNUaWN5dzJrUjR5QzN6Y1J2MlBtIiwibWFjIjoiNDBlM2VhMGY1YzMxM2JhOGVkMDJiYmUzOWMwMjVmNWIwODJkYzI3NzI1NGUyOGFiMzc3ZmE0MWE0ZTgzOTE1MCJ9; expires=Wed, 11-Aug-2021 14:21:56 GMT; Max-Age=7200; path=/ c=eyJpdiI6ImcwSXU1RzRRZU5tdXdzanl5M09wQmc9PSIsInZhbHVlIjoiOTFDUENlSHhIakhcL1JLUlVcL2hlTHFiN3FPMGdpZ2Y1a2RPZGVkdFV2ZDh2ZUMwbkJTVkJDeFVITXh2eGpxTVBhIiwibWFjIjoiNzNmNzkxZjZhYTk2YjQwNjYxMDhhNGJhODk4NjgzNWZmYmFmZmI2YmVlNjFlN2Y5NjFjOTJjNTNiNWY1OGJkOSJ9; expires=Wed, 11-Aug-2021 14:21:56 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d334fc42b16-FRA

HEAD
H2 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 45ms
25ms Fetch
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 12:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
etag: 4898024456010196187
vary: Accept-Encoding, Origin
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private, max-age=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:56 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 50ms
14ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 60137db896d17bdac579ef134ac369935daa14352409863160187c31bb21769c

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:21:56 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
542 B 69ms
34ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

b135423f346b6ecac0c289f8541e8ca16e2514b941fd006a1fb877049874190d

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:52 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tchfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
618 B 43ms
14ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:21:56 GMT
Server: nginx/1.19.10
Etag: 31faf6be-1297-441d-8523-7755f1740c5a
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tchfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H2 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 18ms
16ms Image
image/png 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:56 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:56 GMT

GET
H2 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 258ms
256ms Image
image/png 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:56 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:56 GMT

GET
H2 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 18ms
17ms Image
image/png 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:56 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:56 GMT

GET
H2 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 234ms
233ms Image
image/png 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:56 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:56 GMT

GET
H2 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 17ms
16ms Image
image/png 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:56 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:56 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 128 KB
50 KB 40ms
28ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7d88b754fb20a228ccb18fb29e64e1eaf8d8ca55d18373465cdd9e38fb093a0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:56 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51221
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:56 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 4095
date: Wed, 11 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 11 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 47ms
45ms Script
application/javascript 54.192.219.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.13 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ba0f7c8cd1226246385e057da152929c0c7b7868b6a4b64ff6de9537bf8aeb33

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:14 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 42
etag: W/2bfd20973994a2ba4876103e95eba243
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: MRS52-P2
x-amz-cf-id: w-3P0MtgBo_qfXREuJwf2zs6PONEV6AaqWF9Gz10GoiXdOC8IFRiTw==
via: 1.1 ee464261ee466fae8314a91098b35372.cloudfront.net (CloudFront)

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
538 B 14ms
9ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:21:56 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tchfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK 41c39bc1-fcdf-41b6-8c15-227b161f3326
https://tchfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tchfunnls.org/41c39bc1-fcdf-41b6-8c15-227b161f3326
Requested by: Host: tchfunnls.org
URL: https://tchfunnls.org/dly1st/?hitid=wrjbtgur9utgccm9il8eae0s&qze=3&aff_sub=IG23&aff_sub2=FTMG_DE_DAILY_DE-SUG-002&aff_sub3=110821&aff_sub4=60efeebff729d90017e8589b&tpsiteid=24220
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 47ms
18ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tchfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:21:56 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tchfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 15ms
14ms Image
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tchfunnls.org
URL: https://tchfunnls.org/dly1st/?hitid=wrjbtgur9utgccm9il8eae0s&qze=3&aff_sub=IG23&aff_sub2=FTMG_DE_DAILY_DE-SUG-002&aff_sub3=110821&aff_sub4=60efeebff729d90017e8589b&tpsiteid=24220
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tchfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 9ms
8ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.6370090598192755&u=https%3A%2F%2Ftchfunnls.org%2Fdly1st%2F%3Fhitid%3Dwrjbtgur9utgccm9il8eae0s%26qze%3D3%26aff_sub%3DIG23%26aff_sub2%3DFTMG_DE_DAILY_DE-SUG-002%26aff_sub3%3D110821%26aff_sub4%3D60efeebff729d90017e8589b%26tpsiteid%3D24220
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:55 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
538 B 14ms
14ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:21:56 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tchfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 14ms
13ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tchfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:21:56 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tchfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 28ms
13ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=1011958588&t=pageview&_s=1&dl=https%3A%2F%2Ftchfunnls.org%2Fdly1st%2F%3Fhitid%3Dwrjbtgur9utgccm9il8eae0s%26qze%3D3%26aff_sub%3DIG23%26aff_sub2%3DFTMG_DE_DAILY_DE-SUG-002%26aff_sub3%3D110821%26aff_sub4%3D60efeebff729d90017e8589b%26tpsiteid%3D24220&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=59786856&gjid=2050856843&cid=663837010.1628684516&tid=UA-192660002-1&_gid=98560472.1628684516&_r=1&gtm=2wg891MSK8GMG&z=911446512

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:21:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tchfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 14ms
11ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.655770074034058
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:55 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 26ms
25ms Script
application/javascript 54.192.219.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 511431
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 1cfafe71e396134dc106e8c1515876bd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: jmB5u1wyjNp8tEzLmSyl0MYaCsirbXJVXIhp2-s7MBJjr2F3cx70gw==

POST
H3-29 204 collect
www.google-analytics.com/g/ 0
17 B 13ms
13ms Ping
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-Y6C8Y8V9BH&gtm=2oe891&_p=1011958588&sr=1600x1200&ul=en-us&cid=663837010.1628684516&_s=1&dl=https%3A%2F%2Ftchfunnls.org%2Fdly1st%2F%3Fhitid%3Dwrjbtgur9utgccm9il8eae0s%26qze%3D3%26aff_sub%3DIG23%26aff_sub2%3DFTMG_DE_DAILY_DE-SUG-002%26aff_sub3%3D110821%26aff_sub4%3D60efeebff729d90017e8589b%26tpsiteid%3D24220&dt=Daily%20Profit&sid=1628684516&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:21:56 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tchfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 14ms
14ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tchfunnls.org
Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:55 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-133"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
86 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c0a::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-192660002-1&cid=663837010.1628684516&jid=59786856&gjid=2050856843&_gid=98560472.1628684516&_u=YEBAAEAAAAAAAC~&z=1092129393

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 11 Aug 2021 12:21:56 GMT
content-type: text/plain
access-control-allow-origin: https://tchfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js Show response
cdn.pushcrew.com/js/ 248 KB
71 KB 119ms
101ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a74b97179203cf3de9b255635c3927c34791cabfe69261cc8d1235c13315e78

Request headers

Origin: https://tchfunnls.org
Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:56 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Wed, 11 Aug 2021 12:51:56 GMT

POST
H3-29 201 event Show response
tchfunnls.org/ 272 B
1 KB 246ms
246ms XHR
application/json 2606:4700:3031::ac43:da2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tchfunnls.org/event?hitid=wrjbtgur9utgccm9il8eae0s

Requested by

Host: tchfunnls.org
URL: https://tchfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:da2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90bd608ee2a9d4b953634b7a8d652231152773b6721b6af1a01fb167e9b2fc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tchfunnls.org
x-xsrf-token: eyJpdiI6Ikdrc3poQXNOR05yUzlKYkQ0VUh6UUE9PSIsInZhbHVlIjoiZmN6MVVcL0RUMkRMb2tpRlhJMWpTbmIrMVNOK2pDS0ZDbENCMlwvSXg0bTBPOUNUaWN5dzJrUjR5QzN6Y1J2MlBtIiwibWFjIjoiNDBlM2VhMGY1YzMxM2JhOGVkMDJiYmUzOWMwMjVmNWIwODJkYzI3NzI1NGUyOGFiMzc3ZmE0MWE0ZTgzOTE1MCJ9
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D91AC7FF8FA6AA9A0265947089A921080|02368fb74e7e9362956209b9074a9505; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.98560472.1628684516; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684516.1.0.1628684516.0; _ga=GA1.1.663837010.1628684516; XSRF-TOKEN=eyJpdiI6Ikdrc3poQXNOR05yUzlKYkQ0VUh6UUE9PSIsInZhbHVlIjoiZmN6MVVcL0RUMkRMb2tpRlhJMWpTbmIrMVNOK2pDS0ZDbENCMlwvSXg0bTBPOUNUaWN5dzJrUjR5QzN6Y1J2MlBtIiwibWFjIjoiNDBlM2VhMGY1YzMxM2JhOGVkMDJiYmUzOWMwMjVmNWIwODJkYzI3NzI1NGUyOGFiMzc3ZmE0MWE0ZTgzOTE1MCJ9; c=eyJpdiI6ImcwSXU1RzRRZU5tdXdzanl5M09wQmc9PSIsInZhbHVlIjoiOTFDUENlSHhIakhcL1JLUlVcL2hlTHFiN3FPMGdpZ2Y1a2RPZGVkdFV2ZDh2ZUMwbkJTVkJDeFVITXh2eGpxTVBhIiwibWFjIjoiNzNmNzkxZjZhYTk2YjQwNjYxMDhhNGJhODk4NjgzNWZmYmFmZmI2YmVlNjFlN2Y5NjFjOTJjNTNiNWY1OGJkOSJ9
content-length: 188
:path: /event?hitid=wrjbtgur9utgccm9il8eae0s
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tchfunnls.org
referer: https://tchfunnls.org/dly1st/?hitid=wrjbtgur9utgccm9il8eae0s&qze=3&aff_sub=IG23&aff_sub2=FTMG_DE_DAILY_DE-SUG-002&aff_sub3=110821&aff_sub4=60efeebff729d90017e8589b&tpsiteid=24220
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tchfunnls.org/dly1st/?hitid=wrjbtgur9utgccm9il8eae0s&qze=3&aff_sub=IG23&aff_sub2=FTMG_DE_DAILY_DE-SUG-002&aff_sub3=110821&aff_sub4=60efeebff729d90017e8589b&tpsiteid=24220
X-XSRF-TOKEN: eyJpdiI6Ikdrc3poQXNOR05yUzlKYkQ0VUh6UUE9PSIsInZhbHVlIjoiZmN6MVVcL0RUMkRMb2tpRlhJMWpTbmIrMVNOK2pDS0ZDbENCMlwvSXg0bTBPOUNUaWN5dzJrUjR5QzN6Y1J2MlBtIiwibWFjIjoiNDBlM2VhMGY1YzMxM2JhOGVkMDJiYmUzOWMwMjVmNWIwODJkYzI3NzI1NGUyOGFiMzc3ZmE0MWE0ZTgzOTE1MCJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Wed, 11 Aug 2021 12:21:56 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BElQbAOxAdmUddXME1dhFBD0EY4J7DUUUrqqCK8KRLwvWMAyOIn6SqYWeR55tLzCOLKkfaXXHX4QPYHRL5BVKoR6ukYT3pZMldMRl4Jr%2F7vjDRmfEtjHGGMDDYHRcsRTcncsSPuaPk5gQFI0"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tchfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlAySHBlajlWZEM0NGNUSDF5TG92T2c9PSIsInZhbHVlIjoiNmUyZ21oZXEzeDNvckgzWWRFYlV1bFZYMkFraTJSa2g4cTVOWFkxdzliUkFQTVZDTVVFUFhBTFJpZFpXaDhkRSIsIm1hYyI6IjRiZDAyZmVkMDNmMDhmMGIyODZiZDljMDQwN2Q3MzczZjFmYzIzZmNjODkwOGVjNGNhYzY1MmFmOWJkY2YwMGIifQ%3D%3D; expires=Wed, 11-Aug-2021 14:21:56 GMT; Max-Age=7200; path=/ c=eyJpdiI6ImoxWkl6ajQ5VzBqbXEreHNKZmtyeXc9PSIsInZhbHVlIjoiOWtDbDhBS3RLbTkwcWt0Q0hhNWJ2cVV5QjM5blI5dGN1dFhUU2xGeDBCSlVFRHF5SUFhU3JRYUdyRXFBdjgraSIsIm1hYyI6IjU5NmQwYWM0MmI1NDE3OTBiOWM1NzE1OWU4OWZiMzdmNjJmZTExODJhZDA4ZThmNzI2NDYzZTJhOTc5OWZiMGQifQ%3D%3D; expires=Wed, 11-Aug-2021 14:21:56 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d3469e82b16-FRA

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 42ms
40ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-192660002-1&cid=663837010.1628684516&jid=59786856&_u=YEBAAEAAAAAAAC~&z=427951685

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:21:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 29ms
29ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-192660002-1&cid=663837010.1628684516&jid=59786856&_u=YEBAAEAAAAAAAC~&z=427951685

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:21:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame CA94 2 KB
1 KB 25ms
25ms Document
text/html 52.84.45.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.45.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-45-59.mrs52.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tchfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tchfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 03 Jun 2021 10:15:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 03 Jun 2021 10:14:54 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e5c15247ec560744bc8eee50e069c231.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-P1
x-amz-cf-id: gspF6TF_zlFVpUw0mP1ov7VXnQNbhAlxVC4IqS1D4U7De3AvkDyX-A==
age: 5969211

GET
H/1.1 200
OK behaviour
planet2.digital/v1/ 0
0 122ms
50ms Image
application/json 108.128.72.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://planet2.digital/v1/behaviour?type=CLICKER&userId=110821&service=60efeebff729d90017e8589b
Requested by: Host: tchfunnls.org
URL: https://tchfunnls.org/dly1st/?hitid=wrjbtgur9utgccm9il8eae0s&qze=3&aff_sub=IG23&aff_sub2=FTMG_DE_DAILY_DE-SUG-002&aff_sub3=110821&aff_sub4=60efeebff729d90017e8589b&tpsiteid=24220
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.128.72.146 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-72-146.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
598 B 16ms
16ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:21:56 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tchfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 15ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tchfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:21:56 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tchfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H2 200 / Show response
tgfunnls.org/dly1st/ 31 KB
9 KB 428ms
397ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

664009faa2f0135fa1d1cfe72ad90857f3489ac893fe9c5571c5f5242d9f8975

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tchfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tchfunnls.org/

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImJvT09lZ1FMT3RCaG5CU3Vya0ErXC9RPT0iLCJ2YWx1ZSI6Ikg5andsRkhURHpxdnlPVmdwdGlsYzNOZ2NKZ09iV1pMZHBLcGJ6RGVHTGQyKzI4Q3pOZzVBd01rMzc4ODZTR0UiLCJtYWMiOiI5YWE2NzgwMDA0M2ZmYmEzNzAxZTY5ZTJjNjk2OWU1NWU2MjAxYzNjOWVkMDRjODk5MzU3YjRjOTc3OWUzZWYyIn0%3D; expires=Wed, 11-Aug-2021 14:21:57 GMT; Max-Age=7200; path=/ c=eyJpdiI6IitQdGF2RXJKUHRYSXNSYVhmRHA4MHc9PSIsInZhbHVlIjoiM1RiUEJ5WmRaTTlCWVZKYmUxRnptK3ZPZDFGYjZXMVwvWVdiVFFBcHBOaENSYnFKSUk5N2JMNUpzdXY2ZUhWRDMiLCJtYWMiOiI0ZDU0MWY1YjFmMGZjNjI0YTAzZmU4YzcyM2QwMDQ1YjlkMzM1NzM1Y2I2ZTNlMWVkYzU3NDEzNjM0MGU0MTkxIn0%3D; expires=Wed, 11-Aug-2021 14:21:57 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 3
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cbckXDbh%2BBDVabR0J2YPYlsQt9oqyA2WhkO0BbNgd3s8DQ8s7YuAZ%2BF73HIMzg36nEgMgsNw6fAFApp8oPcJjrrF0kOGIHcFps4mCtM%2BTFovYBdzfI6Yt01Mx21Mby95bfNw2sbEUwYHp1A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67d16d371dbbc28b-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
423 B 38ms
13ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tchfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 11 Aug 2021 12:21:56 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tchfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 31ms
13ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6ImJvT09lZ1FMT3RCaG5CU3Vya0ErXC9RPT0iLCJ2YWx1ZSI6Ikg5andsRkhURHpxdnlPVmdwdGlsYzNOZ2NKZ09iV1pMZHBLcGJ6RGVHTGQyKzI4Q3pOZzVBd01rMzc4ODZTR0UiLCJtYWMiOiI5YWE2NzgwMDA0M2ZmYmEzNzAxZTY5ZTJjNjk2OWU1NWU2MjAxYzNjOWVkMDRjODk5MzU3YjRjOTc3OWUzZWYyIn0%3D; c=eyJpdiI6IitQdGF2RXJKUHRYSXNSYVhmRHA4MHc9PSIsInZhbHVlIjoiM1RiUEJ5WmRaTTlCWVZKYmUxRnptK3ZPZDFGYjZXMVwvWVdiVFFBcHBOaENSYnFKSUk5N2JMNUpzdXY2ZUhWRDMiLCJtYWMiOiI0ZDU0MWY1YjFmMGZjNjI0YTAzZmU4YzcyM2QwMDQ1YjlkMzM1NzM1Y2I2ZTNlMWVkYzU3NDEzNjM0MGU0MTkxIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 640
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rE%2BcKYOjAx8SpxKIr4ln%2FxM9UcX4TQONtLg0YDtiIZ64r90xqpc1lH3pgjqM%2Bmud9HMbFa2d6e392zYphhnA4XEiO3DNZ7181wEANC8JPc%2FOATAoW2UBHy0rm6EaOlJyv6QqoJ6algXSxBY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d39bad905fd-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
756 B 31ms
14ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6ImJvT09lZ1FMT3RCaG5CU3Vya0ErXC9RPT0iLCJ2YWx1ZSI6Ikg5andsRkhURHpxdnlPVmdwdGlsYzNOZ2NKZ09iV1pMZHBLcGJ6RGVHTGQyKzI4Q3pOZzVBd01rMzc4ODZTR0UiLCJtYWMiOiI5YWE2NzgwMDA0M2ZmYmEzNzAxZTY5ZTJjNjk2OWU1NWU2MjAxYzNjOWVkMDRjODk5MzU3YjRjOTc3OWUzZWYyIn0%3D; c=eyJpdiI6IitQdGF2RXJKUHRYSXNSYVhmRHA4MHc9PSIsInZhbHVlIjoiM1RiUEJ5WmRaTTlCWVZKYmUxRnptK3ZPZDFGYjZXMVwvWVdiVFFBcHBOaENSYnFKSUk5N2JMNUpzdXY2ZUhWRDMiLCJtYWMiOiI0ZDU0MWY1YjFmMGZjNjI0YTAzZmU4YzcyM2QwMDQ1YjlkMzM1NzM1Y2I2ZTNlMWVkYzU3NDEzNjM0MGU0MTkxIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 640
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J2fToU0XekDOW83rA1mWhkXgFiDXQt3iQ3UuJmREcCBnoi41AeTksePBmaJUDswbi%2FASoo7WRztDqWAYVhDo7ChmXXlnTTCy9dVqgMROjwamSrCzebEN3dhpfvjzaqAceTpjYrT8NIGnYQA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d39badc05fd-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 16ms
15ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf7b-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 15ms
15ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 33ms
27ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7f-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 34ms
27ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd188-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 21ms
16ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6ImJvT09lZ1FMT3RCaG5CU3Vya0ErXC9RPT0iLCJ2YWx1ZSI6Ikg5andsRkhURHpxdnlPVmdwdGlsYzNOZ2NKZ09iV1pMZHBLcGJ6RGVHTGQyKzI4Q3pOZzVBd01rMzc4ODZTR0UiLCJtYWMiOiI5YWE2NzgwMDA0M2ZmYmEzNzAxZTY5ZTJjNjk2OWU1NWU2MjAxYzNjOWVkMDRjODk5MzU3YjRjOTc3OWUzZWYyIn0%3D; c=eyJpdiI6IitQdGF2RXJKUHRYSXNSYVhmRHA4MHc9PSIsInZhbHVlIjoiM1RiUEJ5WmRaTTlCWVZKYmUxRnptK3ZPZDFGYjZXMVwvWVdiVFFBcHBOaENSYnFKSUk5N2JMNUpzdXY2ZUhWRDMiLCJtYWMiOiI0ZDU0MWY1YjFmMGZjNjI0YTAzZmU4YzcyM2QwMDQ1YjlkMzM1NzM1Y2I2ZTNlMWVkYzU3NDEzNjM0MGU0MTkxIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5014
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:27:10 GMT
server: cloudflare
etag: "61113b3e-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H%2F%2BFvmcNM4cNx2XHaNxbqdsOiJVjp3MUC77bJx94ItrrYm4HVmrferWYo4FF%2FhkHDaxaC6S2nUr9qvrJMIpx%2FMyIkk64l2N5U2oLTZNWniWetNOVbAc%2FrxxPPF82sVUbkQ73BdSF7u3J7Rc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d3a2bed05fd-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 34ms
27ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7e-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 34ms
28ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7d-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 34ms
28ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd193-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 35ms
29ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf82-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 35ms
29ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18f-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 36ms
30ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf87-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 36ms
30ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd187-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 37ms
31ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7c-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 38ms
33ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf79-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 39ms
34ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18e-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 39ms
34ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd189-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 39ms
34ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18b-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 39ms
34ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd185-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 39ms
35ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18a-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 40ms
35ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf81-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 40ms
35ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18d-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 23ms
19ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6ImJvT09lZ1FMT3RCaG5CU3Vya0ErXC9RPT0iLCJ2YWx1ZSI6Ikg5andsRkhURHpxdnlPVmdwdGlsYzNOZ2NKZ09iV1pMZHBLcGJ6RGVHTGQyKzI4Q3pOZzVBd01rMzc4ODZTR0UiLCJtYWMiOiI5YWE2NzgwMDA0M2ZmYmEzNzAxZTY5ZTJjNjk2OWU1NWU2MjAxYzNjOWVkMDRjODk5MzU3YjRjOTc3OWUzZWYyIn0%3D; c=eyJpdiI6IitQdGF2RXJKUHRYSXNSYVhmRHA4MHc9PSIsInZhbHVlIjoiM1RiUEJ5WmRaTTlCWVZKYmUxRnptK3ZPZDFGYjZXMVwvWVdiVFFBcHBOaENSYnFKSUk5N2JMNUpzdXY2ZUhWRDMiLCJtYWMiOiI0ZDU0MWY1YjFmMGZjNjI0YTAzZmU4YzcyM2QwMDQ1YjlkMzM1NzM1Y2I2ZTNlMWVkYzU3NDEzNjM0MGU0MTkxIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 640
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2FcOi7GTqSTvRjkFFxOCaCgNzq%2BjaZV%2BvsYf0lIJ43exZSnua%2Fxn%2FIa8lYJidYhMS7%2BDvxLx867%2FqJWIbtEBQkOiVslQBubocTYx%2F9K9X%2FyOjAp67mn8p58L6MuvW9NCWa3wnv8bdJih6iM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67d16d3a2bf205fd-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 10ms
10ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6ImJvT09lZ1FMT3RCaG5CU3Vya0ErXC9RPT0iLCJ2YWx1ZSI6Ikg5andsRkhURHpxdnlPVmdwdGlsYzNOZ2NKZ09iV1pMZHBLcGJ6RGVHTGQyKzI4Q3pOZzVBd01rMzc4ODZTR0UiLCJtYWMiOiI5YWE2NzgwMDA0M2ZmYmEzNzAxZTY5ZTJjNjk2OWU1NWU2MjAxYzNjOWVkMDRjODk5MzU3YjRjOTc3OWUzZWYyIn0%3D; c=eyJpdiI6IitQdGF2RXJKUHRYSXNSYVhmRHA4MHc9PSIsInZhbHVlIjoiM1RiUEJ5WmRaTTlCWVZKYmUxRnptK3ZPZDFGYjZXMVwvWVdiVFFBcHBOaENSYnFKSUk5N2JMNUpzdXY2ZUhWRDMiLCJtYWMiOiI0ZDU0MWY1YjFmMGZjNjI0YTAzZmU4YzcyM2QwMDQ1YjlkMzM1NzM1Y2I2ZTNlMWVkYzU3NDEzNjM0MGU0MTkxIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Aug 2021 12:35:03 GMT
server: cloudflare
etag: W/"610bdaf7-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZbmFOn5qpnzuIeuceptVkxxuPmVZsq%2FMNcs69wfJyAzwTn4xM82Jo438oN3oLKIX6OExuFVSgkdcILyC4j2GYa4LbhuvW8aLPGiHwSQqDWGKD3k%2FQtssjcbOzWcnWgjZ1I8lU%2ByIXaGBUDU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d39db0c05fd-FRA
vary: Accept-Encoding
expires: Fri, 13 Aug 2021 12:21:57 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 15ms
15ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6ImJvT09lZ1FMT3RCaG5CU3Vya0ErXC9RPT0iLCJ2YWx1ZSI6Ikg5andsRkhURHpxdnlPVmdwdGlsYzNOZ2NKZ09iV1pMZHBLcGJ6RGVHTGQyKzI4Q3pOZzVBd01rMzc4ODZTR0UiLCJtYWMiOiI5YWE2NzgwMDA0M2ZmYmEzNzAxZTY5ZTJjNjk2OWU1NWU2MjAxYzNjOWVkMDRjODk5MzU3YjRjOTc3OWUzZWYyIn0%3D; c=eyJpdiI6IitQdGF2RXJKUHRYSXNSYVhmRHA4MHc9PSIsInZhbHVlIjoiM1RiUEJ5WmRaTTlCWVZKYmUxRnptK3ZPZDFGYjZXMVwvWVdiVFFBcHBOaENSYnFKSUk5N2JMNUpzdXY2ZUhWRDMiLCJtYWMiOiI0ZDU0MWY1YjFmMGZjNjI0YTAzZmU4YzcyM2QwMDQ1YjlkMzM1NzM1Y2I2ZTNlMWVkYzU3NDEzNjM0MGU0MTkxIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 640
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: W/"61113bce-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J1RtqEnyDAlwKpcJTWBle1kf8sKLgsjQ7uq7uWFLpU%2B2P097Iec7ueQhs6e%2FwAPVrouU17OxiJyTl2XMNvRVLuLqxU0zrMahZvLHxk28meRzpiFJBO3cO0AD19eQhXmw01cpGquIItenpEU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d39db1705fd-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 31ms
30ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6ImJvT09lZ1FMT3RCaG5CU3Vya0ErXC9RPT0iLCJ2YWx1ZSI6Ikg5andsRkhURHpxdnlPVmdwdGlsYzNOZ2NKZ09iV1pMZHBLcGJ6RGVHTGQyKzI4Q3pOZzVBd01rMzc4ODZTR0UiLCJtYWMiOiI5YWE2NzgwMDA0M2ZmYmEzNzAxZTY5ZTJjNjk2OWU1NWU2MjAxYzNjOWVkMDRjODk5MzU3YjRjOTc3OWUzZWYyIn0%3D; c=eyJpdiI6IitQdGF2RXJKUHRYSXNSYVhmRHA4MHc9PSIsInZhbHVlIjoiM1RiUEJ5WmRaTTlCWVZKYmUxRnptK3ZPZDFGYjZXMVwvWVdiVFFBcHBOaENSYnFKSUk5N2JMNUpzdXY2ZUhWRDMiLCJtYWMiOiI0ZDU0MWY1YjFmMGZjNjI0YTAzZmU4YzcyM2QwMDQ1YjlkMzM1NzM1Y2I2ZTNlMWVkYzU3NDEzNjM0MGU0MTkxIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3890
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F9ZnpHHZ54JVEn5OwfjzDWm6A7FO9sZ14KUSs7r%2Fda9CRW20SlTuquUy%2BG4mwxpQ%2B8CqHdxqkVz6vT1IA1LE6Iov9ppPiAsisCZhmVCXD%2Fxd9XAEaCJxCi7TbVcY2cAx21%2BKgjdDaufzqM0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d39eb4f05fd-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 9ms
9ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf86-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 19ms
15ms Script
text/plain 18.193.146.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.146.82 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-146-82.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:21:57 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 45ms
16ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:21:57 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 35ms
18ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 789421e97c465f7367c2c16bad228afc0d9211d9ff3c949b7ef88b72e9fc30db

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 06 Aug 2021 11:17:33 GMT
server: cloudflare
age: 6658
etag: W/"610d1a4d-97e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JBjr0tVw%2BE0wwKQmzCR8xHoQO2IYLUGvFCpqtbQA2ENFhv0EZTd6K2YrpHvyQzo0t85vyNvX%2Bmpc2syv%2FfyzxqC7Xo3NKVHBEfccqLwe0Fif7NN3CoC2LduXMvGVCXdsTQ7csbX2X0dcebjyVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d3a3c4d2c22-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 111 KB
41 KB 26ms
23ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a162969e2b65a15d2ad5f2f7ae26f9c048df44bc88b9438d33c203ba783b9c01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42027
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 11 Aug 2021 12:21:57 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 40ms
14ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 14ms
10ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.9170685629959145
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: da55b073b9587d6c565f274d2839e4b226707cc9507121e9f79241ce2808e25c

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 12:21:56 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 38ms
35ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx00000000000000491e693-0060df2731-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 38ms
37ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd245-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 33ms
32ms Media
video/mp4 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a44bcc-0060f54e68-141c7b61-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Thu, 11 Aug 2022 18:10:57 GMT

GET
H3-29 200 tag-a511eb58bc7ee0b0cbc6906497418127.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/ 214 KB
61 KB 14ms
12ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.9170685629959145
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: ffef253989420f0b71eec148da3bbe555e1117a9860323b7a39b267bbb62ebe6

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-f354"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62292
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 96ms
94ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D1DFE650AA949B2C07F0C98022E4F4C18&h=03024847324f052f382a923df65b0f51&t=false&r=0.24148323957169437

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:21:56 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H3-29 200 locate Show response
tgfunnls.org/ 141 B
1 KB 238ms
235ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fea97b726590fe4a2287fc338a9ba11f11d1f9f20a68500a2832f2120b7f1856

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6ImJvT09lZ1FMT3RCaG5CU3Vya0ErXC9RPT0iLCJ2YWx1ZSI6Ikg5andsRkhURHpxdnlPVmdwdGlsYzNOZ2NKZ09iV1pMZHBLcGJ6RGVHTGQyKzI4Q3pOZzVBd01rMzc4ODZTR0UiLCJtYWMiOiI5YWE2NzgwMDA0M2ZmYmEzNzAxZTY5ZTJjNjk2OWU1NWU2MjAxYzNjOWVkMDRjODk5MzU3YjRjOTc3OWUzZWYyIn0=
accept-language: en-US
sec-fetch-dest: empty
cookie: XSRF-TOKEN=eyJpdiI6ImJvT09lZ1FMT3RCaG5CU3Vya0ErXC9RPT0iLCJ2YWx1ZSI6Ikg5andsRkhURHpxdnlPVmdwdGlsYzNOZ2NKZ09iV1pMZHBLcGJ6RGVHTGQyKzI4Q3pOZzVBd01rMzc4ODZTR0UiLCJtYWMiOiI5YWE2NzgwMDA0M2ZmYmEzNzAxZTY5ZTJjNjk2OWU1NWU2MjAxYzNjOWVkMDRjODk5MzU3YjRjOTc3OWUzZWYyIn0%3D; c=eyJpdiI6IitQdGF2RXJKUHRYSXNSYVhmRHA4MHc9PSIsInZhbHVlIjoiM1RiUEJ5WmRaTTlCWVZKYmUxRnptK3ZPZDFGYjZXMVwvWVdiVFFBcHBOaENSYnFKSUk5N2JMNUpzdXY2ZUhWRDMiLCJtYWMiOiI0ZDU0MWY1YjFmMGZjNjI0YTAzZmU4YzcyM2QwMDQ1YjlkMzM1NzM1Y2I2ZTNlMWVkYzU3NDEzNjM0MGU0MTkxIn0%3D; _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6ImJvT09lZ1FMT3RCaG5CU3Vya0ErXC9RPT0iLCJ2YWx1ZSI6Ikg5andsRkhURHpxdnlPVmdwdGlsYzNOZ2NKZ09iV1pMZHBLcGJ6RGVHTGQyKzI4Q3pOZzVBd01rMzc4ODZTR0UiLCJtYWMiOiI5YWE2NzgwMDA0M2ZmYmEzNzAxZTY5ZTJjNjk2OWU1NWU2MjAxYzNjOWVkMDRjODk5MzU3YjRjOTc3OWUzZWYyIn0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sb3jeMw5IEwknCFwPk3QC9U3IYXQczzwu1fDGRirFIKL9b%2BGr8d0rhKozWTza6UzBvacimukBN81XujfpA%2FfHgOUR87mDKX2MRLO9uTvfTolPGmSy1k7OFWZeaqZD0blPt41bneunu7C7RM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjErbnZxTFdpYjJXSlwvXC9FeEdwMUhTQT09IiwidmFsdWUiOiJadTZGWlhsbFExZGJcL2IyZ01YUEsxNTVEZ05saExGNzMrMmYzblhMXC95MmFcL0VTUUFxMXlka2RxeEJmcmN5VlwvbSIsIm1hYyI6ImZhYTk2ODY5ZGI1NjQ1M2YyMTE1NDAyNThhZDkxMmViNWIwMjVmNzJmZDBkYzc3ZDg4NmU4OTk3MjlkMjQ2ZTIifQ%3D%3D; expires=Wed, 11-Aug-2021 14:21:57 GMT; Max-Age=7200; path=/ c=eyJpdiI6InBSXC95MDhDcEkzTDlLdWFMeDgxUTlBPT0iLCJ2YWx1ZSI6IkJrTVFcL2tTcnN2bm5mcW91MXZcL3A3ZVYyWW10bnF1ejZyMXkyVWtUdFBHbWQyQTFLSHNDaTRCekxHQWRMY21LeSIsIm1hYyI6IjRhNDdmMmY1NzM3ZGU1ZDRlNThjNzk5M2RlNmZhYWI4YzE0MTc0M2RjN2FjYzhiNWY5MDZiMjY3OTc2ZTJhYTAifQ%3D%3D; expires=Wed, 11-Aug-2021 14:21:57 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d3acd8f05fd-FRA

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 17ms
13ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: XSRF-TOKEN=eyJpdiI6ImJvT09lZ1FMT3RCaG5CU3Vya0ErXC9RPT0iLCJ2YWx1ZSI6Ikg5andsRkhURHpxdnlPVmdwdGlsYzNOZ2NKZ09iV1pMZHBLcGJ6RGVHTGQyKzI4Q3pOZzVBd01rMzc4ODZTR0UiLCJtYWMiOiI5YWE2NzgwMDA0M2ZmYmEzNzAxZTY5ZTJjNjk2OWU1NWU2MjAxYzNjOWVkMDRjODk5MzU3YjRjOTc3OWUzZWYyIn0%3D; c=eyJpdiI6IitQdGF2RXJKUHRYSXNSYVhmRHA4MHc9PSIsInZhbHVlIjoiM1RiUEJ5WmRaTTlCWVZKYmUxRnptK3ZPZDFGYjZXMVwvWVdiVFFBcHBOaENSYnFKSUk5N2JMNUpzdXY2ZUhWRDMiLCJtYWMiOiI0ZDU0MWY1YjFmMGZjNjI0YTAzZmU4YzcyM2QwMDQ1YjlkMzM1NzM1Y2I2ZTNlMWVkYzU3NDEzNjM0MGU0MTkxIn0%3D; _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5474
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: "61113bce-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tOD1Gtp98vyOJiZgYaBxxBzRaZ8RjfOwTAxjCEmEu%2BvAGiCtxgkaR%2B1c82y8xtuJWtqupQNadxWm4zJdFAy5F6MI7xqWm0UwfNuyjBp0cVzGvT0QFGFvDEHEnDlO7PcWwZALnJAGSzOtU%2Bc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d3acd9605fd-FRA

GET
BLOB 200
OK 17b0a5ab-7453-4665-8258-fd8214bf41d5
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/17b0a5ab-7453-4665-8258-fd8214bf41d5
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 64ms
64ms Image
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 73ms
43ms Fetch
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 4898024456010196187
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 11 Aug 2021 12:21:57 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 15ms
14ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 61bf26248b3cb2109762c1062d06225950c38874c22de950169be4f2ffae52eb

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:21:57 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 14ms
13ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

7c3cd89d0a3e3126d91e0147bf8689266944757c96b3acd3e07bcb9e4002f95e

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:53 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 14ms
14ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:21:57 GMT
Server: nginx/1.19.10
Etag: 97f5a637-67a3-46a6-a8d5-6fa97cdad4c7
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 18ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:57 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 20ms
19ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:57 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 16ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:57 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 18ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:57 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 16ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:57 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 128 KB
50 KB 14ms
14ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7d88b754fb20a228ccb18fb29e64e1eaf8d8ca55d18373465cdd9e38fb093a0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51221
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:57 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2723
date: Wed, 11 Aug 2021 11:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 11 Aug 2021 13:36:34 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 26ms
26ms Script
application/javascript 54.192.219.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.13 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ba0f7c8cd1226246385e057da152929c0c7b7868b6a4b64ff6de9537bf8aeb33

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:14 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 43
etag: W/2bfd20973994a2ba4876103e95eba243
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: MRS52-P2
x-amz-cf-id: 8VIa52bnwz5StHtU7ctm1GyWdnmxZT6Vo-c0q0HBHM20ZHMoBuAXhQ==
via: 1.1 ee464261ee466fae8314a91098b35372.cloudfront.net (CloudFront)

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 9ms
8ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.3821298361083465&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 14ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:21:57 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 15ms
15ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:21:57 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 200ms
200ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.28209274771030013
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 15ms
15ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:21:57 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 49ms
37ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:21:57 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=181884420&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&dr=https%3A%2F%2Ftchfunnls.org%2F&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=260761173&gjid=1939283949&cid=668805998.1628684518&tid=UA-192660002-1&_gid=790350928.1628684518&_r=1&gtm=2wg891MSK8GMG&z=1173776215

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:21:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 9ms
9ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-133"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

POST
H3-29 204 collect
www.google-analytics.com/g/ 0
17 B 14ms
13ms Ping
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-Y6C8Y8V9BH&gtm=2oe891&_p=181884420&sr=1600x1200&ul=en-us&cid=668805998.1628684518&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&dr=https%3A%2F%2Ftchfunnls.org%2F&dt=Daily%20Profit&sid=1628684517&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:21:57 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 26ms
25ms Script
application/javascript 54.192.219.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 511432
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 1cfafe71e396134dc106e8c1515876bd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: 0UNkI5j5eVbc9vemcpmd_3_rRdYgCnx3Pfmndf_Y0nafkh_fFe1lig==

POST
H3-29 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 29ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-192660002-1&cid=668805998.1628684518&jid=260761173&gjid=1939283949&_gid=790350928.1628684518&_u=YEBAAEAAAAAAAC~&z=1254578285

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 11 Aug 2021 12:21:57 GMT
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js Show response
cdn.pushcrew.com/js/ 248 KB
70 KB 102ms
101ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a74b97179203cf3de9b255635c3927c34791cabfe69261cc8d1235c13315e78

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Wed, 11 Aug 2021 12:51:57 GMT

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 244ms
243ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6IjErbnZxTFdpYjJXSlwvXC9FeEdwMUhTQT09IiwidmFsdWUiOiJadTZGWlhsbFExZGJcL2IyZ01YUEsxNTVEZ05saExGNzMrMmYzblhMXC95MmFcL0VTUUFxMXlka2RxeEJmcmN5VlwvbSIsIm1hYyI6ImZhYTk2ODY5ZGI1NjQ1M2YyMTE1NDAyNThhZDkxMmViNWIwMjVmNzJmZDBkYzc3ZDg4NmU4OTk3MjlkMjQ2ZTIifQ==
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.0.1628684517.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IjErbnZxTFdpYjJXSlwvXC9FeEdwMUhTQT09IiwidmFsdWUiOiJadTZGWlhsbFExZGJcL2IyZ01YUEsxNTVEZ05saExGNzMrMmYzblhMXC95MmFcL0VTUUFxMXlka2RxeEJmcmN5VlwvbSIsIm1hYyI6ImZhYTk2ODY5ZGI1NjQ1M2YyMTE1NDAyNThhZDkxMmViNWIwMjVmNzJmZDBkYzc3ZDg4NmU4OTk3MjlkMjQ2ZTIifQ%3D%3D; c=eyJpdiI6InBSXC95MDhDcEkzTDlLdWFMeDgxUTlBPT0iLCJ2YWx1ZSI6IkJrTVFcL2tTcnN2bm5mcW91MXZcL3A3ZVYyWW10bnF1ejZyMXkyVWtUdFBHbWQyQTFLSHNDaTRCekxHQWRMY21LeSIsIm1hYyI6IjRhNDdmMmY1NzM3ZGU1ZDRlNThjNzk5M2RlNmZhYWI4YzE0MTc0M2RjN2FjYzhiNWY5MDZiMjY3OTc2ZTJhYTAifQ%3D%3D
content-length: 179
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IjErbnZxTFdpYjJXSlwvXC9FeEdwMUhTQT09IiwidmFsdWUiOiJadTZGWlhsbFExZGJcL2IyZ01YUEsxNTVEZ05saExGNzMrMmYzblhMXC95MmFcL0VTUUFxMXlka2RxeEJmcmN5VlwvbSIsIm1hYyI6ImZhYTk2ODY5ZGI1NjQ1M2YyMTE1NDAyNThhZDkxMmViNWIwMjVmNzJmZDBkYzc3ZDg4NmU4OTk3MjlkMjQ2ZTIifQ==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TJczlQCajMqikC8Lc1ECC6CO6e7Q9y8ehP%2Ffh1GpFU9RtterAyQIjlYW28uAdy%2FVa27R0xkCUE8mZRRU5u%2FTkyib3TSGBy6wFbQ2BaPUh%2BdxrwHdEPl5ij5TMD60x%2B7MnRE%2BqBF7cJ4xCAk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjB5TE13eWFjSlwvK3VKNlo0OFB2SXRBPT0iLCJ2YWx1ZSI6IjlxTHlJbVYyRHpsSjZpUWtEMEI0aU9VSDRXOHllMFEydXVpb21ndHljK1g0a0kyR2hmbTJcL0RTVWRTUW40aGloIiwibWFjIjoiY2FiNzA1ODE1ODdiZTZjZjU1MDVhYmVlMjAzZTRiY2YzNTIxMWFmMzg5MjUxZGFkODA5Mjg3N2NlNzNkYjBmNyJ9; expires=Wed, 11-Aug-2021 14:21:58 GMT; Max-Age=7200; path=/ c=eyJpdiI6Im9YaFdEMlB4MTBvYU1OaFNVbTJyUnc9PSIsInZhbHVlIjoiUGhxR0NrajJ0Z2dwcjF6cnRFYmtrN0pYQ0RoSGFhQWZib21lY3c0Z2c4WTFKYWR2VGxXSG5jWFJlZ1RvZERPMSIsIm1hYyI6ImMzOTVlNTJlYjk3YzI3NWE1YjhhYWM4N2M1MTFmN2ZlYWZiMDY2MWM2ZjY3ZTFlNTc4ZTdmMWQ3YjM1NWI3MDAifQ%3D%3D; expires=Wed, 11-Aug-2021 14:21:58 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d3c49b805fd-FRA

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 30ms
30ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-192660002-1&cid=668805998.1628684518&jid=260761173&_u=YEBAAEAAAAAAAC~&z=503647310

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:21:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.de/ads/ 42 B
63 B 40ms
38ms Image
image/gif 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-192660002-1&cid=668805998.1628684518&jid=260761173&_u=YEBAAEAAAAAAAC~&z=503647310

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:21:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 7BAB 2 KB
1 KB 25ms
24ms Document
text/html 52.84.45.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.45.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-45-59.mrs52.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 03 Jun 2021 10:15:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 03 Jun 2021 10:14:54 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e5c15247ec560744bc8eee50e069c231.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-P1
x-amz-cf-id: vD4Odrc9hwirzjLxEluwYw521583X9OKfPCrBUk734mfmVPDVE7hFg==
age: 5969212

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 16ms
16ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:21:58 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 14ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:21:58 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 16ms
16ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 11 Aug 2021 12:21:58 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 272ms
271ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6146da67324b796c927993ed39b4e4916a36a4d69357b9a410d893ddea763127

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.0.1628684517.0; _ga=GA1.1.668805998.1628684518; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjB5TE13eWFjSlwvK3VKNlo0OFB2SXRBPT0iLCJ2YWx1ZSI6IjlxTHlJbVYyRHpsSjZpUWtEMEI0aU9VSDRXOHllMFEydXVpb21ndHljK1g0a0kyR2hmbTJcL0RTVWRTUW40aGloIiwibWFjIjoiY2FiNzA1ODE1ODdiZTZjZjU1MDVhYmVlMjAzZTRiY2YzNTIxMWFmMzg5MjUxZGFkODA5Mjg3N2NlNzNkYjBmNyJ9; c=eyJpdiI6Im9YaFdEMlB4MTBvYU1OaFNVbTJyUnc9PSIsInZhbHVlIjoiUGhxR0NrajJ0Z2dwcjF6cnRFYmtrN0pYQ0RoSGFhQWZib21lY3c0Z2c4WTFKYWR2VGxXSG5jWFJlZ1RvZERPMSIsIm1hYyI6ImMzOTVlNTJlYjk3YzI3NWE1YjhhYWM4N2M1MTFmN2ZlYWZiMDY2MWM2ZjY3ZTFlNTc4ZTdmMWQ3YjM1NWI3MDAifQ%3D%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImQ5YVN4V1VRanJsVDZ4MUFyelwvc1pRPT0iLCJ2YWx1ZSI6InM3Vjk0WlJqRmlsK3pQZEh0OXM3YWdUZkJXZ3JrYnJ2OG53UytiZmZyaFVNZ09QaTRcL2FmRHpmTzJyYmlQa2FNIiwibWFjIjoiNTczOGEzMDE5MTkwNDAxMGY1MTFkZGFkZjJiMWMyNzk1OTk4YWI0NzI3NjAzZjYzMzJkMTY4YjVmZjc3YThhNCJ9; expires=Wed, 11-Aug-2021 14:21:58 GMT; Max-Age=7200; path=/ c=eyJpdiI6IjFxSDRMbCtMS1d1aU5PMFpTd1wvUUJ3PT0iLCJ2YWx1ZSI6Im1paGZlUXhZNG9vbEJQdGhUVUZVQ1VvQmR2U0NaeThqaWQ5azVia1lNV2ZqZFgzcnFQMG5lZnYrQjNqR0x5RjAiLCJtYWMiOiI3OGUzOGY3Zjc4NGU0OWFkYzIxMWE5YWY4YzZhMzljYTdiMDllMGU4NDcyZjI3ZWU3MDc4ODM0MjIzNDI5NjgwIn0%3D; expires=Wed, 11-Aug-2021 14:21:58 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 3
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xCo2CopJdnMdPMISOFobzfc5iibvb5NDH%2BPLYkrh1Lj1LgN%2FD%2BDMNAAx9ppSrACXNiKKcwjLFQqEZTu9wICib8VCSNZYB504ThhpDfu46ZmPKTh6uUew8iV%2BRS8xFbbofROQqSWRrHC6664%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67d16d3ecfae05fd-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 14ms
13ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.0.1628684517.0; _ga=GA1.1.668805998.1628684518; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6ImQ5YVN4V1VRanJsVDZ4MUFyelwvc1pRPT0iLCJ2YWx1ZSI6InM3Vjk0WlJqRmlsK3pQZEh0OXM3YWdUZkJXZ3JrYnJ2OG53UytiZmZyaFVNZ09QaTRcL2FmRHpmTzJyYmlQa2FNIiwibWFjIjoiNTczOGEzMDE5MTkwNDAxMGY1MTFkZGFkZjJiMWMyNzk1OTk4YWI0NzI3NjAzZjYzMzJkMTY4YjVmZjc3YThhNCJ9; c=eyJpdiI6IjFxSDRMbCtMS1d1aU5PMFpTd1wvUUJ3PT0iLCJ2YWx1ZSI6Im1paGZlUXhZNG9vbEJQdGhUVUZVQ1VvQmR2U0NaeThqaWQ5azVia1lNV2ZqZFgzcnFQMG5lZnYrQjNqR0x5RjAiLCJtYWMiOiI3OGUzOGY3Zjc4NGU0OWFkYzIxMWE5YWY4YzZhMzljYTdiMDllMGU4NDcyZjI3ZWU3MDc4ODM0MjIzNDI5NjgwIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 641
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wglJzOaURn9adwv58fGPxiP4htC3%2B0XtfYfWW8OfGTZcMlukKSQZdjLB%2BkEQRtscb3q%2FxbeiAL8tB9nDotO6L5H149NIQDC9aNUEibTOfOla%2FP3lJZM9VKSxWzSenNH0IjbqGt9VKlVQ51E%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d408bd105fd-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
758 B 30ms
29ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.0.1628684517.0; _ga=GA1.1.668805998.1628684518; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6ImQ5YVN4V1VRanJsVDZ4MUFyelwvc1pRPT0iLCJ2YWx1ZSI6InM3Vjk0WlJqRmlsK3pQZEh0OXM3YWdUZkJXZ3JrYnJ2OG53UytiZmZyaFVNZ09QaTRcL2FmRHpmTzJyYmlQa2FNIiwibWFjIjoiNTczOGEzMDE5MTkwNDAxMGY1MTFkZGFkZjJiMWMyNzk1OTk4YWI0NzI3NjAzZjYzMzJkMTY4YjVmZjc3YThhNCJ9; c=eyJpdiI6IjFxSDRMbCtMS1d1aU5PMFpTd1wvUUJ3PT0iLCJ2YWx1ZSI6Im1paGZlUXhZNG9vbEJQdGhUVUZVQ1VvQmR2U0NaeThqaWQ5azVia1lNV2ZqZFgzcnFQMG5lZnYrQjNqR0x5RjAiLCJtYWMiOiI3OGUzOGY3Zjc4NGU0OWFkYzIxMWE5YWY4YzZhMzljYTdiMDllMGU4NDcyZjI3ZWU3MDc4ODM0MjIzNDI5NjgwIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 641
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p3LQW6f1ucU31DjSajwnGhs0LogdONcpsueHBmAq6hAFFO09KUxMzJJLOlaQuD2k1gSK9KyK2yaW8O%2FshWlPjz2PU%2FoL9y1IIHIQOzOkKVe8dUIrXv8latakk90qJmWkVuuhqTnmXX9OjB4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d408bd505fd-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 7ms
7ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf7b-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 16ms
16ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 32ms
27ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7f-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 32ms
27ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd188-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 19ms
15ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.0.1628684517.0; _ga=GA1.1.668805998.1628684518; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6ImQ5YVN4V1VRanJsVDZ4MUFyelwvc1pRPT0iLCJ2YWx1ZSI6InM3Vjk0WlJqRmlsK3pQZEh0OXM3YWdUZkJXZ3JrYnJ2OG53UytiZmZyaFVNZ09QaTRcL2FmRHpmTzJyYmlQa2FNIiwibWFjIjoiNTczOGEzMDE5MTkwNDAxMGY1MTFkZGFkZjJiMWMyNzk1OTk4YWI0NzI3NjAzZjYzMzJkMTY4YjVmZjc3YThhNCJ9; c=eyJpdiI6IjFxSDRMbCtMS1d1aU5PMFpTd1wvUUJ3PT0iLCJ2YWx1ZSI6Im1paGZlUXhZNG9vbEJQdGhUVUZVQ1VvQmR2U0NaeThqaWQ5azVia1lNV2ZqZFgzcnFQMG5lZnYrQjNqR0x5RjAiLCJtYWMiOiI3OGUzOGY3Zjc4NGU0OWFkYzIxMWE5YWY4YzZhMzljYTdiMDllMGU4NDcyZjI3ZWU3MDc4ODM0MjIzNDI5NjgwIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5015
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:27:10 GMT
server: cloudflare
etag: "61113b3e-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BRBIwrWcsxghPoiEW4oZVf26ktvnBCSXxaIEBKcwk2ewLRxMzVQUPnRKLC8NsNXbC9KhlPqaC4n01KBXqn%2B%2Fd9WQdALWWAgSVXzr%2FtdcHYPYMWHvwCZnkExkQKUS7NqSFR0pSnP%2BRgD2qx8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d410cef05fd-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 32ms
27ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7e-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 33ms
27ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7d-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 33ms
28ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd193-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 33ms
28ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf82-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 33ms
28ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18f-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 34ms
29ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf87-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 34ms
30ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd187-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 35ms
30ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7c-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 36ms
31ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf79-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 37ms
33ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18e-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 37ms
33ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd189-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 37ms
33ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18b-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 37ms
33ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd185-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 37ms
33ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18a-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 37ms
34ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf81-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 38ms
34ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18d-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 16ms
13ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.0.1628684517.0; _ga=GA1.1.668805998.1628684518; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6ImQ5YVN4V1VRanJsVDZ4MUFyelwvc1pRPT0iLCJ2YWx1ZSI6InM3Vjk0WlJqRmlsK3pQZEh0OXM3YWdUZkJXZ3JrYnJ2OG53UytiZmZyaFVNZ09QaTRcL2FmRHpmTzJyYmlQa2FNIiwibWFjIjoiNTczOGEzMDE5MTkwNDAxMGY1MTFkZGFkZjJiMWMyNzk1OTk4YWI0NzI3NjAzZjYzMzJkMTY4YjVmZjc3YThhNCJ9; c=eyJpdiI6IjFxSDRMbCtMS1d1aU5PMFpTd1wvUUJ3PT0iLCJ2YWx1ZSI6Im1paGZlUXhZNG9vbEJQdGhUVUZVQ1VvQmR2U0NaeThqaWQ5azVia1lNV2ZqZFgzcnFQMG5lZnYrQjNqR0x5RjAiLCJtYWMiOiI3OGUzOGY3Zjc4NGU0OWFkYzIxMWE5YWY4YzZhMzljYTdiMDllMGU4NDcyZjI3ZWU3MDc4ODM0MjIzNDI5NjgwIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 641
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=grU1DI1c0NM%2BtjIhwbEoeS%2BpT6o48uFy808Wi88%2BGCrRgRzoXvyDmJ19lg0GGA6bXfsoPcAlqywLrluLuSe0649V3U3xx%2Fcx4pKgeDyvUVssKCFwc2zVQlW13jlYi4HhBYC7Oy9lpER6Cl8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67d16d410cf605fd-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 8ms
8ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.0.1628684517.0; _ga=GA1.1.668805998.1628684518; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6ImQ5YVN4V1VRanJsVDZ4MUFyelwvc1pRPT0iLCJ2YWx1ZSI6InM3Vjk0WlJqRmlsK3pQZEh0OXM3YWdUZkJXZ3JrYnJ2OG53UytiZmZyaFVNZ09QaTRcL2FmRHpmTzJyYmlQa2FNIiwibWFjIjoiNTczOGEzMDE5MTkwNDAxMGY1MTFkZGFkZjJiMWMyNzk1OTk4YWI0NzI3NjAzZjYzMzJkMTY4YjVmZjc3YThhNCJ9; c=eyJpdiI6IjFxSDRMbCtMS1d1aU5PMFpTd1wvUUJ3PT0iLCJ2YWx1ZSI6Im1paGZlUXhZNG9vbEJQdGhUVUZVQ1VvQmR2U0NaeThqaWQ5azVia1lNV2ZqZFgzcnFQMG5lZnYrQjNqR0x5RjAiLCJtYWMiOiI3OGUzOGY3Zjc4NGU0OWFkYzIxMWE5YWY4YzZhMzljYTdiMDllMGU4NDcyZjI3ZWU3MDc4ODM0MjIzNDI5NjgwIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Aug 2021 12:35:03 GMT
server: cloudflare
etag: W/"610bdaf7-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zoIuvWMTQ8Ut%2Ff3n%2FTekqqxei%2FBOBNxtUW3y%2Ft03oqtHNSSj4xcZ876JGEoMcJM389nFW%2FQGzlU53LA5qFiokY0HQ%2FkaGCFaCgHp6GPTL7zqlvTtjo6CVoVOhfi7z9XzZ%2BEMfhj8BkSTZ%2FQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d40ac0505fd-FRA
vary: Accept-Encoding
expires: Fri, 13 Aug 2021 12:21:58 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 20ms
20ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.0.1628684517.0; _ga=GA1.1.668805998.1628684518; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6ImQ5YVN4V1VRanJsVDZ4MUFyelwvc1pRPT0iLCJ2YWx1ZSI6InM3Vjk0WlJqRmlsK3pQZEh0OXM3YWdUZkJXZ3JrYnJ2OG53UytiZmZyaFVNZ09QaTRcL2FmRHpmTzJyYmlQa2FNIiwibWFjIjoiNTczOGEzMDE5MTkwNDAxMGY1MTFkZGFkZjJiMWMyNzk1OTk4YWI0NzI3NjAzZjYzMzJkMTY4YjVmZjc3YThhNCJ9; c=eyJpdiI6IjFxSDRMbCtMS1d1aU5PMFpTd1wvUUJ3PT0iLCJ2YWx1ZSI6Im1paGZlUXhZNG9vbEJQdGhUVUZVQ1VvQmR2U0NaeThqaWQ5azVia1lNV2ZqZFgzcnFQMG5lZnYrQjNqR0x5RjAiLCJtYWMiOiI3OGUzOGY3Zjc4NGU0OWFkYzIxMWE5YWY4YzZhMzljYTdiMDllMGU4NDcyZjI3ZWU3MDc4ODM0MjIzNDI5NjgwIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 641
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: W/"61113bce-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wQ2fJPVP%2Fc9gtMwDon0iLr8KSu3K2hDM2xtRe4haz3GruM2AID7SQswsjnTtaj%2FNgWOpCCYHVoEBN7cImwUWNHxVByy8%2BQWrix5d3wlG1YQy5IcbTFRQjOoS3mPBXuJdidqEEeaFGcRe%2BvE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d40bc2705fd-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 33ms
33ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.0.1628684517.0; _ga=GA1.1.668805998.1628684518; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6ImQ5YVN4V1VRanJsVDZ4MUFyelwvc1pRPT0iLCJ2YWx1ZSI6InM3Vjk0WlJqRmlsK3pQZEh0OXM3YWdUZkJXZ3JrYnJ2OG53UytiZmZyaFVNZ09QaTRcL2FmRHpmTzJyYmlQa2FNIiwibWFjIjoiNTczOGEzMDE5MTkwNDAxMGY1MTFkZGFkZjJiMWMyNzk1OTk4YWI0NzI3NjAzZjYzMzJkMTY4YjVmZjc3YThhNCJ9; c=eyJpdiI6IjFxSDRMbCtMS1d1aU5PMFpTd1wvUUJ3PT0iLCJ2YWx1ZSI6Im1paGZlUXhZNG9vbEJQdGhUVUZVQ1VvQmR2U0NaeThqaWQ5azVia1lNV2ZqZFgzcnFQMG5lZnYrQjNqR0x5RjAiLCJtYWMiOiI3OGUzOGY3Zjc4NGU0OWFkYzIxMWE5YWY4YzZhMzljYTdiMDllMGU4NDcyZjI3ZWU3MDc4ODM0MjIzNDI5NjgwIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3891
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zTJpXPMyz43%2BQl0XcSkiLG1DLLUML7hbgkYd%2B9ENbgXPcSK6pij%2FrAc6NUesX88ltWZGfQryHNr%2Fsoz06nsQ5b5CPOVXVhr1sjsL03Ku6jPvZ7%2BlodFMd71L0uuWXVPzoHcEqQLFGCATD3A%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d40cc4105fd-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 15ms
15ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf86-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
635 B 17ms
15ms Script
text/plain 18.193.146.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.146.82 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-146-82.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:21:58 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 43ms
15ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:21:58 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 37ms
35ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 789421e97c465f7367c2c16bad228afc0d9211d9ff3c949b7ef88b72e9fc30db

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 06 Aug 2021 11:17:33 GMT
server: cloudflare
age: 6659
etag: W/"610d1a4d-97e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uM3vrMEpriSCHRMDLuATW7wOVmnsX0cLdBregKIPBrjI00FCLaSvoj36xIMVJTgMMOXs3JxzQTmLJ3wFJf2FdWI9p5xs7hfLZYknROzC%2Bt2YS57OAC0SxVOANu1dxkaYs0%2Bka4nX6%2BglQLxUCA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d410b352c22-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 111 KB
41 KB 19ms
17ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

abf5e420544cdc91fec5600e8fac1b07f6fd02f69671fa214259ad6518213358

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42029
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 11 Aug 2021 12:21:58 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 42ms
15ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 11ms
9ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.42659849803270977
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 2bbe835453082e266eca2523c54237f88dce578da6bebf48f7ca4a881543d194

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 12:21:57 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 34ms
34ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx00000000000000491e693-0060df2731-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 34ms
34ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd245-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 31ms
30ms Media
video/mp4 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a44bcc-0060f54e68-141c7b61-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Thu, 11 Aug 2022 18:10:58 GMT

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 18ms
18ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.0.1628684517.0; _ga=GA1.1.668805998.1628684518; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6ImQ5YVN4V1VRanJsVDZ4MUFyelwvc1pRPT0iLCJ2YWx1ZSI6InM3Vjk0WlJqRmlsK3pQZEh0OXM3YWdUZkJXZ3JrYnJ2OG53UytiZmZyaFVNZ09QaTRcL2FmRHpmTzJyYmlQa2FNIiwibWFjIjoiNTczOGEzMDE5MTkwNDAxMGY1MTFkZGFkZjJiMWMyNzk1OTk4YWI0NzI3NjAzZjYzMzJkMTY4YjVmZjc3YThhNCJ9; c=eyJpdiI6IjFxSDRMbCtMS1d1aU5PMFpTd1wvUUJ3PT0iLCJ2YWx1ZSI6Im1paGZlUXhZNG9vbEJQdGhUVUZVQ1VvQmR2U0NaeThqaWQ5azVia1lNV2ZqZFgzcnFQMG5lZnYrQjNqR0x5RjAiLCJtYWMiOiI3OGUzOGY3Zjc4NGU0OWFkYzIxMWE5YWY4YzZhMzljYTdiMDllMGU4NDcyZjI3ZWU3MDc4ODM0MjIzNDI5NjgwIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5475
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: "61113bce-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m5x2Evk%2FZQ5y4d5N%2BvjIMvqKdY90JESrsLC7ZTS0zeUevqdpYzGcA9JatY0Pzk1qSHAnUmJpXm4YrqmNtd3RBvhPysltnyjpMlO2I5m78KejKv3olES%2FWO4KIfMbE%2B%2BmivZiawCTkrqFPT0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d414d8005fd-FRA

GET
H3-29 200 tag-a511eb58bc7ee0b0cbc6906497418127.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/ 214 KB
61 KB 52ms
51ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.42659849803270977
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: ffef253989420f0b71eec148da3bbe555e1117a9860323b7a39b267bbb62ebe6

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-f354"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62292
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 95ms
94ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D1DFE650AA949B2C07F0C98022E4F4C18&h=03024847324f052f382a923df65b0f51&t=false&r=0.05835563526211973

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:21:58 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 26ms
26ms Fetch
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 4898024456010196187
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 11 Aug 2021 12:21:58 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 16ms
15ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 22a382cb500dc5fe42ea9087d5ae28123ea363a1b8a9613589f2a3a8025f6bb0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:21:58 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 14ms
14ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e133680bb9e5b80270794d6125ddfbfe93c5cfb8f8b3685b6522b059d71c032c

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:54 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 20ms
20ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:21:58 GMT
Server: nginx/1.19.10
Etag: 103497b9-f661-4927-b487-72b85f15ee90
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 28ms
27ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:58 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 20ms
19ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:58 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 21ms
20ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:58 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 23ms
22ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:58 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 19ms
19ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:58 GMT

GET
H3-29 200 locate Show response
tgfunnls.org/ 150 B
1 KB 256ms
256ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

126f29647a5fd666abd70f0bfe4f9a9b972c2e385e09554cf2fea5ffe35f62fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6ImQ5YVN4V1VRanJsVDZ4MUFyelwvc1pRPT0iLCJ2YWx1ZSI6InM3Vjk0WlJqRmlsK3pQZEh0OXM3YWdUZkJXZ3JrYnJ2OG53UytiZmZyaFVNZ09QaTRcL2FmRHpmTzJyYmlQa2FNIiwibWFjIjoiNTczOGEzMDE5MTkwNDAxMGY1MTFkZGFkZjJiMWMyNzk1OTk4YWI0NzI3NjAzZjYzMzJkMTY4YjVmZjc3YThhNCJ9
accept-language: en-US
sec-fetch-dest: empty
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.0.1628684517.0; _ga=GA1.1.668805998.1628684518; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6ImQ5YVN4V1VRanJsVDZ4MUFyelwvc1pRPT0iLCJ2YWx1ZSI6InM3Vjk0WlJqRmlsK3pQZEh0OXM3YWdUZkJXZ3JrYnJ2OG53UytiZmZyaFVNZ09QaTRcL2FmRHpmTzJyYmlQa2FNIiwibWFjIjoiNTczOGEzMDE5MTkwNDAxMGY1MTFkZGFkZjJiMWMyNzk1OTk4YWI0NzI3NjAzZjYzMzJkMTY4YjVmZjc3YThhNCJ9; c=eyJpdiI6IjFxSDRMbCtMS1d1aU5PMFpTd1wvUUJ3PT0iLCJ2YWx1ZSI6Im1paGZlUXhZNG9vbEJQdGhUVUZVQ1VvQmR2U0NaeThqaWQ5azVia1lNV2ZqZFgzcnFQMG5lZnYrQjNqR0x5RjAiLCJtYWMiOiI3OGUzOGY3Zjc4NGU0OWFkYzIxMWE5YWY4YzZhMzljYTdiMDllMGU4NDcyZjI3ZWU3MDc4ODM0MjIzNDI5NjgwIn0%3D
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6ImQ5YVN4V1VRanJsVDZ4MUFyelwvc1pRPT0iLCJ2YWx1ZSI6InM3Vjk0WlJqRmlsK3pQZEh0OXM3YWdUZkJXZ3JrYnJ2OG53UytiZmZyaFVNZ09QaTRcL2FmRHpmTzJyYmlQa2FNIiwibWFjIjoiNTczOGEzMDE5MTkwNDAxMGY1MTFkZGFkZjJiMWMyNzk1OTk4YWI0NzI3NjAzZjYzMzJkMTY4YjVmZjc3YThhNCJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LcndU82A6%2FxyrbIVqTdBQps4LJomhGsr%2B7YAeDxKKmR%2FkeGsQ%2F1ZgTDPusjUQOr8DVEAMiCQE%2F8QIsmoNY3nMR6jDqgra211Uf9Hij1YZFVvB9WOTcCGGdVSExdKOeh%2BNeV0nVU8osK%2FNno%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlRnVDY4dE5QeDVPdDZEZmtuR3BwdkE9PSIsInZhbHVlIjoiQnpPOTFNcU50UDZXRjNHd09OQjVtb08zTDNFUEZvbnVZRThCRFVieDhYYmRsSW5UZU5VZTJDbVBuT2tTZzBTdyIsIm1hYyI6IjZiNTA4YTBlMDRkNmE1OTVhOTJiMjk0NTc2OTg5MTg1ZDM3ZjAwMTRiMDMyZmZiMDI0ZDhjOWFjNjYyYzRhNjcifQ%3D%3D; expires=Wed, 11-Aug-2021 14:21:58 GMT; Max-Age=7200; path=/ c=eyJpdiI6IlNPclFoaHMybDZRUHNlbGNuK2RKbWc9PSIsInZhbHVlIjoiMVwvUGJtRWd2Q0dLTDk5MjUzbGdnQ2FCb3FhdWVHaVFyR0VTeEpUOGU1cXVsWUhweVVLSUJSV3pJMnFobVJ4XC9aIiwibWFjIjoiZmJmNTE3Y2RmNDM5NzYyYThiMGJjNWFiZWQwNzcxYzRjNzU5ZDMwMjc2MmMyNmQzYmIyODc2Yjc0OTNiZGVkZCJ9; expires=Wed, 11-Aug-2021 14:21:58 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d419e3e05fd-FRA

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 14ms
13ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:21:58 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 15ms
14ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:21:58 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK a63340b5-42b0-4421-9b50-34cc3e4b5a57
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/a63340b5-42b0-4421-9b50-34cc3e4b5a57
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 128 KB
50 KB 25ms
25ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

83add8f2876c91da2376e2509a11340df8549054c6fc89713fe3261c67be55cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51299
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:58 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2724
date: Wed, 11 Aug 2021 11:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 11 Aug 2021 13:36:34 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 25ms
24ms Script
application/javascript 54.192.219.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.13 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ba0f7c8cd1226246385e057da152929c0c7b7868b6a4b64ff6de9537bf8aeb33

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:14 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 44
etag: W/2bfd20973994a2ba4876103e95eba243
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: MRS52-P2
x-amz-cf-id: aV2wLADJ-vF_-bxNKIke7yCRko7QgxxzG1OxPfLVDUrK95j7pkz52A==
via: 1.1 ee464261ee466fae8314a91098b35372.cloudfront.net (CloudFront)

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 26ms
26ms Image
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 15ms
14ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:21:58 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 27ms
27ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:21:58 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 9ms
9ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.5872910206808191&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=796929578&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=668805998.1628684518&tid=UA-192660002-1&_gid=790350928.1628684518&gtm=2wg891MSK8GMG&z=2021912330

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Aug 2021 20:58:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 55408
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 25ms
24ms Script
application/javascript 54.192.219.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 511433
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 1cfafe71e396134dc106e8c1515876bd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: 9GvDwmdltHsuQvbM6vTkYjG5I65KB2Z1wvy_Nm-Kxj-YX5kc57Mxdg==

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 8ms
8ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.8928634141525362
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 8ms
8ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-133"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js Show response
cdn.pushcrew.com/js/ 248 KB
70 KB 103ms
103ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a74b97179203cf3de9b255635c3927c34791cabfe69261cc8d1235c13315e78

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Wed, 11 Aug 2021 12:51:58 GMT

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 34DF 2 KB
1 KB 25ms
24ms Document
text/html 52.84.45.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.45.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-45-59.mrs52.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 03 Jun 2021 10:15:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 03 Jun 2021 10:14:54 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e5c15247ec560744bc8eee50e069c231.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-P1
x-amz-cf-id: ct8n4kyo0xOYlYirVCBTcU5Cd70coxvtQGgFHZCHMpAM2HnQQmpK8w==
age: 5969213

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 245ms
244ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6IlRnVDY4dE5QeDVPdDZEZmtuR3BwdkE9PSIsInZhbHVlIjoiQnpPOTFNcU50UDZXRjNHd09OQjVtb08zTDNFUEZvbnVZRThCRFVieDhYYmRsSW5UZU5VZTJDbVBuT2tTZzBTdyIsIm1hYyI6IjZiNTA4YTBlMDRkNmE1OTVhOTJiMjk0NTc2OTg5MTg1ZDM3ZjAwMTRiMDMyZmZiMDI0ZDhjOWFjNjYyYzRhNjcifQ==
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684518.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlRnVDY4dE5QeDVPdDZEZmtuR3BwdkE9PSIsInZhbHVlIjoiQnpPOTFNcU50UDZXRjNHd09OQjVtb08zTDNFUEZvbnVZRThCRFVieDhYYmRsSW5UZU5VZTJDbVBuT2tTZzBTdyIsIm1hYyI6IjZiNTA4YTBlMDRkNmE1OTVhOTJiMjk0NTc2OTg5MTg1ZDM3ZjAwMTRiMDMyZmZiMDI0ZDhjOWFjNjYyYzRhNjcifQ%3D%3D; c=eyJpdiI6IlNPclFoaHMybDZRUHNlbGNuK2RKbWc9PSIsInZhbHVlIjoiMVwvUGJtRWd2Q0dLTDk5MjUzbGdnQ2FCb3FhdWVHaVFyR0VTeEpUOGU1cXVsWUhweVVLSUJSV3pJMnFobVJ4XC9aIiwibWFjIjoiZmJmNTE3Y2RmNDM5NzYyYThiMGJjNWFiZWQwNzcxYzRjNzU5ZDMwMjc2MmMyNmQzYmIyODc2Yjc0OTNiZGVkZCJ9
content-length: 188
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IlRnVDY4dE5QeDVPdDZEZmtuR3BwdkE9PSIsInZhbHVlIjoiQnpPOTFNcU50UDZXRjNHd09OQjVtb08zTDNFUEZvbnVZRThCRFVieDhYYmRsSW5UZU5VZTJDbVBuT2tTZzBTdyIsIm1hYyI6IjZiNTA4YTBlMDRkNmE1OTVhOTJiMjk0NTc2OTg5MTg1ZDM3ZjAwMTRiMDMyZmZiMDI0ZDhjOWFjNjYyYzRhNjcifQ==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lG2wK17Z8MTPWwR9rD4ilsrv5JzEXB%2FpuH49RiIefC7xN1JWCkp51%2B9XxKxqkRzJKA5NzlwSTaJkUJNt8GNQjBf6RDA9SxEt0eLMv7xR6ci6YJ8BKFGlqtE6iL7GJz04OYFvLeR46R22QEg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImpRcnduS3lad3ZBc2RoOEoyOFdxNlE9PSIsInZhbHVlIjoibzFoN1FFNEljeWErTTM0bERzRUszT0xDaW5vRnI5Z2dsOXdlMXFKXC9TVWprbTBJaTFadXVHSjM3WVpBRU5pWTQiLCJtYWMiOiI1NzUxMzg4MWQ0YzhiNzNjZTg3ZTM2ZGYxNmQxODA5MjdkZTc5Yzk0MjA2MzE0NWUyMDMzN2JkMjQ3ZjFjNGM0In0%3D; expires=Wed, 11-Aug-2021 14:21:59 GMT; Max-Age=7200; path=/ c=eyJpdiI6IklzamVpaWN1d2ZmSGdcL1J4VU01eTBRPT0iLCJ2YWx1ZSI6ImpoSVA3K0xkZ3JhWmo0bTVyWE9IQmgzNkN1YTBzOWhhU0ZOK1wvTXBoSlZcL3Fvc3k1UTlhUWpmTHA4RHVhVEdRYSIsIm1hYyI6ImZjMTBiNjhhZjQwM2JhMmM2ZjkxZTA0ZmQ2MmY3NjNmZDYxYjYxZDRiMTRmYzg4OTZmOTcwZTY1NTUzYzFlZmEifQ%3D%3D; expires=Wed, 11-Aug-2021 14:21:59 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d4339c505fd-FRA

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 18ms
17ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:21:59 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 15ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:21:59 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 13ms
13ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 11 Aug 2021 12:21:59 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 306ms
305ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

296592c526a53f5552436abe1ad9218c97bad8940da91c06679f662252610856

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684518.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImpRcnduS3lad3ZBc2RoOEoyOFdxNlE9PSIsInZhbHVlIjoibzFoN1FFNEljeWErTTM0bERzRUszT0xDaW5vRnI5Z2dsOXdlMXFKXC9TVWprbTBJaTFadXVHSjM3WVpBRU5pWTQiLCJtYWMiOiI1NzUxMzg4MWQ0YzhiNzNjZTg3ZTM2ZGYxNmQxODA5MjdkZTc5Yzk0MjA2MzE0NWUyMDMzN2JkMjQ3ZjFjNGM0In0%3D; c=eyJpdiI6IklzamVpaWN1d2ZmSGdcL1J4VU01eTBRPT0iLCJ2YWx1ZSI6ImpoSVA3K0xkZ3JhWmo0bTVyWE9IQmgzNkN1YTBzOWhhU0ZOK1wvTXBoSlZcL3Fvc3k1UTlhUWpmTHA4RHVhVEdRYSIsIm1hYyI6ImZjMTBiNjhhZjQwM2JhMmM2ZjkxZTA0ZmQ2MmY3NjNmZDYxYjYxZDRiMTRmYzg4OTZmOTcwZTY1NTUzYzFlZmEifQ%3D%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IkxxME9kdGNLOE9Ia0FrUzdcL0wzV1FRPT0iLCJ2YWx1ZSI6IjFtd1lsUjYzNE8zaEVIdjNaNmE4WVdvSE1zZHlVTkoyakt4UlNFSlhXK3hjM2w0K1J2Z0JKRytxa1ZWZWh2TG0iLCJtYWMiOiJkNDM5ZTVmN2ZiMGRjYWI0ODQ1NGQ1YThkNGI0ZDY4ZjZhOTUyNDljZDU4OWM3ZmJkNjRlMGZiZDA0OWFkNzQzIn0%3D; expires=Wed, 11-Aug-2021 14:21:59 GMT; Max-Age=7200; path=/ c=eyJpdiI6InQrdVZJOXZ5WWxqTTBLRDBYMDl4c3c9PSIsInZhbHVlIjoiU08wak1lTlFnMUtoMkFRRjFWQWVaTGl2ZVlNb1wvYnJpSG40UmhreEdLaDR1UVNONnI1VDVxYTZcL0wwdThxZmRSIiwibWFjIjoiZjI3NTQwZDZjMmU3MjZjMGYyNDg0YzUwNTdjZTVkODg3NjVmNzMzM2U2NWE5NmQ3NDhjNDQwMDQ4YzAzYjIzZCJ9; expires=Wed, 11-Aug-2021 14:21:59 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 2
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BNjR3hLLmsDUO0wE2Usl%2BLX8ZV4LYISfgpKnwYKz97ccvcnFJLF9ik5xuYXHDWfs0Jl3ViQv99W32wjcijHiAw%2FCFeOBIMK31h5KbrewL%2BTs05IGQBE4vdJTqFSHlvo%2BzLCh3rlwTrsX5r4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67d16d44ed6805fd-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 15ms
14ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684518.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IkxxME9kdGNLOE9Ia0FrUzdcL0wzV1FRPT0iLCJ2YWx1ZSI6IjFtd1lsUjYzNE8zaEVIdjNaNmE4WVdvSE1zZHlVTkoyakt4UlNFSlhXK3hjM2w0K1J2Z0JKRytxa1ZWZWh2TG0iLCJtYWMiOiJkNDM5ZTVmN2ZiMGRjYWI0ODQ1NGQ1YThkNGI0ZDY4ZjZhOTUyNDljZDU4OWM3ZmJkNjRlMGZiZDA0OWFkNzQzIn0%3D; c=eyJpdiI6InQrdVZJOXZ5WWxqTTBLRDBYMDl4c3c9PSIsInZhbHVlIjoiU08wak1lTlFnMUtoMkFRRjFWQWVaTGl2ZVlNb1wvYnJpSG40UmhreEdLaDR1UVNONnI1VDVxYTZcL0wwdThxZmRSIiwibWFjIjoiZjI3NTQwZDZjMmU3MjZjMGYyNDg0YzUwNTdjZTVkODg3NjVmNzMzM2U2NWE5NmQ3NDhjNDQwMDQ4YzAzYjIzZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 642
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WrJ7Zp3KpcMNeDXyKUFXb%2BVkhAoHbLAnx3xvbiGy1vDNLEvVQzk8gHN%2Frx1LugPAYZUDeW3Tvhc3b11VGhYXFATOVPgJY4XyslXSTY48D%2BlEt%2FEP4Wr3ICNHdF9CehpFHMoSvNOCFmC6ZCs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d46da2b05fd-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
763 B 13ms
12ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684518.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IkxxME9kdGNLOE9Ia0FrUzdcL0wzV1FRPT0iLCJ2YWx1ZSI6IjFtd1lsUjYzNE8zaEVIdjNaNmE4WVdvSE1zZHlVTkoyakt4UlNFSlhXK3hjM2w0K1J2Z0JKRytxa1ZWZWh2TG0iLCJtYWMiOiJkNDM5ZTVmN2ZiMGRjYWI0ODQ1NGQ1YThkNGI0ZDY4ZjZhOTUyNDljZDU4OWM3ZmJkNjRlMGZiZDA0OWFkNzQzIn0%3D; c=eyJpdiI6InQrdVZJOXZ5WWxqTTBLRDBYMDl4c3c9PSIsInZhbHVlIjoiU08wak1lTlFnMUtoMkFRRjFWQWVaTGl2ZVlNb1wvYnJpSG40UmhreEdLaDR1UVNONnI1VDVxYTZcL0wwdThxZmRSIiwibWFjIjoiZjI3NTQwZDZjMmU3MjZjMGYyNDg0YzUwNTdjZTVkODg3NjVmNzMzM2U2NWE5NmQ3NDhjNDQwMDQ4YzAzYjIzZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 642
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cDvYgzvQX2E7JB9J5vc9XjKT%2BjmzASulXMLPewWc7i17TQCQvW56s%2B%2BvYsfojnitR39e7uX%2Br9KDWBnmBxsMrP8Je%2FlIuexx1MIPpFFBwpg81vKTWUsHcvcIIKrlsAQFZOr2RrY0GbGu0mI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d46da2c05fd-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 8ms
7ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf7b-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 15ms
14ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 32ms
24ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7f-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 32ms
25ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd188-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 19ms
13ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684518.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IkxxME9kdGNLOE9Ia0FrUzdcL0wzV1FRPT0iLCJ2YWx1ZSI6IjFtd1lsUjYzNE8zaEVIdjNaNmE4WVdvSE1zZHlVTkoyakt4UlNFSlhXK3hjM2w0K1J2Z0JKRytxa1ZWZWh2TG0iLCJtYWMiOiJkNDM5ZTVmN2ZiMGRjYWI0ODQ1NGQ1YThkNGI0ZDY4ZjZhOTUyNDljZDU4OWM3ZmJkNjRlMGZiZDA0OWFkNzQzIn0%3D; c=eyJpdiI6InQrdVZJOXZ5WWxqTTBLRDBYMDl4c3c9PSIsInZhbHVlIjoiU08wak1lTlFnMUtoMkFRRjFWQWVaTGl2ZVlNb1wvYnJpSG40UmhreEdLaDR1UVNONnI1VDVxYTZcL0wwdThxZmRSIiwibWFjIjoiZjI3NTQwZDZjMmU3MjZjMGYyNDg0YzUwNTdjZTVkODg3NjVmNzMzM2U2NWE5NmQ3NDhjNDQwMDQ4YzAzYjIzZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5016
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:27:10 GMT
server: cloudflare
etag: "61113b3e-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hbdTAGNhJb8L8LJFf7nhVyolaY%2FBygmF30MbHv03%2FGPvYiYCc4N0JOag7w1GJYVd2LXzqNButGIYGmGmjR1%2BDR99FSRO9ZOcaKJ9aJbXb4AJm9MhXy5oN%2BA2Kg%2BowFLv7katnOiNo03O6RU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d474b1b05fd-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 32ms
24ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7e-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 32ms
25ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7d-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 32ms
25ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd193-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 32ms
25ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf82-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 32ms
25ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18f-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 33ms
26ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf87-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 33ms
26ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd187-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 33ms
27ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7c-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 34ms
28ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf79-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 34ms
29ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18e-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 35ms
29ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd189-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 35ms
29ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18b-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 35ms
29ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd185-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 35ms
30ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18a-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 35ms
30ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf81-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 35ms
30ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18d-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 17ms
13ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684518.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IkxxME9kdGNLOE9Ia0FrUzdcL0wzV1FRPT0iLCJ2YWx1ZSI6IjFtd1lsUjYzNE8zaEVIdjNaNmE4WVdvSE1zZHlVTkoyakt4UlNFSlhXK3hjM2w0K1J2Z0JKRytxa1ZWZWh2TG0iLCJtYWMiOiJkNDM5ZTVmN2ZiMGRjYWI0ODQ1NGQ1YThkNGI0ZDY4ZjZhOTUyNDljZDU4OWM3ZmJkNjRlMGZiZDA0OWFkNzQzIn0%3D; c=eyJpdiI6InQrdVZJOXZ5WWxqTTBLRDBYMDl4c3c9PSIsInZhbHVlIjoiU08wak1lTlFnMUtoMkFRRjFWQWVaTGl2ZVlNb1wvYnJpSG40UmhreEdLaDR1UVNONnI1VDVxYTZcL0wwdThxZmRSIiwibWFjIjoiZjI3NTQwZDZjMmU3MjZjMGYyNDg0YzUwNTdjZTVkODg3NjVmNzMzM2U2NWE5NmQ3NDhjNDQwMDQ4YzAzYjIzZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 642
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JHFfzpeiIgE%2B%2FPacfd%2BANUX6HoUNu%2FyKCup99PvFclkrQMDidX4%2BtZy78Ax7fCgzNzpuSrpveKI2eCfV18BjFfbq0E5QYRuk6DFfSZGzhhMh1z3MRkgQXakuXY9SMXciP1p%2FG%2FqT9cJtko0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67d16d475b2205fd-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 9ms
8ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684518.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IkxxME9kdGNLOE9Ia0FrUzdcL0wzV1FRPT0iLCJ2YWx1ZSI6IjFtd1lsUjYzNE8zaEVIdjNaNmE4WVdvSE1zZHlVTkoyakt4UlNFSlhXK3hjM2w0K1J2Z0JKRytxa1ZWZWh2TG0iLCJtYWMiOiJkNDM5ZTVmN2ZiMGRjYWI0ODQ1NGQ1YThkNGI0ZDY4ZjZhOTUyNDljZDU4OWM3ZmJkNjRlMGZiZDA0OWFkNzQzIn0%3D; c=eyJpdiI6InQrdVZJOXZ5WWxqTTBLRDBYMDl4c3c9PSIsInZhbHVlIjoiU08wak1lTlFnMUtoMkFRRjFWQWVaTGl2ZVlNb1wvYnJpSG40UmhreEdLaDR1UVNONnI1VDVxYTZcL0wwdThxZmRSIiwibWFjIjoiZjI3NTQwZDZjMmU3MjZjMGYyNDg0YzUwNTdjZTVkODg3NjVmNzMzM2U2NWE5NmQ3NDhjNDQwMDQ4YzAzYjIzZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Aug 2021 12:35:03 GMT
server: cloudflare
etag: W/"610bdaf7-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PIh351dXmHC0thyF6n5PRhkVuc9L7ORKh9kaD44CimPzFps0S3MWzwr%2FJAPs3uQMvYxkSOhhq0X7idPQ708xG7LUnUZAf092QLURUQmb0Tu87SB63qETUQ7MaC2K5rYkgkY%2BJYRDq5TCm4A%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d46fa5405fd-FRA
vary: Accept-Encoding
expires: Fri, 13 Aug 2021 12:21:59 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 16ms
15ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684518.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IkxxME9kdGNLOE9Ia0FrUzdcL0wzV1FRPT0iLCJ2YWx1ZSI6IjFtd1lsUjYzNE8zaEVIdjNaNmE4WVdvSE1zZHlVTkoyakt4UlNFSlhXK3hjM2w0K1J2Z0JKRytxa1ZWZWh2TG0iLCJtYWMiOiJkNDM5ZTVmN2ZiMGRjYWI0ODQ1NGQ1YThkNGI0ZDY4ZjZhOTUyNDljZDU4OWM3ZmJkNjRlMGZiZDA0OWFkNzQzIn0%3D; c=eyJpdiI6InQrdVZJOXZ5WWxqTTBLRDBYMDl4c3c9PSIsInZhbHVlIjoiU08wak1lTlFnMUtoMkFRRjFWQWVaTGl2ZVlNb1wvYnJpSG40UmhreEdLaDR1UVNONnI1VDVxYTZcL0wwdThxZmRSIiwibWFjIjoiZjI3NTQwZDZjMmU3MjZjMGYyNDg0YzUwNTdjZTVkODg3NjVmNzMzM2U2NWE5NmQ3NDhjNDQwMDQ4YzAzYjIzZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 642
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: W/"61113bce-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OE2VXb01mVkyoR2dKU5BV3VHVL2FvUyo7IxtO7K0S9GtjHHaMqDF1in9OofD3g18uiAfzI8CDgq4blSTmQEQBMpaxoidegIb94iT4G0%2Fph9ec2d1%2BCuXM61zWe7mnqSZbiM1hdpOrO5dm7k%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d46fa5805fd-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 26ms
25ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684518.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IkxxME9kdGNLOE9Ia0FrUzdcL0wzV1FRPT0iLCJ2YWx1ZSI6IjFtd1lsUjYzNE8zaEVIdjNaNmE4WVdvSE1zZHlVTkoyakt4UlNFSlhXK3hjM2w0K1J2Z0JKRytxa1ZWZWh2TG0iLCJtYWMiOiJkNDM5ZTVmN2ZiMGRjYWI0ODQ1NGQ1YThkNGI0ZDY4ZjZhOTUyNDljZDU4OWM3ZmJkNjRlMGZiZDA0OWFkNzQzIn0%3D; c=eyJpdiI6InQrdVZJOXZ5WWxqTTBLRDBYMDl4c3c9PSIsInZhbHVlIjoiU08wak1lTlFnMUtoMkFRRjFWQWVaTGl2ZVlNb1wvYnJpSG40UmhreEdLaDR1UVNONnI1VDVxYTZcL0wwdThxZmRSIiwibWFjIjoiZjI3NTQwZDZjMmU3MjZjMGYyNDg0YzUwNTdjZTVkODg3NjVmNzMzM2U2NWE5NmQ3NDhjNDQwMDQ4YzAzYjIzZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3892
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6k5LwF1eWBHF5pOOO2gRGUQtPFiYPBdRcEj3XK6W3sYP5zUKTVhpIEUm9OtpU1s8Nxip9Y2KKCxkOrxYsV0iIdRwTNhBYH8Uo30xzTHBB16oL3LNJ5zJd%2Fn7AhMoUIg396EDyXyF6%2BmGV4M%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d471a9405fd-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 13ms
12ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf86-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 19ms
16ms Script
text/plain 18.193.146.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.146.82 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-146-82.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:21:59 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 49ms
15ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:21:59 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 18ms
15ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 789421e97c465f7367c2c16bad228afc0d9211d9ff3c949b7ef88b72e9fc30db

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 06 Aug 2021 11:17:33 GMT
server: cloudflare
age: 6660
etag: W/"610d1a4d-97e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lWnYFYhUVI3qEro1ECdIm4SHOuKUroLI%2BdxhdKmFpcPEV%2FGr5Hx2Vn6R3POcUoISnmQ9Q1u2NpdDtaEBj6vL478i%2FHDGhVURlMwE47FHTsBEx40REhuhQdXWzjdHg1KjaE6CnC239Xd%2B5sWHDw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d475a6a2c22-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 111 KB
41 KB 18ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

96ebb46ec94633e9d6d36d0e58f352ef5552981704ceabd38ede88918f0c1539

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42033
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 11 Aug 2021 12:21:59 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 45ms
16ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 15ms
12ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.5249193555296359
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 27f2a706a20fc6201badf1eae1856625d62befe96a72dc4ae5f222a40eec172f

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 12:21:58 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 31ms
31ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx00000000000000491e693-0060df2731-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 31ms
31ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd245-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 26ms
25ms Media
video/mp4 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a44bcc-0060f54e68-141c7b61-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Thu, 11 Aug 2022 18:10:59 GMT

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 21ms
18ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684518.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IkxxME9kdGNLOE9Ia0FrUzdcL0wzV1FRPT0iLCJ2YWx1ZSI6IjFtd1lsUjYzNE8zaEVIdjNaNmE4WVdvSE1zZHlVTkoyakt4UlNFSlhXK3hjM2w0K1J2Z0JKRytxa1ZWZWh2TG0iLCJtYWMiOiJkNDM5ZTVmN2ZiMGRjYWI0ODQ1NGQ1YThkNGI0ZDY4ZjZhOTUyNDljZDU4OWM3ZmJkNjRlMGZiZDA0OWFkNzQzIn0%3D; c=eyJpdiI6InQrdVZJOXZ5WWxqTTBLRDBYMDl4c3c9PSIsInZhbHVlIjoiU08wak1lTlFnMUtoMkFRRjFWQWVaTGl2ZVlNb1wvYnJpSG40UmhreEdLaDR1UVNONnI1VDVxYTZcL0wwdThxZmRSIiwibWFjIjoiZjI3NTQwZDZjMmU3MjZjMGYyNDg0YzUwNTdjZTVkODg3NjVmNzMzM2U2NWE5NmQ3NDhjNDQwMDQ4YzAzYjIzZCJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5476
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: "61113bce-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qBTPoL3TUn%2FIF6b1AsPx2tLV1l%2BBjloW5m%2Fp%2FCE1B%2FzWWGCIYPyT6RCL9JCgsIR4eBaagVwIjkLQlQoLg%2FgFu1lwkuQrJ%2BXZfcak%2F%2FuCUCps6ynMJDlVzcy1RzlbGRNjyNEuPSzy4rgmfNo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d47cc2b05fd-FRA

GET
H3-29 200 locate Show response
tgfunnls.org/ 141 B
1 KB 221ms
221ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fea97b726590fe4a2287fc338a9ba11f11d1f9f20a68500a2832f2120b7f1856

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6IkxxME9kdGNLOE9Ia0FrUzdcL0wzV1FRPT0iLCJ2YWx1ZSI6IjFtd1lsUjYzNE8zaEVIdjNaNmE4WVdvSE1zZHlVTkoyakt4UlNFSlhXK3hjM2w0K1J2Z0JKRytxa1ZWZWh2TG0iLCJtYWMiOiJkNDM5ZTVmN2ZiMGRjYWI0ODQ1NGQ1YThkNGI0ZDY4ZjZhOTUyNDljZDU4OWM3ZmJkNjRlMGZiZDA0OWFkNzQzIn0=
accept-language: en-US
sec-fetch-dest: empty
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684518.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IkxxME9kdGNLOE9Ia0FrUzdcL0wzV1FRPT0iLCJ2YWx1ZSI6IjFtd1lsUjYzNE8zaEVIdjNaNmE4WVdvSE1zZHlVTkoyakt4UlNFSlhXK3hjM2w0K1J2Z0JKRytxa1ZWZWh2TG0iLCJtYWMiOiJkNDM5ZTVmN2ZiMGRjYWI0ODQ1NGQ1YThkNGI0ZDY4ZjZhOTUyNDljZDU4OWM3ZmJkNjRlMGZiZDA0OWFkNzQzIn0%3D; c=eyJpdiI6InQrdVZJOXZ5WWxqTTBLRDBYMDl4c3c9PSIsInZhbHVlIjoiU08wak1lTlFnMUtoMkFRRjFWQWVaTGl2ZVlNb1wvYnJpSG40UmhreEdLaDR1UVNONnI1VDVxYTZcL0wwdThxZmRSIiwibWFjIjoiZjI3NTQwZDZjMmU3MjZjMGYyNDg0YzUwNTdjZTVkODg3NjVmNzMzM2U2NWE5NmQ3NDhjNDQwMDQ4YzAzYjIzZCJ9
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IkxxME9kdGNLOE9Ia0FrUzdcL0wzV1FRPT0iLCJ2YWx1ZSI6IjFtd1lsUjYzNE8zaEVIdjNaNmE4WVdvSE1zZHlVTkoyakt4UlNFSlhXK3hjM2w0K1J2Z0JKRytxa1ZWZWh2TG0iLCJtYWMiOiJkNDM5ZTVmN2ZiMGRjYWI0ODQ1NGQ1YThkNGI0ZDY4ZjZhOTUyNDljZDU4OWM3ZmJkNjRlMGZiZDA0OWFkNzQzIn0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y1yUoG6vgz3OIpaV%2BXuyPs0nAHtSJGeGcHjesXq5l%2F2UlcLEbfGOMdC5xPK1i3rlV1ekgoMCAMZ3pYEnm7wPnYGeD7xJlXG%2BG0Q%2FpkUw1YiUDP0qg%2Bfr4Cd8mgv13hbAA%2BYkmf%2BHC%2B5JFqc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjA1R1BTMmJXbjAwcVY2aURqdnVabVE9PSIsInZhbHVlIjoiVDFNOHAxU3VtdXhtNjRMUU1JV2t4d0hrNzBKQUVhT1IwZ21ycWFDVE1qOGNEOXpnRnFzN1Y1ZXQ2Q29zQUZFWiIsIm1hYyI6IjBlYTUxOTVlNzRjMDQwNzA2MjBlMTQyNDY4Y2UwZGY3MDZiZmZiN2M1ZDU2MGQwMWIyZGI4MDQ1MzcxNTRiYzIifQ%3D%3D; expires=Wed, 11-Aug-2021 14:21:59 GMT; Max-Age=7200; path=/ c=eyJpdiI6InlyN1BZalRSVWNuZEh0MnhEWExTTnc9PSIsInZhbHVlIjoiNjBoN3YrU1FFdVhJdWVFZ05VYWFWSWt2UkdwZHpSN3hmWE40elZrTGpBZ0h4M0lrVzFWR3U3cXJwMFVpcnM5NiIsIm1hYyI6IjZkY2YyOTU1NmI3OTI3Y2UyMmJjNGM4YWVmMDQwNjg3NTk5MTBmNWMwZWYwNjJmZjQyYTg1ZTM4OTY3ZjdiYTAifQ%3D%3D; expires=Wed, 11-Aug-2021 14:21:59 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d47ec9005fd-FRA

GET
H3-29 200 tag-a511eb58bc7ee0b0cbc6906497418127.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/ 214 KB
61 KB 30ms
29ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.5249193555296359
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: ffef253989420f0b71eec148da3bbe555e1117a9860323b7a39b267bbb62ebe6

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-f354"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62292
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 102ms
101ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D1DFE650AA949B2C07F0C98022E4F4C18&h=03024847324f052f382a923df65b0f51&t=false&r=0.4389762302351923

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:21:59 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 35ms
34ms Fetch
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 4898024456010196187
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 11 Aug 2021 12:21:59 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 14ms
14ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 14caf418036aa82dae667e78787364b756262e2d8448dade40a26ac88d504091

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:21:59 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 13ms
13ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

dd871c34dd715b3e5e53303169ba2a3cc27882618ea574966fd285fd305312c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:55 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 14ms
14ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:21:59 GMT
Server: nginx/1.19.10
Etag: 3a7f282e-31a2-4391-9e7f-8c6bdef1bb06
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 16ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:59 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 15ms
14ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:59 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 17ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:59 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 19ms
18ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:59 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 16ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:59 GMT

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 14ms
13ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:21:59 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 15ms
14ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:21:59 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK 6d7c7950-21a0-4562-93b4-479e822c8caa
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/6d7c7950-21a0-4562-93b4-479e822c8caa
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 17ms
17ms Image
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 128 KB
50 KB 32ms
32ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6c9bea9ae6f0ce80d62bb455e4c2b0af95a19e05b705666c76add24909fcaec8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51224
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:21:59 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2725
date: Wed, 11 Aug 2021 11:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 11 Aug 2021 13:36:34 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 30ms
30ms Script
application/javascript 54.192.219.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.13 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ba0f7c8cd1226246385e057da152929c0c7b7868b6a4b64ff6de9537bf8aeb33

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:14 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 45
etag: W/2bfd20973994a2ba4876103e95eba243
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: MRS52-P2
x-amz-cf-id: suKJkFHdV9lhFhHh1MveWp9y0rR_tECZRHDUPziBrKnQoRa2f4_cEg==
via: 1.1 ee464261ee466fae8314a91098b35372.cloudfront.net (CloudFront)

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 14ms
14ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:21:59 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 233ms
233ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:21:59 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 8ms
8ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.19028751084881468&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=1267243490&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=668805998.1628684518&tid=UA-192660002-1&_gid=790350928.1628684518&gtm=2wg891MSK8GMG&z=1658727845

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Aug 2021 20:58:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 55409
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 11ms
10ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.20191652518226766
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 25ms
25ms Script
application/javascript 54.192.219.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 511434
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 1cfafe71e396134dc106e8c1515876bd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: HTvGilOStXMcPSDCsNmouGwfV5ZO6pAMaHYCr6xxrSe7SGNK1sXS2g==

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 55ms
54ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-133"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame BE85 2 KB
1 KB 25ms
24ms Document
text/html 52.84.45.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.45.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-45-59.mrs52.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 03 Jun 2021 10:15:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 03 Jun 2021 10:14:54 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e5c15247ec560744bc8eee50e069c231.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-P1
x-amz-cf-id: fbYLORYg7ef0bmaks9yPDH6sa0Kc60RytccWNPCScKvWFxodnom0fQ==
age: 5969214

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js Show response
cdn.pushcrew.com/js/ 248 KB
70 KB 102ms
102ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a74b97179203cf3de9b255635c3927c34791cabfe69261cc8d1235c13315e78

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Wed, 11 Aug 2021 12:51:59 GMT

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 276ms
276ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6IjA1R1BTMmJXbjAwcVY2aURqdnVabVE9PSIsInZhbHVlIjoiVDFNOHAxU3VtdXhtNjRMUU1JV2t4d0hrNzBKQUVhT1IwZ21ycWFDVE1qOGNEOXpnRnFzN1Y1ZXQ2Q29zQUZFWiIsIm1hYyI6IjBlYTUxOTVlNzRjMDQwNzA2MjBlMTQyNDY4Y2UwZGY3MDZiZmZiN2M1ZDU2MGQwMWIyZGI4MDQ1MzcxNTRiYzIifQ==
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684519.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IjA1R1BTMmJXbjAwcVY2aURqdnVabVE9PSIsInZhbHVlIjoiVDFNOHAxU3VtdXhtNjRMUU1JV2t4d0hrNzBKQUVhT1IwZ21ycWFDVE1qOGNEOXpnRnFzN1Y1ZXQ2Q29zQUZFWiIsIm1hYyI6IjBlYTUxOTVlNzRjMDQwNzA2MjBlMTQyNDY4Y2UwZGY3MDZiZmZiN2M1ZDU2MGQwMWIyZGI4MDQ1MzcxNTRiYzIifQ%3D%3D; c=eyJpdiI6InlyN1BZalRSVWNuZEh0MnhEWExTTnc9PSIsInZhbHVlIjoiNjBoN3YrU1FFdVhJdWVFZ05VYWFWSWt2UkdwZHpSN3hmWE40elZrTGpBZ0h4M0lrVzFWR3U3cXJwMFVpcnM5NiIsIm1hYyI6IjZkY2YyOTU1NmI3OTI3Y2UyMmJjNGM4YWVmMDQwNjg3NTk5MTBmNWMwZWYwNjJmZjQyYTg1ZTM4OTY3ZjdiYTAifQ%3D%3D
content-length: 179
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IjA1R1BTMmJXbjAwcVY2aURqdnVabVE9PSIsInZhbHVlIjoiVDFNOHAxU3VtdXhtNjRMUU1JV2t4d0hrNzBKQUVhT1IwZ21ycWFDVE1qOGNEOXpnRnFzN1Y1ZXQ2Q29zQUZFWiIsIm1hYyI6IjBlYTUxOTVlNzRjMDQwNzA2MjBlMTQyNDY4Y2UwZGY3MDZiZmZiN2M1ZDU2MGQwMWIyZGI4MDQ1MzcxNTRiYzIifQ==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WzfUM%2BJ4YhH3virFp0jdpc1y0VGHpbyFzq2aO7gCOTGd%2FkQjDBZR6D%2Fot%2BrWwMiTBg3rlqRQLKDAd%2F9mOADuHgVkg4cmiYkV88r7cjErXCAqbz4x8F9GAmv6Z0xOimLY1336YM70AAi9P0M%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlhCaHhzODVpb2dyNUNEME1QOXd2MEE9PSIsInZhbHVlIjoibWpUYVlWMGxpY0VqXC91Z2ZQbVk1eVkyRkdPQVZXRHgwRjA5Rnh6WkpLTUV4YzIwbjA1OUFBcytGaitHWkxxb0wiLCJtYWMiOiI3M2VhOTM1NzAyNTBjM2E2ZjBmNmFlYTM2YzQ2MzRmZjE2NGU0MDZmZmVmMjlkNzE2NGJiNmZjYzk5OWRkOGM3In0%3D; expires=Wed, 11-Aug-2021 14:22:00 GMT; Max-Age=7200; path=/ c=eyJpdiI6InVYaEFOMGFYSjEyaUFxQXNcL1BTT2lRPT0iLCJ2YWx1ZSI6IlwvTDdQQklSbldpclFabVdlc1o3TFBReDZIeGtmWis3T3lQYXhCb0RsWVU2NVVMQmtJMkhWUVM1Wm45VGlERGEwIiwibWFjIjoiMDk1Mzc4MTJlNGZiOWZlMzk0NGQwNGFmMDk5MThiMzZhMzcwY2RiNTE3Y2U0ZmM2NmJlNDU2NjYyY2FlZWRmNiJ9; expires=Wed, 11-Aug-2021 14:22:00 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d495fe705fd-FRA

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 17ms
16ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:00 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 15ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:00 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 13ms
13ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 11 Aug 2021 12:22:00 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 291ms
291ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87012dd2a19e02b8ce347999203a9a99288462679b5aa1178975e8757b7cf818

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684519.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlhCaHhzODVpb2dyNUNEME1QOXd2MEE9PSIsInZhbHVlIjoibWpUYVlWMGxpY0VqXC91Z2ZQbVk1eVkyRkdPQVZXRHgwRjA5Rnh6WkpLTUV4YzIwbjA1OUFBcytGaitHWkxxb0wiLCJtYWMiOiI3M2VhOTM1NzAyNTBjM2E2ZjBmNmFlYTM2YzQ2MzRmZjE2NGU0MDZmZmVmMjlkNzE2NGJiNmZjYzk5OWRkOGM3In0%3D; c=eyJpdiI6InVYaEFOMGFYSjEyaUFxQXNcL1BTT2lRPT0iLCJ2YWx1ZSI6IlwvTDdQQklSbldpclFabVdlc1o3TFBReDZIeGtmWis3T3lQYXhCb0RsWVU2NVVMQmtJMkhWUVM1Wm45VGlERGEwIiwibWFjIjoiMDk1Mzc4MTJlNGZiOWZlMzk0NGQwNGFmMDk5MThiMzZhMzcwY2RiNTE3Y2U0ZmM2NmJlNDU2NjYyY2FlZWRmNiJ9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlFcL0dvcW4ybTgwTUFwM295bjFmNURRPT0iLCJ2YWx1ZSI6ImZMZG9IYmZVRDV5amlDemFZUHBOc1c0YVVcL1dYRVFWZUFXRVRnZXVCeTEzZHZiS1VTXC9MUzFrK2w0SkJRSU55YyIsIm1hYyI6IjBkMWYxODU5MDQ0OTI1NmNlYzgzZjgxODkwYzcyNzk2NTY4OWUzNzM0OTU0N2FmODUxNGFjMjBiY2Q0MTExN2EifQ%3D%3D; expires=Wed, 11-Aug-2021 14:22:00 GMT; Max-Age=7200; path=/ c=eyJpdiI6Im9kcXpvTHFpbk5HMHIxZlQ1dnViMUE9PSIsInZhbHVlIjoiR0FcL1VpNERzS1dWQzFhZzlBSjVxNkJWNDd2aDUwemtoU2NyNUM1N2wrMnlxdWRRdzZLQ3F2N1BreFljSVJCQ0QiLCJtYWMiOiIyZWM4ZWVmODFiMzhkOGRjMDIxMzhjODMyODVhYmE1NzdlNzUyOWY5YTU1NTNmMjk3Nzg1NjI2MDA4N2FmOGI4In0%3D; expires=Wed, 11-Aug-2021 14:22:00 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 3
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XopDmFDz8p%2FYiiuD1y5kIR1Zu9FFAHbxkvho09uKnbXp9Sn4mquOjBKZLZZMCL0WjoqdjXoK1Ae4DLwjSxhPG2Lwt1u%2B%2F8D6zZLkmycdOZ5UU0myrO%2ByIFGbKArlFbxgu%2BXaFIdUXi9ZxmY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67d16d4b6c1b05fd-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 24ms
23ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684519.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlFcL0dvcW4ybTgwTUFwM295bjFmNURRPT0iLCJ2YWx1ZSI6ImZMZG9IYmZVRDV5amlDemFZUHBOc1c0YVVcL1dYRVFWZUFXRVRnZXVCeTEzZHZiS1VTXC9MUzFrK2w0SkJRSU55YyIsIm1hYyI6IjBkMWYxODU5MDQ0OTI1NmNlYzgzZjgxODkwYzcyNzk2NTY4OWUzNzM0OTU0N2FmODUxNGFjMjBiY2Q0MTExN2EifQ%3D%3D; c=eyJpdiI6Im9kcXpvTHFpbk5HMHIxZlQ1dnViMUE9PSIsInZhbHVlIjoiR0FcL1VpNERzS1dWQzFhZzlBSjVxNkJWNDd2aDUwemtoU2NyNUM1N2wrMnlxdWRRdzZLQ3F2N1BreFljSVJCQ0QiLCJtYWMiOiIyZWM4ZWVmODFiMzhkOGRjMDIxMzhjODMyODVhYmE1NzdlNzUyOWY5YTU1NTNmMjk3Nzg1NjI2MDA4N2FmOGI4In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 643
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gNV7z2C%2F3fVmAMYZWadnpq%2FYEwEscyw5hptIUNF0pC0%2BeTwyhK9DIDR978qXPgbIxxBA5d5rwCWGB68nIZVDuQXvek2I04n%2F6fPxOBlszN5xhcpot2%2BhahiFaU9zUNmDb4Z1O8rs%2F1EQA3U%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d4d488205fd-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
764 B 25ms
24ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684519.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlFcL0dvcW4ybTgwTUFwM295bjFmNURRPT0iLCJ2YWx1ZSI6ImZMZG9IYmZVRDV5amlDemFZUHBOc1c0YVVcL1dYRVFWZUFXRVRnZXVCeTEzZHZiS1VTXC9MUzFrK2w0SkJRSU55YyIsIm1hYyI6IjBkMWYxODU5MDQ0OTI1NmNlYzgzZjgxODkwYzcyNzk2NTY4OWUzNzM0OTU0N2FmODUxNGFjMjBiY2Q0MTExN2EifQ%3D%3D; c=eyJpdiI6Im9kcXpvTHFpbk5HMHIxZlQ1dnViMUE9PSIsInZhbHVlIjoiR0FcL1VpNERzS1dWQzFhZzlBSjVxNkJWNDd2aDUwemtoU2NyNUM1N2wrMnlxdWRRdzZLQ3F2N1BreFljSVJCQ0QiLCJtYWMiOiIyZWM4ZWVmODFiMzhkOGRjMDIxMzhjODMyODVhYmE1NzdlNzUyOWY5YTU1NTNmMjk3Nzg1NjI2MDA4N2FmOGI4In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 643
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ga5o0I%2F5sszNfjkd8FwKvgOSizoylnhPR0n9st1EfS6HvY5Gw76gmDb4OrLS51PPuF%2BsFEGjIA%2B0KKBW0ZXXcFlMzXJmLLFW2zCVJd6VyKGIeEzKugaep3qBrgOZbgHtlME4E6oow%2B%2F%2BNZo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d4d488405fd-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 9ms
8ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf7b-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 16ms
15ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 26ms
20ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7f-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 27ms
21ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd188-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 35ms
31ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684519.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlFcL0dvcW4ybTgwTUFwM295bjFmNURRPT0iLCJ2YWx1ZSI6ImZMZG9IYmZVRDV5amlDemFZUHBOc1c0YVVcL1dYRVFWZUFXRVRnZXVCeTEzZHZiS1VTXC9MUzFrK2w0SkJRSU55YyIsIm1hYyI6IjBkMWYxODU5MDQ0OTI1NmNlYzgzZjgxODkwYzcyNzk2NTY4OWUzNzM0OTU0N2FmODUxNGFjMjBiY2Q0MTExN2EifQ%3D%3D; c=eyJpdiI6Im9kcXpvTHFpbk5HMHIxZlQ1dnViMUE9PSIsInZhbHVlIjoiR0FcL1VpNERzS1dWQzFhZzlBSjVxNkJWNDd2aDUwemtoU2NyNUM1N2wrMnlxdWRRdzZLQ3F2N1BreFljSVJCQ0QiLCJtYWMiOiIyZWM4ZWVmODFiMzhkOGRjMDIxMzhjODMyODVhYmE1NzdlNzUyOWY5YTU1NTNmMjk3Nzg1NjI2MDA4N2FmOGI4In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5017
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:27:10 GMT
server: cloudflare
etag: "61113b3e-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LHfly9tcuOksWhwc0kYvFSDIvbGF6OfKdylY2rcGLpu5dfAQwjQJ9PLsp2T6Y928CqQDQtF%2F6698s5fuxjk9yQqGJb%2FWLQi%2FUZMmQhyAXQ5mbSXKnyS0w6VXBtUhWNmSJWx1da%2B8Z8jzdaA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d4dd9a005fd-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 27ms
21ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7e-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 27ms
21ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7d-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 27ms
21ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd193-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 28ms
22ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf82-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 28ms
22ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18f-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 29ms
23ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf87-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 29ms
24ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd187-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 29ms
24ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7c-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 33ms
28ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf79-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 36ms
31ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18e-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 36ms
31ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd189-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 36ms
31ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18b-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 36ms
31ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd185-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 36ms
31ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18a-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 36ms
32ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf81-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 36ms
32ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18d-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 36ms
33ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684519.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlFcL0dvcW4ybTgwTUFwM295bjFmNURRPT0iLCJ2YWx1ZSI6ImZMZG9IYmZVRDV5amlDemFZUHBOc1c0YVVcL1dYRVFWZUFXRVRnZXVCeTEzZHZiS1VTXC9MUzFrK2w0SkJRSU55YyIsIm1hYyI6IjBkMWYxODU5MDQ0OTI1NmNlYzgzZjgxODkwYzcyNzk2NTY4OWUzNzM0OTU0N2FmODUxNGFjMjBiY2Q0MTExN2EifQ%3D%3D; c=eyJpdiI6Im9kcXpvTHFpbk5HMHIxZlQ1dnViMUE9PSIsInZhbHVlIjoiR0FcL1VpNERzS1dWQzFhZzlBSjVxNkJWNDd2aDUwemtoU2NyNUM1N2wrMnlxdWRRdzZLQ3F2N1BreFljSVJCQ0QiLCJtYWMiOiIyZWM4ZWVmODFiMzhkOGRjMDIxMzhjODMyODVhYmE1NzdlNzUyOWY5YTU1NTNmMjk3Nzg1NjI2MDA4N2FmOGI4In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 643
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yN1Trlebpy4wEITwjb%2BUUL1t7Am%2BfgTjbqSr6Sq3rfT%2BPJrHMSf%2BPXWPbNElRpUoEmCl5f32iHoncttuFeJ0AvRJ5oLA50iAVC4kbNl0VG9DMquL4rfuZ3c6SvzvdDaPmIUmXUucy6fcEgE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67d16d4dd9a905fd-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 21ms
20ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684519.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlFcL0dvcW4ybTgwTUFwM295bjFmNURRPT0iLCJ2YWx1ZSI6ImZMZG9IYmZVRDV5amlDemFZUHBOc1c0YVVcL1dYRVFWZUFXRVRnZXVCeTEzZHZiS1VTXC9MUzFrK2w0SkJRSU55YyIsIm1hYyI6IjBkMWYxODU5MDQ0OTI1NmNlYzgzZjgxODkwYzcyNzk2NTY4OWUzNzM0OTU0N2FmODUxNGFjMjBiY2Q0MTExN2EifQ%3D%3D; c=eyJpdiI6Im9kcXpvTHFpbk5HMHIxZlQ1dnViMUE9PSIsInZhbHVlIjoiR0FcL1VpNERzS1dWQzFhZzlBSjVxNkJWNDd2aDUwemtoU2NyNUM1N2wrMnlxdWRRdzZLQ3F2N1BreFljSVJCQ0QiLCJtYWMiOiIyZWM4ZWVmODFiMzhkOGRjMDIxMzhjODMyODVhYmE1NzdlNzUyOWY5YTU1NTNmMjk3Nzg1NjI2MDA4N2FmOGI4In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Aug 2021 12:35:03 GMT
server: cloudflare
etag: W/"610bdaf7-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eYubDcjboEUUeZuuMcme3e%2ByjQA2ljlftkyMGT%2BkfH82lejQl1EZdGOsPYSWZmeLJ3HtHgXDvv3bYTBtaHhKcnF9xL7WwQWw3NFiUBuLSgNiYL3vlrjIaLWNRtwEDGiePUuXFEmwh1PDxXg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d4d88fd05fd-FRA
vary: Accept-Encoding
expires: Fri, 13 Aug 2021 12:22:00 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 34ms
34ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684519.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlFcL0dvcW4ybTgwTUFwM295bjFmNURRPT0iLCJ2YWx1ZSI6ImZMZG9IYmZVRDV5amlDemFZUHBOc1c0YVVcL1dYRVFWZUFXRVRnZXVCeTEzZHZiS1VTXC9MUzFrK2w0SkJRSU55YyIsIm1hYyI6IjBkMWYxODU5MDQ0OTI1NmNlYzgzZjgxODkwYzcyNzk2NTY4OWUzNzM0OTU0N2FmODUxNGFjMjBiY2Q0MTExN2EifQ%3D%3D; c=eyJpdiI6Im9kcXpvTHFpbk5HMHIxZlQ1dnViMUE9PSIsInZhbHVlIjoiR0FcL1VpNERzS1dWQzFhZzlBSjVxNkJWNDd2aDUwemtoU2NyNUM1N2wrMnlxdWRRdzZLQ3F2N1BreFljSVJCQ0QiLCJtYWMiOiIyZWM4ZWVmODFiMzhkOGRjMDIxMzhjODMyODVhYmE1NzdlNzUyOWY5YTU1NTNmMjk3Nzg1NjI2MDA4N2FmOGI4In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 643
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: W/"61113bce-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=18OLSMsAGlhKZfIa8VpxUUgtz6t2Khb1yvnoVa4BMP36kvorTS2vnU5TbRGvQzn9YXu2faHmKbfnUSNUpzeCeAjFR9XvG0hs41HSNXzviPd9DvidryQQulJ8d8jkPYJSmpQhfQty%2FcuJ4Bw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d4d890005fd-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 38ms
38ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684519.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlFcL0dvcW4ybTgwTUFwM295bjFmNURRPT0iLCJ2YWx1ZSI6ImZMZG9IYmZVRDV5amlDemFZUHBOc1c0YVVcL1dYRVFWZUFXRVRnZXVCeTEzZHZiS1VTXC9MUzFrK2w0SkJRSU55YyIsIm1hYyI6IjBkMWYxODU5MDQ0OTI1NmNlYzgzZjgxODkwYzcyNzk2NTY4OWUzNzM0OTU0N2FmODUxNGFjMjBiY2Q0MTExN2EifQ%3D%3D; c=eyJpdiI6Im9kcXpvTHFpbk5HMHIxZlQ1dnViMUE9PSIsInZhbHVlIjoiR0FcL1VpNERzS1dWQzFhZzlBSjVxNkJWNDd2aDUwemtoU2NyNUM1N2wrMnlxdWRRdzZLQ3F2N1BreFljSVJCQ0QiLCJtYWMiOiIyZWM4ZWVmODFiMzhkOGRjMDIxMzhjODMyODVhYmE1NzdlNzUyOWY5YTU1NTNmMjk3Nzg1NjI2MDA4N2FmOGI4In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3893
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VVZraFA3g1SqzdU1YzsErtu5Es%2FVsjIZCMoOc%2Fes6wtR0nLOvg%2B2KWq2yrxKyT0%2FBo3YjCDTdhbV%2BFg2Z0vsHu1dXbVi3bXkAyiWwgTkh3LTOn4SqOl2GuZiSeypjPGssssp8WRF4djHD3s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d4da95105fd-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 8ms
8ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf86-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 19ms
16ms Script
text/plain 18.193.146.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.146.82 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-146-82.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:22:00 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 55ms
19ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:22:00 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 19ms
16ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 789421e97c465f7367c2c16bad228afc0d9211d9ff3c949b7ef88b72e9fc30db

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 06 Aug 2021 11:17:33 GMT
server: cloudflare
age: 6661
etag: W/"610d1a4d-97e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Qbr50ty2hWGtIYGJ%2BTiQLv6X%2BMQo6May%2F3fhbNhs9ThlNrOGAGA%2Fez16WPMvzfMJFqi0CvVReVjt2EM9VkzaG93mAmQUzg7OkKBhE3P1yEE3hLua9a6qFLLZQVQwT2U5MVfBrtx95jlIFl54A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d4dc83d2c22-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 111 KB
41 KB 17ms
14ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

abf5e420544cdc91fec5600e8fac1b07f6fd02f69671fa214259ad6518213358

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42029
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 11 Aug 2021 12:22:00 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 45ms
15ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 11ms
9ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.7140783105365094
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: b9ebb4294a269f18a14d675bc76a6c8d71067088808972e9d7af55df97f0fae1

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 12:22:00 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 34ms
32ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx00000000000000491e693-0060df2731-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 36ms
35ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd245-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 37ms
37ms Media
video/mp4 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a44bcc-0060f54e68-141c7b61-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Thu, 11 Aug 2022 18:11:00 GMT

GET
H3-29 200 tag-a511eb58bc7ee0b0cbc6906497418127.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/ 214 KB
61 KB 35ms
34ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.7140783105365094
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: ffef253989420f0b71eec148da3bbe555e1117a9860323b7a39b267bbb62ebe6

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-f354"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62292
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 96ms
95ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D1DFE650AA949B2C07F0C98022E4F4C18&h=03024847324f052f382a923df65b0f51&t=false&r=0.27928463682276106

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:22:00 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 16ms
15ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684519.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlFcL0dvcW4ybTgwTUFwM295bjFmNURRPT0iLCJ2YWx1ZSI6ImZMZG9IYmZVRDV5amlDemFZUHBOc1c0YVVcL1dYRVFWZUFXRVRnZXVCeTEzZHZiS1VTXC9MUzFrK2w0SkJRSU55YyIsIm1hYyI6IjBkMWYxODU5MDQ0OTI1NmNlYzgzZjgxODkwYzcyNzk2NTY4OWUzNzM0OTU0N2FmODUxNGFjMjBiY2Q0MTExN2EifQ%3D%3D; c=eyJpdiI6Im9kcXpvTHFpbk5HMHIxZlQ1dnViMUE9PSIsInZhbHVlIjoiR0FcL1VpNERzS1dWQzFhZzlBSjVxNkJWNDd2aDUwemtoU2NyNUM1N2wrMnlxdWRRdzZLQ3F2N1BreFljSVJCQ0QiLCJtYWMiOiIyZWM4ZWVmODFiMzhkOGRjMDIxMzhjODMyODVhYmE1NzdlNzUyOWY5YTU1NTNmMjk3Nzg1NjI2MDA4N2FmOGI4In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5477
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: "61113bce-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jeh2VpC6b38iBoVD0Ud5uN941Hoq5o4cqsWQwqJCT3mGctI9aQoQNytnz473xOcfRgUwbEjsa9s4hh6UE1rgu5t23znJasC1UaZ41oxbq9e%2F2fPKEGK32eI6CQsUFA8pdOQSCOC4CdU%2FdMw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d4e7adf05fd-FRA

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 34ms
33ms Fetch
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 4898024456010196187
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 11 Aug 2021 12:22:00 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 14ms
13ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 9bfd83e6dfa8cbde96c3884ceaab5f5ce49c6f604b8a3d7588a01a94a29bada1

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:22:00 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 13ms
13ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

b9cda3c54394a3394d87a1ecc0e70c572f2c8576b8d7a7aa5221ccb519081649

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:56 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 13ms
13ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:22:00 GMT
Server: nginx/1.19.10
Etag: 8c4468f1-d99a-442e-a42a-087755965588
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 15ms
14ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:00 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 16ms
14ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:00 GMT

GET googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 0
0

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 16ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:00 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 15ms
14ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:00 GMT

GET
H3-29 200 locate Show response
tgfunnls.org/ 150 B
1 KB 152ms
151ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

126f29647a5fd666abd70f0bfe4f9a9b972c2e385e09554cf2fea5ffe35f62fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6IlFcL0dvcW4ybTgwTUFwM295bjFmNURRPT0iLCJ2YWx1ZSI6ImZMZG9IYmZVRDV5amlDemFZUHBOc1c0YVVcL1dYRVFWZUFXRVRnZXVCeTEzZHZiS1VTXC9MUzFrK2w0SkJRSU55YyIsIm1hYyI6IjBkMWYxODU5MDQ0OTI1NmNlYzgzZjgxODkwYzcyNzk2NTY4OWUzNzM0OTU0N2FmODUxNGFjMjBiY2Q0MTExN2EifQ==
accept-language: en-US
sec-fetch-dest: empty
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684519.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlFcL0dvcW4ybTgwTUFwM295bjFmNURRPT0iLCJ2YWx1ZSI6ImZMZG9IYmZVRDV5amlDemFZUHBOc1c0YVVcL1dYRVFWZUFXRVRnZXVCeTEzZHZiS1VTXC9MUzFrK2w0SkJRSU55YyIsIm1hYyI6IjBkMWYxODU5MDQ0OTI1NmNlYzgzZjgxODkwYzcyNzk2NTY4OWUzNzM0OTU0N2FmODUxNGFjMjBiY2Q0MTExN2EifQ%3D%3D; c=eyJpdiI6Im9kcXpvTHFpbk5HMHIxZlQ1dnViMUE9PSIsInZhbHVlIjoiR0FcL1VpNERzS1dWQzFhZzlBSjVxNkJWNDd2aDUwemtoU2NyNUM1N2wrMnlxdWRRdzZLQ3F2N1BreFljSVJCQ0QiLCJtYWMiOiIyZWM4ZWVmODFiMzhkOGRjMDIxMzhjODMyODVhYmE1NzdlNzUyOWY5YTU1NTNmMjk3Nzg1NjI2MDA4N2FmOGI4In0%3D
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IlFcL0dvcW4ybTgwTUFwM295bjFmNURRPT0iLCJ2YWx1ZSI6ImZMZG9IYmZVRDV5amlDemFZUHBOc1c0YVVcL1dYRVFWZUFXRVRnZXVCeTEzZHZiS1VTXC9MUzFrK2w0SkJRSU55YyIsIm1hYyI6IjBkMWYxODU5MDQ0OTI1NmNlYzgzZjgxODkwYzcyNzk2NTY4OWUzNzM0OTU0N2FmODUxNGFjMjBiY2Q0MTExN2EifQ==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bVsaoBaPcdk1aNIB2m7uiwSh22mKQVgxmCG33JBJEx2HXKh3HmMTPA9Vy0apzDMe%2FKFFYNOL9jvXhaGmYv9FQLKUBfYbX%2BISf3Kj%2BrHpB7nSOFanWvlTElIWKAcR5x7gEMsWmzCz6qopPTc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImxJQ3k4cHZ6a3JJbFVLTmxGbDR4RkE9PSIsInZhbHVlIjoiNmtFUFwvRFBFd0QwcWhBaFNoTTFURTZobmlYSkFVZ29oaWZTRUE3XC9FRlNJTWxxQTlCRWQ0NHBQcDhwcHlhUkhrIiwibWFjIjoiYWE5ODdlMjMzY2RiZTM3NjRkNDNjZWI3YzU1NDAxNGI2Y2YzMzNiOWVmZGM3MzVlZDA0ZjUyMTgyOWNkMDkzMyJ9; expires=Wed, 11-Aug-2021 14:22:00 GMT; Max-Age=7200; path=/ c=eyJpdiI6InBpRTRRZVNvU3dHVXczN0RLTHQ0SkE9PSIsInZhbHVlIjoiTTdWSEZPWVgybURicUhZKzNLOWU3WmhvY1QraFZWT04zblEwZEpaM0ltTUZOZFRLWStQazQwQkxkNVFGTFRMbCIsIm1hYyI6IjNlZTEzNjhlOWI3NTBhZTY4NzI5NjAzOTE2MDZmNjQ3OGJhM2Q2ZjQyMDRkZGQ5NWVhNzc2NGVmMGVhMjRkNDAifQ%3D%3D; expires=Wed, 11-Aug-2021 14:22:00 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d4ebb8105fd-FRA

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 14ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:00 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 14ms
13ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:00 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK 3bceada8-531c-4993-b4b4-0c6ebd1bfce4
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/3bceada8-531c-4993-b4b4-0c6ebd1bfce4
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 26ms
25ms Image
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 128 KB
50 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6c9bea9ae6f0ce80d62bb455e4c2b0af95a19e05b705666c76add24909fcaec8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51224
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:00 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2726
date: Wed, 11 Aug 2021 11:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 11 Aug 2021 13:36:34 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 25ms
25ms Script
application/javascript 54.192.219.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.13 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ba0f7c8cd1226246385e057da152929c0c7b7868b6a4b64ff6de9537bf8aeb33

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:14 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 46
etag: W/2bfd20973994a2ba4876103e95eba243
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: MRS52-P2
x-amz-cf-id: kZfCRWQFz3mZRE73wzWEFcl8qy1JojqTKo54-ygu458HI56M8DmXvA==
via: 1.1 ee464261ee466fae8314a91098b35372.cloudfront.net (CloudFront)

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 14ms
14ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:00 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 14ms
13ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:00 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 9ms
8ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.26302744495604635&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 8ms
8ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.8651931641215564
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=585813468&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=668805998.1628684518&tid=UA-192660002-1&_gid=790350928.1628684518&gtm=2wg891MSK8GMG&z=1883067358

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Aug 2021 20:58:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 55410
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 11ms
10ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-133"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 26ms
26ms Script
application/javascript 54.192.219.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 511435
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 1cfafe71e396134dc106e8c1515876bd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: NyvN6kw7RQmvlSsH_ZzVeQ9wDr2PI5U6REqxIwjrlF5clDPa6fx8HA==

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js Show response
cdn.pushcrew.com/js/ 248 KB
70 KB 102ms
102ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a74b97179203cf3de9b255635c3927c34791cabfe69261cc8d1235c13315e78

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Wed, 11 Aug 2021 12:52:00 GMT

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 5B99 2 KB
1 KB 25ms
24ms Document
text/html 52.84.45.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.45.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-45-59.mrs52.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 03 Jun 2021 10:15:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 03 Jun 2021 10:14:54 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e5c15247ec560744bc8eee50e069c231.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-P1
x-amz-cf-id: 121z8lO_EFKKHzANhCWJyl4DL5trgQD47lDdGWHivDkEzscDs7iv1A==
age: 5969215

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 336ms
335ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6ImxJQ3k4cHZ6a3JJbFVLTmxGbDR4RkE9PSIsInZhbHVlIjoiNmtFUFwvRFBFd0QwcWhBaFNoTTFURTZobmlYSkFVZ29oaWZTRUE3XC9FRlNJTWxxQTlCRWQ0NHBQcDhwcHlhUkhrIiwibWFjIjoiYWE5ODdlMjMzY2RiZTM3NjRkNDNjZWI3YzU1NDAxNGI2Y2YzMzNiOWVmZGM3MzVlZDA0ZjUyMTgyOWNkMDkzMyJ9
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684520.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImxJQ3k4cHZ6a3JJbFVLTmxGbDR4RkE9PSIsInZhbHVlIjoiNmtFUFwvRFBFd0QwcWhBaFNoTTFURTZobmlYSkFVZ29oaWZTRUE3XC9FRlNJTWxxQTlCRWQ0NHBQcDhwcHlhUkhrIiwibWFjIjoiYWE5ODdlMjMzY2RiZTM3NjRkNDNjZWI3YzU1NDAxNGI2Y2YzMzNiOWVmZGM3MzVlZDA0ZjUyMTgyOWNkMDkzMyJ9; c=eyJpdiI6InBpRTRRZVNvU3dHVXczN0RLTHQ0SkE9PSIsInZhbHVlIjoiTTdWSEZPWVgybURicUhZKzNLOWU3WmhvY1QraFZWT04zblEwZEpaM0ltTUZOZFRLWStQazQwQkxkNVFGTFRMbCIsIm1hYyI6IjNlZTEzNjhlOWI3NTBhZTY4NzI5NjAzOTE2MDZmNjQ3OGJhM2Q2ZjQyMDRkZGQ5NWVhNzc2NGVmMGVhMjRkNDAifQ%3D%3D
content-length: 188
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6ImxJQ3k4cHZ6a3JJbFVLTmxGbDR4RkE9PSIsInZhbHVlIjoiNmtFUFwvRFBFd0QwcWhBaFNoTTFURTZobmlYSkFVZ29oaWZTRUE3XC9FRlNJTWxxQTlCRWQ0NHBQcDhwcHlhUkhrIiwibWFjIjoiYWE5ODdlMjMzY2RiZTM3NjRkNDNjZWI3YzU1NDAxNGI2Y2YzMzNiOWVmZGM3MzVlZDA0ZjUyMTgyOWNkMDkzMyJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Wed, 11 Aug 2021 12:22:01 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rkc%2Bf7pKWAwffCMTDwzhnhZWRGGqmZdc0XpNoLPJS53y6U3GjzlCMNgH4K9jjJZTFleArWPeWjYyaPk4uyK991dZUejlEpnwtCRd12puIznMykaE5xkIQD6nRdgEzwcA%2FdaaTDBam4ZW0FI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IkowNVZqcDJtTlI4NzRtUGlaOGI2WkE9PSIsInZhbHVlIjoiaWtCMnU1VEtMWnNjXC9CUlJySlVJRUVwMkxMOGNVV2g0RTlPZ1VybmlEZU9WdTBmM1MwbzlmR0RNdW1DdXYwS0kiLCJtYWMiOiJjOWYzZjkzOThhODgyNWE2MjA5YjI0MzRmNGY1YjU2ZGE0OGZjNGY0OTNhNjM3ZDIzMmZhMTU1ZWJmMDM5YjYxIn0%3D; expires=Wed, 11-Aug-2021 14:22:01 GMT; Max-Age=7200; path=/ c=eyJpdiI6ImxJT3VFbFF3U3dtOFwvZjU0azZMT3NBPT0iLCJ2YWx1ZSI6IkJua1grWHd0aFhicklucnB6RXNBRTkxRUlWcXNLcEhWRkdUWFNuSm5wcVNheVwvRGdBMFRmNzh0a0dIQU83NVZOIiwibWFjIjoiY2YwMzI5ZjI5OTdlNGYyOGJhZmI0NDViYjQ5ZjcwMDc1ZTk3YzRjYzQ2NzkzNDk3Y2IyMGU3ZTBkNzlmMTA5MyJ9; expires=Wed, 11-Aug-2021 14:22:01 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d4fbd9d05fd-FRA

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 16ms
16ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:01 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 229ms
228ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:01 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 395ms
395ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c911320359098ae883f0b80fa20ec0c5625efef1569d1af5b31f0ddfa456b82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684520.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IkowNVZqcDJtTlI4NzRtUGlaOGI2WkE9PSIsInZhbHVlIjoiaWtCMnU1VEtMWnNjXC9CUlJySlVJRUVwMkxMOGNVV2g0RTlPZ1VybmlEZU9WdTBmM1MwbzlmR0RNdW1DdXYwS0kiLCJtYWMiOiJjOWYzZjkzOThhODgyNWE2MjA5YjI0MzRmNGY1YjU2ZGE0OGZjNGY0OTNhNjM3ZDIzMmZhMTU1ZWJmMDM5YjYxIn0%3D; c=eyJpdiI6ImxJT3VFbFF3U3dtOFwvZjU0azZMT3NBPT0iLCJ2YWx1ZSI6IkJua1grWHd0aFhicklucnB6RXNBRTkxRUlWcXNLcEhWRkdUWFNuSm5wcVNheVwvRGdBMFRmNzh0a0dIQU83NVZOIiwibWFjIjoiY2YwMzI5ZjI5OTdlNGYyOGJhZmI0NDViYjQ5ZjcwMDc1ZTk3YzRjYzQ2NzkzNDk3Y2IyMGU3ZTBkNzlmMTA5MyJ9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Wed, 11 Aug 2021 12:22:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Ik05cTRCMklcLzNCTjVsZk0rWlNGU29BPT0iLCJ2YWx1ZSI6IituUGU1eWxjNGlNMTRNN09tNXpyR3NacU00ZDFyY0l6d2NEK3FrNVZMRTlBcURDUjhjYXlybVc1VWJtRE1hVGIiLCJtYWMiOiJkNDRlZGJmMDBiNzM2ZTFhMDIyNWJmNTE1MjU1NTlkNjU0Yjc0NzU0ZDcwYWE0YWJlZTM1YzEwOGVkZjEzNTJiIn0%3D; expires=Wed, 11-Aug-2021 14:22:01 GMT; Max-Age=7200; path=/ c=eyJpdiI6Imc2bzNhekdoZ0w4Sk05STBWbHJERmc9PSIsInZhbHVlIjoiOWlGNTJIbVA4SGtaYXg4cmc2elQrdG9zU24yTVJnbExpazluK0VnajNtczRkc3IzVk1BM01hTU00RTRkTDY1SSIsIm1hYyI6ImI2ZmY3OTQ1ZjAzOWQ2Njc2ZmZkM2QzNWJkNzU3Y2ExZWUxNDFiYjZiNWI1ZjNkODEyYjM2NmE0Zjc5OTRmOTMifQ%3D%3D; expires=Wed, 11-Aug-2021 14:22:01 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 2
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FS9qaETQJkhsbiMURQQhEb%2BxMM7f59FIOb7oHcVsOlf%2FyA5s33LJu1FXKJAA%2F2%2FR7BGKJlKLUmZ8i3iZ1mqRtmdf2PRA%2FN7BsujURZcW%2Bk8oyGQODHG3mhSVLb1HTXhSYEXJHAmzyaJJB%2Bo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67d16d534e6205fd-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 15ms
15ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 11 Aug 2021 12:22:01 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 36ms
35ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6Ik05cTRCMklcLzNCTjVsZk0rWlNGU29BPT0iLCJ2YWx1ZSI6IituUGU1eWxjNGlNMTRNN09tNXpyR3NacU00ZDFyY0l6d2NEK3FrNVZMRTlBcURDUjhjYXlybVc1VWJtRE1hVGIiLCJtYWMiOiJkNDRlZGJmMDBiNzM2ZTFhMDIyNWJmNTE1MjU1NTlkNjU0Yjc0NzU0ZDcwYWE0YWJlZTM1YzEwOGVkZjEzNTJiIn0%3D; c=eyJpdiI6Imc2bzNhekdoZ0w4Sk05STBWbHJERmc9PSIsInZhbHVlIjoiOWlGNTJIbVA4SGtaYXg4cmc2elQrdG9zU24yTVJnbExpazluK0VnajNtczRkc3IzVk1BM01hTU00RTRkTDY1SSIsIm1hYyI6ImI2ZmY3OTQ1ZjAzOWQ2Njc2ZmZkM2QzNWJkNzU3Y2ExZWUxNDFiYjZiNWI1ZjNkODEyYjM2NmE0Zjc5OTRmOTMifQ%3D%3D; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684521.0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:01 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 644
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I%2FgthD4KaMTUgKdfCOeLVtzmY1SrxMbRFdxA52%2Bs2G1EZRTDUsMaJP0w4tYdKT1ReepsahPknxQjEHIGhGkqLYrSXucHDDpCccz2YTePRgb7%2Bnh0gkdLUic2a%2FaBKhIt0CwPQIqDidT9NMk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d55dcd305fd-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
764 B 27ms
26ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6Ik05cTRCMklcLzNCTjVsZk0rWlNGU29BPT0iLCJ2YWx1ZSI6IituUGU1eWxjNGlNMTRNN09tNXpyR3NacU00ZDFyY0l6d2NEK3FrNVZMRTlBcURDUjhjYXlybVc1VWJtRE1hVGIiLCJtYWMiOiJkNDRlZGJmMDBiNzM2ZTFhMDIyNWJmNTE1MjU1NTlkNjU0Yjc0NzU0ZDcwYWE0YWJlZTM1YzEwOGVkZjEzNTJiIn0%3D; c=eyJpdiI6Imc2bzNhekdoZ0w4Sk05STBWbHJERmc9PSIsInZhbHVlIjoiOWlGNTJIbVA4SGtaYXg4cmc2elQrdG9zU24yTVJnbExpazluK0VnajNtczRkc3IzVk1BM01hTU00RTRkTDY1SSIsIm1hYyI6ImI2ZmY3OTQ1ZjAzOWQ2Njc2ZmZkM2QzNWJkNzU3Y2ExZWUxNDFiYjZiNWI1ZjNkODEyYjM2NmE0Zjc5OTRmOTMifQ%3D%3D; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684521.0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:01 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 644
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2QUVM5KB6XlEounEWoNJWL2%2BcFyppMfERvf9643ZzJfWSylcu5ZWGiSrOh3%2FT%2BJ2JIyzTrtZJD4YaUiSv6R0Jn6k%2FUepC%2FZ9TJyrrxU%2FbZ1GF3naa6yi1udMIlC5keEmtFwUWml8ljpro6o%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d55dcd705fd-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 10ms
8ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:01 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf7b-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:11:01 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 16ms
14ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 29ms
24ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:01 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7f-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:01 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 30ms
25ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd188-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 38ms
33ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6Ik05cTRCMklcLzNCTjVsZk0rWlNGU29BPT0iLCJ2YWx1ZSI6IituUGU1eWxjNGlNMTRNN09tNXpyR3NacU00ZDFyY0l6d2NEK3FrNVZMRTlBcURDUjhjYXlybVc1VWJtRE1hVGIiLCJtYWMiOiJkNDRlZGJmMDBiNzM2ZTFhMDIyNWJmNTE1MjU1NTlkNjU0Yjc0NzU0ZDcwYWE0YWJlZTM1YzEwOGVkZjEzNTJiIn0%3D; c=eyJpdiI6Imc2bzNhekdoZ0w4Sk05STBWbHJERmc9PSIsInZhbHVlIjoiOWlGNTJIbVA4SGtaYXg4cmc2elQrdG9zU24yTVJnbExpazluK0VnajNtczRkc3IzVk1BM01hTU00RTRkTDY1SSIsIm1hYyI6ImI2ZmY3OTQ1ZjAzOWQ2Njc2ZmZkM2QzNWJkNzU3Y2ExZWUxNDFiYjZiNWI1ZjNkODEyYjM2NmE0Zjc5OTRmOTMifQ%3D%3D; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684521.0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5018
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:27:10 GMT
server: cloudflare
etag: "61113b3e-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H6B%2BKcvEif9VzQnV02mxgELt7xr9mc4d71EPcTEKM3Bhb49APJtAd1r9oLfSHPoD8KMS80Ne12akHQzWfz%2F3t7qMWKXwd3pZ1HPIZESdd8UMKwjAJ3jbEIChBDlYChxO49pYb2eWAz80Uig%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d565e3605fd-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 30ms
23ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7e-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 31ms
23ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7d-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 31ms
24ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd193-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 32ms
25ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf82-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 32ms
25ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18f-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 34ms
27ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf87-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 34ms
28ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd187-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 34ms
28ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7c-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 39ms
32ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf79-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 43ms
37ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18e-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 43ms
37ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd189-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 44ms
38ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18b-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 44ms
38ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd185-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 45ms
39ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18a-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 46ms
40ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf81-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 46ms
41ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18d-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 34ms
31ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6Ik05cTRCMklcLzNCTjVsZk0rWlNGU29BPT0iLCJ2YWx1ZSI6IituUGU1eWxjNGlNMTRNN09tNXpyR3NacU00ZDFyY0l6d2NEK3FrNVZMRTlBcURDUjhjYXlybVc1VWJtRE1hVGIiLCJtYWMiOiJkNDRlZGJmMDBiNzM2ZTFhMDIyNWJmNTE1MjU1NTlkNjU0Yjc0NzU0ZDcwYWE0YWJlZTM1YzEwOGVkZjEzNTJiIn0%3D; c=eyJpdiI6Imc2bzNhekdoZ0w4Sk05STBWbHJERmc9PSIsInZhbHVlIjoiOWlGNTJIbVA4SGtaYXg4cmc2elQrdG9zU24yTVJnbExpazluK0VnajNtczRkc3IzVk1BM01hTU00RTRkTDY1SSIsIm1hYyI6ImI2ZmY3OTQ1ZjAzOWQ2Njc2ZmZkM2QzNWJkNzU3Y2ExZWUxNDFiYjZiNWI1ZjNkODEyYjM2NmE0Zjc5OTRmOTMifQ%3D%3D; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684521.0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:01 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 644
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lYuX35LI46zCdtgJBxm5ga%2Bl0M6l7ya9r6xC9Enc7%2BxyTqtEZh9AYDEC36Qwlr9klLxPOkMZBb4Uyvol43HDubKhNMQekodnrHXR1t3KXBpfU%2BQhIGtJFoxWTr%2FIgS8OM8T28%2F1Rtb%2BVaa8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67d16d566e4105fd-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 9ms
9ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6Ik05cTRCMklcLzNCTjVsZk0rWlNGU29BPT0iLCJ2YWx1ZSI6IituUGU1eWxjNGlNMTRNN09tNXpyR3NacU00ZDFyY0l6d2NEK3FrNVZMRTlBcURDUjhjYXlybVc1VWJtRE1hVGIiLCJtYWMiOiJkNDRlZGJmMDBiNzM2ZTFhMDIyNWJmNTE1MjU1NTlkNjU0Yjc0NzU0ZDcwYWE0YWJlZTM1YzEwOGVkZjEzNTJiIn0%3D; c=eyJpdiI6Imc2bzNhekdoZ0w4Sk05STBWbHJERmc9PSIsInZhbHVlIjoiOWlGNTJIbVA4SGtaYXg4cmc2elQrdG9zU24yTVJnbExpazluK0VnajNtczRkc3IzVk1BM01hTU00RTRkTDY1SSIsIm1hYyI6ImI2ZmY3OTQ1ZjAzOWQ2Njc2ZmZkM2QzNWJkNzU3Y2ExZWUxNDFiYjZiNWI1ZjNkODEyYjM2NmE0Zjc5OTRmOTMifQ%3D%3D; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684521.0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Aug 2021 12:35:03 GMT
server: cloudflare
etag: W/"610bdaf7-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=om5Xzw%2FOO1%2BLjnFqKgnXZY4JSM49h1ueYsFPn3Ivpo6S3tvAxpC61Q%2B7QHI506m0mFZzFHhHRPDxuDrrLPem26iDokJPfVTmIrEqZnNaxhKhKh%2FGmWC8V6UpAUSYDpxi%2FqadKLkhvnc6Ho0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d55fd3205fd-FRA
vary: Accept-Encoding
expires: Fri, 13 Aug 2021 12:22:01 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 17ms
16ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6Ik05cTRCMklcLzNCTjVsZk0rWlNGU29BPT0iLCJ2YWx1ZSI6IituUGU1eWxjNGlNMTRNN09tNXpyR3NacU00ZDFyY0l6d2NEK3FrNVZMRTlBcURDUjhjYXlybVc1VWJtRE1hVGIiLCJtYWMiOiJkNDRlZGJmMDBiNzM2ZTFhMDIyNWJmNTE1MjU1NTlkNjU0Yjc0NzU0ZDcwYWE0YWJlZTM1YzEwOGVkZjEzNTJiIn0%3D; c=eyJpdiI6Imc2bzNhekdoZ0w4Sk05STBWbHJERmc9PSIsInZhbHVlIjoiOWlGNTJIbVA4SGtaYXg4cmc2elQrdG9zU24yTVJnbExpazluK0VnajNtczRkc3IzVk1BM01hTU00RTRkTDY1SSIsIm1hYyI6ImI2ZmY3OTQ1ZjAzOWQ2Njc2ZmZkM2QzNWJkNzU3Y2ExZWUxNDFiYjZiNWI1ZjNkODEyYjM2NmE0Zjc5OTRmOTMifQ%3D%3D; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684521.0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:01 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 644
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: W/"61113bce-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tCKnKpPzlPXW6LXaUKAucfpzG3p47mIpO7aRsbex6OlqmX6pNNAf4MxdKsvdtkDn8pUu5PZch%2B2TziLf2rVUvFjiHObE4MKnR1ahnLOu10SaeQ2bgejES8tTBV8ww8rjj79Ah4mcp0Z34kA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d560d6305fd-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 34ms
34ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6Ik05cTRCMklcLzNCTjVsZk0rWlNGU29BPT0iLCJ2YWx1ZSI6IituUGU1eWxjNGlNMTRNN09tNXpyR3NacU00ZDFyY0l6d2NEK3FrNVZMRTlBcURDUjhjYXlybVc1VWJtRE1hVGIiLCJtYWMiOiJkNDRlZGJmMDBiNzM2ZTFhMDIyNWJmNTE1MjU1NTlkNjU0Yjc0NzU0ZDcwYWE0YWJlZTM1YzEwOGVkZjEzNTJiIn0%3D; c=eyJpdiI6Imc2bzNhekdoZ0w4Sk05STBWbHJERmc9PSIsInZhbHVlIjoiOWlGNTJIbVA4SGtaYXg4cmc2elQrdG9zU24yTVJnbExpazluK0VnajNtczRkc3IzVk1BM01hTU00RTRkTDY1SSIsIm1hYyI6ImI2ZmY3OTQ1ZjAzOWQ2Njc2ZmZkM2QzNWJkNzU3Y2ExZWUxNDFiYjZiNWI1ZjNkODEyYjM2NmE0Zjc5OTRmOTMifQ%3D%3D; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684521.0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:01 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3894
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d61UMDegvxGTq6vMXpog6AvLMhER4E4k1o6ozJ1sFhiSflzgT8nE3k8jroBusJqVPHDgJetRIOD3gSwha1WAbeNsCIeqZqW%2FtyopIg2mRR5gyXjVUQO7UnaozzAWadZRpiA9Prqu5Ua6F%2Fs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d562da405fd-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 13ms
13ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:01 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf86-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:11:01 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 20ms
17ms Script
text/plain 18.193.146.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.146.82 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-146-82.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:22:01 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 59ms
18ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:22:02 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 18ms
15ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 789421e97c465f7367c2c16bad228afc0d9211d9ff3c949b7ef88b72e9fc30db

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:01 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 06 Aug 2021 11:17:33 GMT
server: cloudflare
age: 6662
etag: W/"610d1a4d-97e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B6uoPW7tS8qVvHKB2p7lHVit6cljDevptnOgYCmwsaJK962aWMgOM4%2F5OdDp7tULsWpEpzr%2FtHV9pC2oKGt1YDy1kOsssfOHiwhEJ2n25mM1sQinfijjw%2FfPOfX%2BHr4%2F%2FIeYe4RVVwtd4i%2BZ8w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d565b252c22-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 111 KB
41 KB 20ms
17ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a162969e2b65a15d2ad5f2f7ae26f9c048df44bc88b9438d33c203ba783b9c01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:01 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42027
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 11 Aug 2021 12:22:01 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 42ms
15ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 14ms
10ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.5295500658808641
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 056c80904167b7e7e104603a282f0eca4b32c9eb4f5234708f50c98a816e1d49

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 12:22:01 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 42ms
39ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx00000000000000491e693-0060df2731-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 41ms
40ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd245-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 44ms
44ms Media
video/mp4 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a44bcc-0060f54e68-141c7b61-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H3-29 200 tag-a511eb58bc7ee0b0cbc6906497418127.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/ 214 KB
61 KB 17ms
15ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.5295500658808641
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: ffef253989420f0b71eec148da3bbe555e1117a9860323b7a39b267bbb62ebe6

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:01 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-f354"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62292
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 96ms
95ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D1DFE650AA949B2C07F0C98022E4F4C18&h=03024847324f052f382a923df65b0f51&t=false&r=0.37767844648787086

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:22:02 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 23ms
20ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6Ik05cTRCMklcLzNCTjVsZk0rWlNGU29BPT0iLCJ2YWx1ZSI6IituUGU1eWxjNGlNMTRNN09tNXpyR3NacU00ZDFyY0l6d2NEK3FrNVZMRTlBcURDUjhjYXlybVc1VWJtRE1hVGIiLCJtYWMiOiJkNDRlZGJmMDBiNzM2ZTFhMDIyNWJmNTE1MjU1NTlkNjU0Yjc0NzU0ZDcwYWE0YWJlZTM1YzEwOGVkZjEzNTJiIn0%3D; c=eyJpdiI6Imc2bzNhekdoZ0w4Sk05STBWbHJERmc9PSIsInZhbHVlIjoiOWlGNTJIbVA4SGtaYXg4cmc2elQrdG9zU24yTVJnbExpazluK0VnajNtczRkc3IzVk1BM01hTU00RTRkTDY1SSIsIm1hYyI6ImI2ZmY3OTQ1ZjAzOWQ2Njc2ZmZkM2QzNWJkNzU3Y2ExZWUxNDFiYjZiNWI1ZjNkODEyYjM2NmE0Zjc5OTRmOTMifQ%3D%3D; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684521.0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5479
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: "61113bce-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fxT3yFzezzTzn7RTb9aGZ%2BGmpJlFmoVrjcaZNQ%2FhF5kxborVaO16clo1vLPNyHgGDUAEr5iD%2F%2FRn%2B7qNSr622JCr8rp1dNzIVSFlg%2FGwUroxry4XrcPUj7HmRtb%2BIOPI1031sAG447%2Fa3D4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d56bf4a05fd-FRA

GET
H3-29 200 locate Show response
tgfunnls.org/ 150 B
1 KB 225ms
224ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

126f29647a5fd666abd70f0bfe4f9a9b972c2e385e09554cf2fea5ffe35f62fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6Ik05cTRCMklcLzNCTjVsZk0rWlNGU29BPT0iLCJ2YWx1ZSI6IituUGU1eWxjNGlNMTRNN09tNXpyR3NacU00ZDFyY0l6d2NEK3FrNVZMRTlBcURDUjhjYXlybVc1VWJtRE1hVGIiLCJtYWMiOiJkNDRlZGJmMDBiNzM2ZTFhMDIyNWJmNTE1MjU1NTlkNjU0Yjc0NzU0ZDcwYWE0YWJlZTM1YzEwOGVkZjEzNTJiIn0=
accept-language: en-US
sec-fetch-dest: empty
cookie: _vwo_uuid_v2=D1DFE650AA949B2C07F0C98022E4F4C18|03024847324f052f382a923df65b0f51; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.790350928.1628684518; _gat_UA-192660002-1=1; _hjid=e4ac4e74-4075-47b1-8838-21f1fb21d7e3; _hjFirstSeen=1; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6Ik05cTRCMklcLzNCTjVsZk0rWlNGU29BPT0iLCJ2YWx1ZSI6IituUGU1eWxjNGlNMTRNN09tNXpyR3NacU00ZDFyY0l6d2NEK3FrNVZMRTlBcURDUjhjYXlybVc1VWJtRE1hVGIiLCJtYWMiOiJkNDRlZGJmMDBiNzM2ZTFhMDIyNWJmNTE1MjU1NTlkNjU0Yjc0NzU0ZDcwYWE0YWJlZTM1YzEwOGVkZjEzNTJiIn0%3D; c=eyJpdiI6Imc2bzNhekdoZ0w4Sk05STBWbHJERmc9PSIsInZhbHVlIjoiOWlGNTJIbVA4SGtaYXg4cmc2elQrdG9zU24yTVJnbExpazluK0VnajNtczRkc3IzVk1BM01hTU00RTRkTDY1SSIsIm1hYyI6ImI2ZmY3OTQ1ZjAzOWQ2Njc2ZmZkM2QzNWJkNzU3Y2ExZWUxNDFiYjZiNWI1ZjNkODEyYjM2NmE0Zjc5OTRmOTMifQ%3D%3D; _ga_Y6C8Y8V9BH=GS1.1.1628684517.1.1.1628684521.0
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6Ik05cTRCMklcLzNCTjVsZk0rWlNGU29BPT0iLCJ2YWx1ZSI6IituUGU1eWxjNGlNMTRNN09tNXpyR3NacU00ZDFyY0l6d2NEK3FrNVZMRTlBcURDUjhjYXlybVc1VWJtRE1hVGIiLCJtYWMiOiJkNDRlZGJmMDBiNzM2ZTFhMDIyNWJmNTE1MjU1NTlkNjU0Yjc0NzU0ZDcwYWE0YWJlZTM1YzEwOGVkZjEzNTJiIn0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BoUz9rOyhYBK9oZkLgb4rldCvqfk5T9nw8u4mbZqMwo%2FAJmUBLriZRvKji97ikIUTs8fnwIAM%2B5%2BpT2jXY6IEXseT5nnMI8gip%2BbF1XXV%2FE8CanWeAH80kRLHlSpmdATyzp8uJl7BY3K6RU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Im1Vd0xJeFc0QXpQV2NGV0RneUdzWkE9PSIsInZhbHVlIjoic0g0TDRMMXBnZktTS1E1alNrVGVib3BYWE1RZ3lGOER0R3FzUTN0WFdoXC9naGpcL1dUanpVVDgzTzloQnpqSERaIiwibWFjIjoiMmVjMmQwYzIyMDI0YTlkOTJhY2M2ZGE4YzJmYjA4MzI0YmYxY2UxNDBhODkyYTZlNWNlY2M3Y2FmYjAwZDI2OSJ9; expires=Wed, 11-Aug-2021 14:22:02 GMT; Max-Age=7200; path=/ c=eyJpdiI6IkRtOEpMY2JFcnloUUFpNnU4aFFEY1E9PSIsInZhbHVlIjoibEN2ZE51dVV0d044YVVITGtCVTliVXFjcFhiUmRqWUJDN1M1anh2QzZ1R2F3dm9EN3l2YnVRanRcL2RFdE81bmciLCJtYWMiOiI3NmUzMmRkYmU3ZjkyN2RiNmNmYzAzMTViOWRlZjJiODZjYjQ5OTBhMDhiNDBhODllYTgyZDQ0MTU1Y2QyYzcwIn0%3D; expires=Wed, 11-Aug-2021 14:22:02 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d56efd305fd-FRA

GET
BLOB 200
OK 1aea1785-7913-4464-8dda-b2638fd4defd
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/1aea1785-7913-4464-8dda-b2638fd4defd
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 23ms
23ms Image
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 36ms
36ms Fetch
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 4898024456010196187
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 11 Aug 2021 12:22:02 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 15ms
14ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: ac7f0410b2dc39e68bb895bbd74390e736b57189983e5270c0895a398e025ffe

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:22:02 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
540 B 14ms
13ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

b828203c46b8df11069aec3609209ec025e62db2bb9b2ff455343dcbe40bb3c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:57 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 15ms
14ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:22:02 GMT
Server: nginx/1.19.10
Etag: ecb84e52-bdd5-4b31-9e5b-0df728155921
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 17ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:02 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 17ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:02 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 679ms
678ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:02 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 15ms
14ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:02 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 16ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:02 GMT

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 14ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:02 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 234ms
233ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:02 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 128 KB
50 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c6d9537247b2c33b014a1f9f866faf62de1ebdbef63a8d63f3f4a686d2d88c8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51223
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:02 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2728
date: Wed, 11 Aug 2021 11:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 11 Aug 2021 13:36:34 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 246ms
244ms Script
application/javascript 54.192.219.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.13 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ba0f7c8cd1226246385e057da152929c0c7b7868b6a4b64ff6de9537bf8aeb33

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:14 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 48
etag: W/2bfd20973994a2ba4876103e95eba243
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: MRS52-P2
x-amz-cf-id: 8McPvmoS4KFEqKqNGG9vlgNU5QwgGeEptwUXn3smsQVP0oT_MUZQpQ==
via: 1.1 ee464261ee466fae8314a91098b35372.cloudfront.net (CloudFront)

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 23ms
20ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.579947753207986&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:01 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 19ms
18ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.4177614631567048
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:01 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 14ms
13ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:02 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 13ms
13ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:02 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=180620523&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=668805998.1628684518&tid=UA-192660002-1&_gid=790350928.1628684518&gtm=2wg891MSK8GMG&z=1033947254

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Aug 2021 20:58:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 55412
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 collect
www.google-analytics.com/g/ 0
17 B 53ms
53ms Ping
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-Y6C8Y8V9BH&gtm=2oe891&_p=180620523&sr=1600x1200&ul=en-us&cid=668805998.1628684518&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&dr=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&dt=Daily%20Profit&sid=1628684522&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:22:02 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
649 B 62ms
9ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:01 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-133"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js Show response
cdn.pushcrew.com/js/ 248 KB
70 KB 101ms
101ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a74b97179203cf3de9b255635c3927c34791cabfe69261cc8d1235c13315e78

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Wed, 11 Aug 2021 12:52:02 GMT

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 309ms
309ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6Im1Vd0xJeFc0QXpQV2NGV0RneUdzWkE9PSIsInZhbHVlIjoic0g0TDRMMXBnZktTS1E1alNrVGVib3BYWE1RZ3lGOER0R3FzUTN0WFdoXC9naGpcL1dUanpVVDgzTzloQnpqSERaIiwibWFjIjoiMmVjMmQwYzIyMDI0YTlkOTJhY2M2ZGE4YzJmYjA4MzI0YmYxY2UxNDBhODkyYTZlNWNlY2M3Y2FmYjAwZDI2OSJ9
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.0.1628684522.0; _ga=GA1.1.668805998.1628684518; _vis_opt_test_cookie=1; XSRF-TOKEN=eyJpdiI6Im1Vd0xJeFc0QXpQV2NGV0RneUdzWkE9PSIsInZhbHVlIjoic0g0TDRMMXBnZktTS1E1alNrVGVib3BYWE1RZ3lGOER0R3FzUTN0WFdoXC9naGpcL1dUanpVVDgzTzloQnpqSERaIiwibWFjIjoiMmVjMmQwYzIyMDI0YTlkOTJhY2M2ZGE4YzJmYjA4MzI0YmYxY2UxNDBhODkyYTZlNWNlY2M3Y2FmYjAwZDI2OSJ9; c=eyJpdiI6IkRtOEpMY2JFcnloUUFpNnU4aFFEY1E9PSIsInZhbHVlIjoibEN2ZE51dVV0d044YVVITGtCVTliVXFjcFhiUmRqWUJDN1M1anh2QzZ1R2F3dm9EN3l2YnVRanRcL2RFdE81bmciLCJtYWMiOiI3NmUzMmRkYmU3ZjkyN2RiNmNmYzAzMTViOWRlZjJiODZjYjQ5OTBhMDhiNDBhODllYTgyZDQ0MTU1Y2QyYzcwIn0%3D
content-length: 188
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6Im1Vd0xJeFc0QXpQV2NGV0RneUdzWkE9PSIsInZhbHVlIjoic0g0TDRMMXBnZktTS1E1alNrVGVib3BYWE1RZ3lGOER0R3FzUTN0WFdoXC9naGpcL1dUanpVVDgzTzloQnpqSERaIiwibWFjIjoiMmVjMmQwYzIyMDI0YTlkOTJhY2M2ZGE4YzJmYjA4MzI0YmYxY2UxNDBhODkyYTZlNWNlY2M3Y2FmYjAwZDI2OSJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ON0BRTXSQSjcdQ6rptS9RZZTWX6IIwI8HX3J9VdFPazeaK30hFXcFARHIAu0pRrwuQFKrW%2FhkAYTBCCfh4K66Y%2FdIdwCxXzBlsEvMgKBxeKdG9fWqQ%2Fh6JRiFVWGOFn54PFXnU4lwS4qm1U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImhjUXg1XC82QzRNXC9CNnpLK3hxRURCQT09IiwidmFsdWUiOiJoek92SHY0MHhhTTkwOWNIeXJlbDRHTDlpOXZrTlVvb3UyOUZ3RnRjMTRxTU5XOTBVTVpVeDRCYW96RTNRcnhBIiwibWFjIjoiODVkMmNjNjQwOGI2ODExNzQxOGI4OTQyYzFmMDU4NmVhOGUzNzYwMWUxZGE1MzcyM2I1MWVmZmRkMmYzMWM1NCJ9; expires=Wed, 11-Aug-2021 14:22:02 GMT; Max-Age=7200; path=/ c=eyJpdiI6IjRkTEs2UEJiTzZrT3lSblhqQjFIcFE9PSIsInZhbHVlIjoiZjNONnNlXC9DekQ0NEs1WVMwTFNxU0pcL0JmdzBCTWNkRWxYRkRIXC8zWUNyRkhKWGJlOHBKTGNybG1sOXVHa1J2diIsIm1hYyI6IjA1NTg3YzI3Yzk1NmExNWJiYzFhYjA5OTQwMmIxMWU1MjI4ZjNkMWVkMzk5Y2YyZDVhMDgyMmFjZDM5NWFkOTEifQ%3D%3D; expires=Wed, 11-Aug-2021 14:22:02 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d584ba905fd-FRA

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 25ms
25ms Script
application/javascript 54.192.219.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 511437
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 1cfafe71e396134dc106e8c1515876bd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: WECIDpSVP5_kO2rv-9gPirTwYhBdzm6a_wTf6MFVFZEYv0Ncg0iZbQ==

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame FD0D 2 KB
1 KB 25ms
25ms Document
text/html 52.84.45.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.45.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-45-59.mrs52.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 03 Jun 2021 10:15:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 03 Jun 2021 10:14:54 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e5c15247ec560744bc8eee50e069c231.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-P1
x-amz-cf-id: Dj_of2dNnSaqYekQQPJcO2YrXlAvALz-TWH3oxpKBlqdpTyD99lEJQ==
age: 5969217

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 14ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:02 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 18ms
17ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:02 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 292ms
292ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb5367a666e5b35e554cbb785da4aec0c35276fb399218902c0f3a714aa3c9a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.0.1628684522.0; _ga=GA1.1.668805998.1628684518; _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6ImhjUXg1XC82QzRNXC9CNnpLK3hxRURCQT09IiwidmFsdWUiOiJoek92SHY0MHhhTTkwOWNIeXJlbDRHTDlpOXZrTlVvb3UyOUZ3RnRjMTRxTU5XOTBVTVpVeDRCYW96RTNRcnhBIiwibWFjIjoiODVkMmNjNjQwOGI2ODExNzQxOGI4OTQyYzFmMDU4NmVhOGUzNzYwMWUxZGE1MzcyM2I1MWVmZmRkMmYzMWM1NCJ9; c=eyJpdiI6IjRkTEs2UEJiTzZrT3lSblhqQjFIcFE9PSIsInZhbHVlIjoiZjNONnNlXC9DekQ0NEs1WVMwTFNxU0pcL0JmdzBCTWNkRWxYRkRIXC8zWUNyRkhKWGJlOHBKTGNybG1sOXVHa1J2diIsIm1hYyI6IjA1NTg3YzI3Yzk1NmExNWJiYzFhYjA5OTQwMmIxMWU1MjI4ZjNkMWVkMzk5Y2YyZDVhMDgyMmFjZDM5NWFkOTEifQ%3D%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjlVOTNVXC9BdWxya1wvKzhLcnVpVm1PZz09IiwidmFsdWUiOiJaZGNTV29JSmdtdnhxckpKNjBFRmtRRFlsOHdncU5ibWhDU1pDVmZORUpyWHVKaHBCS09CaHdiT0Y4QnJoazRSIiwibWFjIjoiZTIwMTgwYjAxZmU3NGJkMWYyYTI3OTA5ODQ3YjFkMjIzMGExOTIzZmQyNGViYTI4NzE0Y2E2N2FhMjYxNjc2YiJ9; expires=Wed, 11-Aug-2021 14:22:02 GMT; Max-Age=7200; path=/ c=eyJpdiI6ImFWZ3I0WU44S2FEMDQ1aEZrVnF5NFE9PSIsInZhbHVlIjoiZk5zSlpQS25iZkRPT3FUWXBDYVwvb1J1SVlHNEZqcm9ObGhiYkRrQmNNU2VsZldJakJnckw5aWRCT25neEwxMloiLCJtYWMiOiIyMTExMjUyNmM1YmM1NzZiMWY2YzFhZGMzMTdiY2RmNDEwZjg4OGYwZTgxMDBiYzI4OWRmMTkwMjI3YmUxYzk2In0%3D; expires=Wed, 11-Aug-2021 14:22:02 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 2
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ww9zfmre6r8SFLbGG8VzbLKvfkHtEp6e40qzdrWocCJYtnPqBbbfdXhqou8lye%2B9NOq%2BWSQ3%2BV9WBCTgUA5Zense8305DfAGW8rI5yLBTpfbuEInBoN7D4%2Bv3%2FBkt29wpvXxK77AylL%2BoCg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67d16d5aa8ed05fd-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
537 B 23ms
23ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 11 Aug 2021 12:22:02 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 23ms
22ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.0.1628684522.0; _ga=GA1.1.668805998.1628684518; _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjlVOTNVXC9BdWxya1wvKzhLcnVpVm1PZz09IiwidmFsdWUiOiJaZGNTV29JSmdtdnhxckpKNjBFRmtRRFlsOHdncU5ibWhDU1pDVmZORUpyWHVKaHBCS09CaHdiT0Y4QnJoazRSIiwibWFjIjoiZTIwMTgwYjAxZmU3NGJkMWYyYTI3OTA5ODQ3YjFkMjIzMGExOTIzZmQyNGViYTI4NzE0Y2E2N2FhMjYxNjc2YiJ9; c=eyJpdiI6ImFWZ3I0WU44S2FEMDQ1aEZrVnF5NFE9PSIsInZhbHVlIjoiZk5zSlpQS25iZkRPT3FUWXBDYVwvb1J1SVlHNEZqcm9ObGhiYkRrQmNNU2VsZldJakJnckw5aWRCT25neEwxMloiLCJtYWMiOiIyMTExMjUyNmM1YmM1NzZiMWY2YzFhZGMzMTdiY2RmNDEwZjg4OGYwZTgxMDBiYzI4OWRmMTkwMjI3YmUxYzk2In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 645
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gz9A%2FuH%2FUzskdgHFvQoHGSFUl%2F90GaLh%2B3DqSbLiZ4VVuuosC51kNBVyLXXKYqVrwMKANNSQopxxrejjFURxb%2FoeZTs%2FuWGb0VoG7%2B8ROmdaWBDoXuoOK7LXN%2BI0fcMAtU6FIdOp%2FHwoFKg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d5c7dc605fd-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
764 B 15ms
14ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.0.1628684522.0; _ga=GA1.1.668805998.1628684518; _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjlVOTNVXC9BdWxya1wvKzhLcnVpVm1PZz09IiwidmFsdWUiOiJaZGNTV29JSmdtdnhxckpKNjBFRmtRRFlsOHdncU5ibWhDU1pDVmZORUpyWHVKaHBCS09CaHdiT0Y4QnJoazRSIiwibWFjIjoiZTIwMTgwYjAxZmU3NGJkMWYyYTI3OTA5ODQ3YjFkMjIzMGExOTIzZmQyNGViYTI4NzE0Y2E2N2FhMjYxNjc2YiJ9; c=eyJpdiI6ImFWZ3I0WU44S2FEMDQ1aEZrVnF5NFE9PSIsInZhbHVlIjoiZk5zSlpQS25iZkRPT3FUWXBDYVwvb1J1SVlHNEZqcm9ObGhiYkRrQmNNU2VsZldJakJnckw5aWRCT25neEwxMloiLCJtYWMiOiIyMTExMjUyNmM1YmM1NzZiMWY2YzFhZGMzMTdiY2RmNDEwZjg4OGYwZTgxMDBiYzI4OWRmMTkwMjI3YmUxYzk2In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 645
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=99EZQTOJYI7y0c7qhIoskAY%2FtaLnEMyF2z5YlQovYPixOIIhIsUN0NDR3Anjs7%2FWF7dEH%2BYSBsB7AVh9EAETwUid69lICIq4qOr4kSotcoYVL%2BW%2F5dJ94SZga4LrHm0eCHf%2FRaacPTXooCk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d5c7dcb05fd-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 8ms
7ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf7b-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:11:02 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 16ms
15ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 78ms
73ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7f-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 78ms
73ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd188-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 20ms
16ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.0.1628684522.0; _ga=GA1.1.668805998.1628684518; _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjlVOTNVXC9BdWxya1wvKzhLcnVpVm1PZz09IiwidmFsdWUiOiJaZGNTV29JSmdtdnhxckpKNjBFRmtRRFlsOHdncU5ibWhDU1pDVmZORUpyWHVKaHBCS09CaHdiT0Y4QnJoazRSIiwibWFjIjoiZTIwMTgwYjAxZmU3NGJkMWYyYTI3OTA5ODQ3YjFkMjIzMGExOTIzZmQyNGViYTI4NzE0Y2E2N2FhMjYxNjc2YiJ9; c=eyJpdiI6ImFWZ3I0WU44S2FEMDQ1aEZrVnF5NFE9PSIsInZhbHVlIjoiZk5zSlpQS25iZkRPT3FUWXBDYVwvb1J1SVlHNEZqcm9ObGhiYkRrQmNNU2VsZldJakJnckw5aWRCT25neEwxMloiLCJtYWMiOiIyMTExMjUyNmM1YmM1NzZiMWY2YzFhZGMzMTdiY2RmNDEwZjg4OGYwZTgxMDBiYzI4OWRmMTkwMjI3YmUxYzk2In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5020
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:27:10 GMT
server: cloudflare
etag: "61113b3e-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2domJCvU%2Bas4Urly9Nzth4biFmBVWn3BJ0IvItnrKo9qRpWqrIRQo0cTnmTyi3ZLvGmlf5cfl0LkC%2Fb0opQImpvMr7Q4ZLgANTtAR4BcVCQ6EE1WSIvBZ1QbtdTT3YsmMTv33v7dvWr%2BJgA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d5cfef205fd-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 79ms
71ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7e-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 79ms
72ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7d-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 79ms
72ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd193-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 69ms
69ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf82-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 69ms
69ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18f-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 14ms
12ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf87-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 15ms
13ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd187-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 15ms
13ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7c-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 17ms
15ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf79-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 16ms
15ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18e-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 16ms
16ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd189-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
5ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18b-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 11ms
5ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd185-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18a-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 22ms
19ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf81-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 22ms
19ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18d-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 19ms
13ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.0.1628684522.0; _ga=GA1.1.668805998.1628684518; _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjlVOTNVXC9BdWxya1wvKzhLcnVpVm1PZz09IiwidmFsdWUiOiJaZGNTV29JSmdtdnhxckpKNjBFRmtRRFlsOHdncU5ibWhDU1pDVmZORUpyWHVKaHBCS09CaHdiT0Y4QnJoazRSIiwibWFjIjoiZTIwMTgwYjAxZmU3NGJkMWYyYTI3OTA5ODQ3YjFkMjIzMGExOTIzZmQyNGViYTI4NzE0Y2E2N2FhMjYxNjc2YiJ9; c=eyJpdiI6ImFWZ3I0WU44S2FEMDQ1aEZrVnF5NFE9PSIsInZhbHVlIjoiZk5zSlpQS25iZkRPT3FUWXBDYVwvb1J1SVlHNEZqcm9ObGhiYkRrQmNNU2VsZldJakJnckw5aWRCT25neEwxMloiLCJtYWMiOiIyMTExMjUyNmM1YmM1NzZiMWY2YzFhZGMzMTdiY2RmNDEwZjg4OGYwZTgxMDBiYzI4OWRmMTkwMjI3YmUxYzk2In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 646
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NeKC%2B4mBwt10OBekFXDjmErY3PlG3n7zgzRowk5hCiL64GmzHhC1JCiueGGgZzIwFyCLGctM47fKupjdXqMH49ctZXyQU42nix4jhJ451Z%2B%2FSp%2FRn9iD%2FPlMfjvDVueEEr9nJQv0WXPlaUU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67d16d5cff0405fd-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 9ms
8ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.0.1628684522.0; _ga=GA1.1.668805998.1628684518; _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjlVOTNVXC9BdWxya1wvKzhLcnVpVm1PZz09IiwidmFsdWUiOiJaZGNTV29JSmdtdnhxckpKNjBFRmtRRFlsOHdncU5ibWhDU1pDVmZORUpyWHVKaHBCS09CaHdiT0Y4QnJoazRSIiwibWFjIjoiZTIwMTgwYjAxZmU3NGJkMWYyYTI3OTA5ODQ3YjFkMjIzMGExOTIzZmQyNGViYTI4NzE0Y2E2N2FhMjYxNjc2YiJ9; c=eyJpdiI6ImFWZ3I0WU44S2FEMDQ1aEZrVnF5NFE9PSIsInZhbHVlIjoiZk5zSlpQS25iZkRPT3FUWXBDYVwvb1J1SVlHNEZqcm9ObGhiYkRrQmNNU2VsZldJakJnckw5aWRCT25neEwxMloiLCJtYWMiOiIyMTExMjUyNmM1YmM1NzZiMWY2YzFhZGMzMTdiY2RmNDEwZjg4OGYwZTgxMDBiYzI4OWRmMTkwMjI3YmUxYzk2In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Aug 2021 12:35:03 GMT
server: cloudflare
etag: W/"610bdaf7-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sIhG6McdVxl18KJH29ZnJ3u3MtzqHjRJD2PkjJyJC3xSVp%2FrkGvwb91pcoXQ6bA%2FvMFkC%2BHSKV0jLTq9QJCYCnp3IG6abx%2FDJmXDXFW9xmyWN9xU5bqLW2qP6H7SNlVcApo6xIk3%2FHLslMo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d5c9df805fd-FRA
vary: Accept-Encoding
expires: Fri, 13 Aug 2021 12:22:02 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 18ms
18ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.0.1628684522.0; _ga=GA1.1.668805998.1628684518; _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjlVOTNVXC9BdWxya1wvKzhLcnVpVm1PZz09IiwidmFsdWUiOiJaZGNTV29JSmdtdnhxckpKNjBFRmtRRFlsOHdncU5ibWhDU1pDVmZORUpyWHVKaHBCS09CaHdiT0Y4QnJoazRSIiwibWFjIjoiZTIwMTgwYjAxZmU3NGJkMWYyYTI3OTA5ODQ3YjFkMjIzMGExOTIzZmQyNGViYTI4NzE0Y2E2N2FhMjYxNjc2YiJ9; c=eyJpdiI6ImFWZ3I0WU44S2FEMDQ1aEZrVnF5NFE9PSIsInZhbHVlIjoiZk5zSlpQS25iZkRPT3FUWXBDYVwvb1J1SVlHNEZqcm9ObGhiYkRrQmNNU2VsZldJakJnckw5aWRCT25neEwxMloiLCJtYWMiOiIyMTExMjUyNmM1YmM1NzZiMWY2YzFhZGMzMTdiY2RmNDEwZjg4OGYwZTgxMDBiYzI4OWRmMTkwMjI3YmUxYzk2In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 645
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: W/"61113bce-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=orpjswNaKV6rL4ejLjla0g1BaTxo0Hlcli5QPxpbBR5nCshkgv4WHVa8x4QHhflVfIvfMh1rLlJ%2B7ZB%2B7Wg0t0W8O9zQCCNrM3onCOQoN%2FR7AkW9NRoP58cbMUiKUDlPfz%2B%2FrzvsoS6xR80%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d5cae2005fd-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 33ms
33ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.0.1628684522.0; _ga=GA1.1.668805998.1628684518; _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjlVOTNVXC9BdWxya1wvKzhLcnVpVm1PZz09IiwidmFsdWUiOiJaZGNTV29JSmdtdnhxckpKNjBFRmtRRFlsOHdncU5ibWhDU1pDVmZORUpyWHVKaHBCS09CaHdiT0Y4QnJoazRSIiwibWFjIjoiZTIwMTgwYjAxZmU3NGJkMWYyYTI3OTA5ODQ3YjFkMjIzMGExOTIzZmQyNGViYTI4NzE0Y2E2N2FhMjYxNjc2YiJ9; c=eyJpdiI6ImFWZ3I0WU44S2FEMDQ1aEZrVnF5NFE9PSIsInZhbHVlIjoiZk5zSlpQS25iZkRPT3FUWXBDYVwvb1J1SVlHNEZqcm9ObGhiYkRrQmNNU2VsZldJakJnckw5aWRCT25neEwxMloiLCJtYWMiOiIyMTExMjUyNmM1YmM1NzZiMWY2YzFhZGMzMTdiY2RmNDEwZjg4OGYwZTgxMDBiYzI4OWRmMTkwMjI3YmUxYzk2In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3896
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wmN%2FoKpwcTW7QkYS5PZ7r%2F1i8Z8jdEynkc1scCjWUfbQqdN%2BQN5IWHypnN6Zd2%2FVF41oOnVhA5HOCgsKvA6QQ4veWFAO6vISkCY8r7xtGqWVnsPSiSUCU29CPC%2BXB%2BRHPfQGXqyHmE66nSU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d5cce5d05fd-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 64ms
64ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf86-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 19ms
13ms Script
text/plain 18.193.146.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.146.82 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-146-82.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:22:03 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 46ms
15ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:22:03 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 21ms
15ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 789421e97c465f7367c2c16bad228afc0d9211d9ff3c949b7ef88b72e9fc30db

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 06 Aug 2021 11:17:33 GMT
server: cloudflare
age: 6664
etag: W/"610d1a4d-97e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JaRz8hvrHnmC%2FVdJ7vW1x7xJMQxwP1Km2p%2FbEa%2Ft%2FFGtN9hvDeWDqqi50sY%2B%2F07xc9YvKnFsXkh9KD%2BqEtw92h9d58JoBm1D%2FlzY0deyLxFO1sHW1wYiuASIM3x8gu1EKgYYlg4np26uH%2BtomA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d5cf84fc28b-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 111 KB
41 KB 20ms
14ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a162969e2b65a15d2ad5f2f7ae26f9c048df44bc88b9438d33c203ba783b9c01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42027
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 11 Aug 2021 12:22:03 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 43ms
15ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 15ms
11ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.5511392610811088
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 3cf685b72faccf491360cb2febe2836e42853e9a48021cbdec220e539e66c9a5

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 12:22:02 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 69ms
69ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx00000000000000491e693-0060df2731-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 70ms
70ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd245-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 22ms
20ms Media
video/mp4 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a44bcc-0060f54e68-141c7b61-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H3-29 200 tag-a511eb58bc7ee0b0cbc6906497418127.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/ 214 KB
61 KB 10ms
8ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.5511392610811088
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: ffef253989420f0b71eec148da3bbe555e1117a9860323b7a39b267bbb62ebe6

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-f354"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62292
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 99ms
98ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=DB76FDD5DD838C8DD81D28BC77422F6F9&h=28831bf43ecbcc7c99f644b2f321bf1e&t=false&r=0.05615746675853406

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:22:02 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 20ms
19ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.0.1628684522.0; _ga=GA1.1.668805998.1628684518; _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjlVOTNVXC9BdWxya1wvKzhLcnVpVm1PZz09IiwidmFsdWUiOiJaZGNTV29JSmdtdnhxckpKNjBFRmtRRFlsOHdncU5ibWhDU1pDVmZORUpyWHVKaHBCS09CaHdiT0Y4QnJoazRSIiwibWFjIjoiZTIwMTgwYjAxZmU3NGJkMWYyYTI3OTA5ODQ3YjFkMjIzMGExOTIzZmQyNGViYTI4NzE0Y2E2N2FhMjYxNjc2YiJ9; c=eyJpdiI6ImFWZ3I0WU44S2FEMDQ1aEZrVnF5NFE9PSIsInZhbHVlIjoiZk5zSlpQS25iZkRPT3FUWXBDYVwvb1J1SVlHNEZqcm9ObGhiYkRrQmNNU2VsZldJakJnckw5aWRCT25neEwxMloiLCJtYWMiOiIyMTExMjUyNmM1YmM1NzZiMWY2YzFhZGMzMTdiY2RmNDEwZjg4OGYwZTgxMDBiYzI4OWRmMTkwMjI3YmUxYzk2In0%3D; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5480
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: "61113bce-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rWM6q9LgoMsyrc9dMgDv8ZNZYszum17wnOIPflz2E0T73EC9C1LgCpVqqfCvxJXQoSSuay6nqpAaS%2Fxfjv7ursqHHrveREG%2FtM1yyILNAa%2Fi9n7Vp4dq1tkMEjChYukuP92F0WeTjl50%2B6Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d5d3f8505fd-FRA

HEAD
H2 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 36ms
36ms Fetch
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 12:22:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
etag: 4898024456010196187
vary: Accept-Encoding, Origin
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private, max-age=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:03 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 14ms
13ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: d5a31f9437b8df3c7c42ea8d2e63e221efa25c803d8d0ec39d2d580fcfb7ddf9

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:22:03 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 14ms
14ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

43fe9d26fe3d9066d12b1c47e23b32c84fce872763486020abccd732f3371ec6

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:58 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 28ms
24ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:22:03 GMT
Server: nginx/1.19.10
Etag: 8baa24ae-170a-43cf-9c5a-c6a6ecd0a9fc
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 17ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:03 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 35ms
32ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:03 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 17ms
14ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:03 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 23ms
21ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:03 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 16ms
14ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:03 GMT

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 15ms
8ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.9298340783066559&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 128 KB
50 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7d88b754fb20a228ccb18fb29e64e1eaf8d8ca55d18373465cdd9e38fb093a0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51221
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:03 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2729
date: Wed, 11 Aug 2021 11:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 11 Aug 2021 13:36:34 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 35ms
35ms Script
application/javascript 54.192.219.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.13 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ba0f7c8cd1226246385e057da152929c0c7b7868b6a4b64ff6de9537bf8aeb33

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:14 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 49
etag: W/2bfd20973994a2ba4876103e95eba243
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: MRS52-P2
x-amz-cf-id: O3JOBx4eXRlD-AqGeTiEgevgXoLovrSUcZZ2SSy93eqe57vRQHSk2A==
via: 1.1 ee464261ee466fae8314a91098b35372.cloudfront.net (CloudFront)

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 21ms
20ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.231207156353046
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 locate Show response
tgfunnls.org/ 141 B
1 KB 155ms
154ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fea97b726590fe4a2287fc338a9ba11f11d1f9f20a68500a2832f2120b7f1856

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6IjlVOTNVXC9BdWxya1wvKzhLcnVpVm1PZz09IiwidmFsdWUiOiJaZGNTV29JSmdtdnhxckpKNjBFRmtRRFlsOHdncU5ibWhDU1pDVmZORUpyWHVKaHBCS09CaHdiT0Y4QnJoazRSIiwibWFjIjoiZTIwMTgwYjAxZmU3NGJkMWYyYTI3OTA5ODQ3YjFkMjIzMGExOTIzZmQyNGViYTI4NzE0Y2E2N2FhMjYxNjc2YiJ9
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.0.1628684522.0; _ga=GA1.1.668805998.1628684518; _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjlVOTNVXC9BdWxya1wvKzhLcnVpVm1PZz09IiwidmFsdWUiOiJaZGNTV29JSmdtdnhxckpKNjBFRmtRRFlsOHdncU5ibWhDU1pDVmZORUpyWHVKaHBCS09CaHdiT0Y4QnJoazRSIiwibWFjIjoiZTIwMTgwYjAxZmU3NGJkMWYyYTI3OTA5ODQ3YjFkMjIzMGExOTIzZmQyNGViYTI4NzE0Y2E2N2FhMjYxNjc2YiJ9; c=eyJpdiI6ImFWZ3I0WU44S2FEMDQ1aEZrVnF5NFE9PSIsInZhbHVlIjoiZk5zSlpQS25iZkRPT3FUWXBDYVwvb1J1SVlHNEZqcm9ObGhiYkRrQmNNU2VsZldJakJnckw5aWRCT25neEwxMloiLCJtYWMiOiIyMTExMjUyNmM1YmM1NzZiMWY2YzFhZGMzMTdiY2RmNDEwZjg4OGYwZTgxMDBiYzI4OWRmMTkwMjI3YmUxYzk2In0%3D; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IjlVOTNVXC9BdWxya1wvKzhLcnVpVm1PZz09IiwidmFsdWUiOiJaZGNTV29JSmdtdnhxckpKNjBFRmtRRFlsOHdncU5ibWhDU1pDVmZORUpyWHVKaHBCS09CaHdiT0Y4QnJoazRSIiwibWFjIjoiZTIwMTgwYjAxZmU3NGJkMWYyYTI3OTA5ODQ3YjFkMjIzMGExOTIzZmQyNGViYTI4NzE0Y2E2N2FhMjYxNjc2YiJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ATe2fH%2BuUPdHwd3YB4zHshwU%2BQ7QyEgK9jF%2Bs7mzd5fLjxnbd3G%2B1Dq7v6PPdiP%2Bwnd1vPctrxQO2kig04Tced88dCYLctKj43Hp8kOtXPLK7zma0bV7zjO2LuHU%2BsGWlh6MkTkcVQB8GF0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjVaN3NHNTBVMitmM2hZTzJuSGFcL2dBPT0iLCJ2YWx1ZSI6IlNZbHpOZ0JlZE9MaE9XZUZLTmVrRnZSSnBwMmxLYm1kSU9VdHJ6aUpjNEFBNDd1TjB5UEViNFoxdW5Mc0RXcmwiLCJtYWMiOiI0NGJiOGFkZmY4NDc4MTMxNzBhODY4Njg4ZmIzNDA1MjIzZWNhOTE0NTRiNzJhNDY1MDlmNjc5NmUzNDZkZDdiIn0%3D; expires=Wed, 11-Aug-2021 14:22:03 GMT; Max-Age=7200; path=/ c=eyJpdiI6ImRlRGNWVnZYdTNjbHc3dytkMUFPV3c9PSIsInZhbHVlIjoiZ1BCakU0aXV5YnBRbFFZZjFhb2hqaFhXdk1WVUJuOW9yZCtMb20wSkdDcUFUWGc2SmN0SjlocnJiR2FBWmZmQyIsIm1hYyI6IjU1MGEzZDU3MjQ3NTYzNDhkMTQ4MGI1NWYyNmI1ZDdiZDkxZTM5Zjg4MDI1ZDU3YWUyNGQ3MDMxN2I0OTBjOWMifQ%3D%3D; expires=Wed, 11-Aug-2021 14:22:03 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d5dc8d705fd-FRA

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 15ms
15ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:03 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 17ms
16ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:03 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK 149f321c-f986-44bb-af38-3d854f1c0597
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/149f321c-f986-44bb-af38-3d854f1c0597
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 15ms
14ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:03 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 14ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:03 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 17ms
17ms Image
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 9ms
8ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-133"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 24ms
24ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=1727604586&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAAC~&jid=1720929269&gjid=1728497870&cid=668805998.1628684518&tid=UA-192660002-1&_gid=1978519149.1628684523&_r=1&gtm=2wg891MSK8GMG&z=467272407

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:22:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 26ms
26ms Script
application/javascript 54.192.219.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 511438
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 1cfafe71e396134dc106e8c1515876bd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: yPh93-ixRxG8k5eXFMWBug3HgYS1mFoe_yBb8q87IzmJsvyYHtrJtg==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
86 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c0a::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-192660002-1&cid=668805998.1628684518&jid=1720929269&gjid=1728497870&_gid=1978519149.1628684523&_u=YADAAEAAAAAAAC~&z=1893545442

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 11 Aug 2021 12:22:03 GMT
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js Show response
cdn.pushcrew.com/js/ 248 KB
70 KB 101ms
101ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a74b97179203cf3de9b255635c3927c34791cabfe69261cc8d1235c13315e78

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Wed, 11 Aug 2021 12:52:03 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 30ms
29ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-192660002-1&cid=668805998.1628684518&jid=1720929269&_u=YADAAEAAAAAAAC~&z=745715063

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:22:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 29ms
29ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-192660002-1&cid=668805998.1628684518&jid=1720929269&_u=YADAAEAAAAAAAC~&z=745715063

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:22:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 568C 2 KB
1 KB 26ms
25ms Document
text/html 52.84.45.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.45.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-45-59.mrs52.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 03 Jun 2021 10:15:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 03 Jun 2021 10:14:54 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e5c15247ec560744bc8eee50e069c231.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-P1
x-amz-cf-id: ohmvWuRItLwnPyKdnoIFxACfGd4qSc8I8vw2ccLIYOcwcjM-SeQYXA==
age: 5969218

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 241ms
241ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6IjVaN3NHNTBVMitmM2hZTzJuSGFcL2dBPT0iLCJ2YWx1ZSI6IlNZbHpOZ0JlZE9MaE9XZUZLTmVrRnZSSnBwMmxLYm1kSU9VdHJ6aUpjNEFBNDd1TjB5UEViNFoxdW5Mc0RXcmwiLCJtYWMiOiI0NGJiOGFkZmY4NDc4MTMxNzBhODY4Njg4ZmIzNDA1MjIzZWNhOTE0NTRiNzJhNDY1MDlmNjc5NmUzNDZkZDdiIn0=
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684523.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IjVaN3NHNTBVMitmM2hZTzJuSGFcL2dBPT0iLCJ2YWx1ZSI6IlNZbHpOZ0JlZE9MaE9XZUZLTmVrRnZSSnBwMmxLYm1kSU9VdHJ6aUpjNEFBNDd1TjB5UEViNFoxdW5Mc0RXcmwiLCJtYWMiOiI0NGJiOGFkZmY4NDc4MTMxNzBhODY4Njg4ZmIzNDA1MjIzZWNhOTE0NTRiNzJhNDY1MDlmNjc5NmUzNDZkZDdiIn0%3D; c=eyJpdiI6ImRlRGNWVnZYdTNjbHc3dytkMUFPV3c9PSIsInZhbHVlIjoiZ1BCakU0aXV5YnBRbFFZZjFhb2hqaFhXdk1WVUJuOW9yZCtMb20wSkdDcUFUWGc2SmN0SjlocnJiR2FBWmZmQyIsIm1hYyI6IjU1MGEzZDU3MjQ3NTYzNDhkMTQ4MGI1NWYyNmI1ZDdiZDkxZTM5Zjg4MDI1ZDU3YWUyNGQ3MDMxN2I0OTBjOWMifQ%3D%3D
content-length: 179
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IjVaN3NHNTBVMitmM2hZTzJuSGFcL2dBPT0iLCJ2YWx1ZSI6IlNZbHpOZ0JlZE9MaE9XZUZLTmVrRnZSSnBwMmxLYm1kSU9VdHJ6aUpjNEFBNDd1TjB5UEViNFoxdW5Mc0RXcmwiLCJtYWMiOiI0NGJiOGFkZmY4NDc4MTMxNzBhODY4Njg4ZmIzNDA1MjIzZWNhOTE0NTRiNzJhNDY1MDlmNjc5NmUzNDZkZDdiIn0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BdIW1zpMZ0kppyXYOCFTBvL9QDi6pAIBUyma%2FsQyvFItQC6kEHBRXVWw9IdK2SYG3Sfb7t3B9QlIx2NwzBa81mRa%2FbAwX%2F3Rp%2FWHunEp7dz%2F4vD2rsVGBxwLzy4WuGXvIeGSF9QZV3uJOts%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Ilp4R0d4bmdnT2VjSk9cL3FvTnQwOWF3PT0iLCJ2YWx1ZSI6Im1MR0dyRU01YkFsYmdLaXAyQ0VSMExJWmhyMTVRQTdcL0xTWnR0Q3RIU3l3STlSN0Vla0dJSXpzSXR6bjh5Q3VXIiwibWFjIjoiODFiMmY4YTY5YTAxOTM2NDk1MzNiZDQ2OTIxYzkyMDFlZjA1YjM3NWQ3MDNmOWUxZWYxNjJmNTE2ZjZiMmY1YyJ9; expires=Wed, 11-Aug-2021 14:22:03 GMT; Max-Age=7200; path=/ c=eyJpdiI6ImpxRnBqXC9JOEVUTlNsRHRLWktHNkxRPT0iLCJ2YWx1ZSI6ImY5ZEZweUpRUWVjbjFuXC9rdGJZWG5yaE12bW5GejdvNWY2dGx3WWo4Uk1TR0hQWlNBb2g3NmZFaVVlTW5vSEF3IiwibWFjIjoiNjI5MjY1OTY2YjVhMjdhNDYwMDAyYzkxOWJhNjA4MDM2NDNlY2M0YzFkMmM1NDc3YWE4YzI4MGUyMmVlYjI0MyJ9; expires=Wed, 11-Aug-2021 14:22:03 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d5ecad905fd-FRA

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 960 KB
0 10ms
10ms Media
video/mp4 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=3801088-

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a44bcc-0060f54e68-141c7b61-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 3801088-124690623/124690624
Content-Length: 120889536
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Thu, 11 Aug 2022 18:11:03 GMT

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 18ms
17ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:03 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 14ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:03 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 14ms
14ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 11 Aug 2021 12:22:03 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 264ms
264ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0932d19ef5f3734eb7b0a9775a1442ed76bbd239c5ec2f9377d881517bc467c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684523.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6Ilp4R0d4bmdnT2VjSk9cL3FvTnQwOWF3PT0iLCJ2YWx1ZSI6Im1MR0dyRU01YkFsYmdLaXAyQ0VSMExJWmhyMTVRQTdcL0xTWnR0Q3RIU3l3STlSN0Vla0dJSXpzSXR6bjh5Q3VXIiwibWFjIjoiODFiMmY4YTY5YTAxOTM2NDk1MzNiZDQ2OTIxYzkyMDFlZjA1YjM3NWQ3MDNmOWUxZWYxNjJmNTE2ZjZiMmY1YyJ9; c=eyJpdiI6ImpxRnBqXC9JOEVUTlNsRHRLWktHNkxRPT0iLCJ2YWx1ZSI6ImY5ZEZweUpRUWVjbjFuXC9rdGJZWG5yaE12bW5GejdvNWY2dGx3WWo4Uk1TR0hQWlNBb2g3NmZFaVVlTW5vSEF3IiwibWFjIjoiNjI5MjY1OTY2YjVhMjdhNDYwMDAyYzkxOWJhNjA4MDM2NDNlY2M0YzFkMmM1NDc3YWE4YzI4MGUyMmVlYjI0MyJ9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlhNbWF2REJLV052ek54Wkx3dldJS2c9PSIsInZhbHVlIjoiOFwvWFI5XC9ZelhaZnRDdEhVWDB0XC9FOHc1NGJKa2l1VWJYaFp3M2loY0tNUVVBT0lncnhPQTlZOG84VFIwYklhZCIsIm1hYyI6IjFmMTY0NzNiZTQ1OGE5ODE2ZGRiNDRkNTBjM2U1NzYzNTc1NzcxODBkOTg1YjJhYzJmNjBhYmJmNzgwNmQzYjIifQ%3D%3D; expires=Wed, 11-Aug-2021 14:22:03 GMT; Max-Age=7200; path=/ c=eyJpdiI6IlZxRDZUazlKYTcrM0NsOU1WampucXc9PSIsInZhbHVlIjoiSjdPeEQ3dVFUVW5CZmxaelloSzRVVUl5bG96TTFJVzRKWDUyN0ZrN3dSQkZGUGNqYXJNN0t5clViRVwveWhUaFQiLCJtYWMiOiJmNjBjMTljZDkxMTE2NDU1YTJiYzYzZDUwODk3Y2IxZjAwMzAzOTUxY2YzMzY0MWZkZTRmODE5YzRlODQzZTA2In0%3D; expires=Wed, 11-Aug-2021 14:22:03 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 2
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A4xCOc%2BNpg9zFtzmRM3VTB60%2BnP0HfvQ6keb%2B3GRrOTaIIZWAfZfqCaZ1c7i%2F3qfxT80WLCcXJg1LvK4YcLuMJ2jdz0IcMRB3MNmUslkLSXQkbqR9sQ%2FLzsXQ21FvTcu%2FhxELdsHHmaK4l0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67d16d60cf4e05fd-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 14ms
12ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684523.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlhNbWF2REJLV052ek54Wkx3dldJS2c9PSIsInZhbHVlIjoiOFwvWFI5XC9ZelhaZnRDdEhVWDB0XC9FOHc1NGJKa2l1VWJYaFp3M2loY0tNUVVBT0lncnhPQTlZOG84VFIwYklhZCIsIm1hYyI6IjFmMTY0NzNiZTQ1OGE5ODE2ZGRiNDRkNTBjM2U1NzYzNTc1NzcxODBkOTg1YjJhYzJmNjBhYmJmNzgwNmQzYjIifQ%3D%3D; c=eyJpdiI6IlZxRDZUazlKYTcrM0NsOU1WampucXc9PSIsInZhbHVlIjoiSjdPeEQ3dVFUVW5CZmxaelloSzRVVUl5bG96TTFJVzRKWDUyN0ZrN3dSQkZGUGNqYXJNN0t5clViRVwveWhUaFQiLCJtYWMiOiJmNjBjMTljZDkxMTE2NDU1YTJiYzYzZDUwODk3Y2IxZjAwMzAzOTUxY2YzMzY0MWZkZTRmODE5YzRlODQzZTA2In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 646
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=94JL3OPmvLvrCrJ62Oqp70rfdgJAxv7f6WqJ2894skDmcaLDc7qQ8VgkbyqHm6rjfr6ekx1Fv7W2O%2B1OIq29ii%2F3y59TS0RApNOlbsiaW8Vk2LJjdXZQFCO9%2BKO6e4d1h1hwBCudko8iLI4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d628c6905fd-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
765 B 13ms
12ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684523.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlhNbWF2REJLV052ek54Wkx3dldJS2c9PSIsInZhbHVlIjoiOFwvWFI5XC9ZelhaZnRDdEhVWDB0XC9FOHc1NGJKa2l1VWJYaFp3M2loY0tNUVVBT0lncnhPQTlZOG84VFIwYklhZCIsIm1hYyI6IjFmMTY0NzNiZTQ1OGE5ODE2ZGRiNDRkNTBjM2U1NzYzNTc1NzcxODBkOTg1YjJhYzJmNjBhYmJmNzgwNmQzYjIifQ%3D%3D; c=eyJpdiI6IlZxRDZUazlKYTcrM0NsOU1WampucXc9PSIsInZhbHVlIjoiSjdPeEQ3dVFUVW5CZmxaelloSzRVVUl5bG96TTFJVzRKWDUyN0ZrN3dSQkZGUGNqYXJNN0t5clViRVwveWhUaFQiLCJtYWMiOiJmNjBjMTljZDkxMTE2NDU1YTJiYzYzZDUwODk3Y2IxZjAwMzAzOTUxY2YzMzY0MWZkZTRmODE5YzRlODQzZTA2In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 646
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3L3ZBTUGAa688jlCEQZgRYrT9Oz%2F7Dm%2FrEkFsGvq3CWi%2F0%2BGd7t56B21dskOVAM3D9UOEvHL5i4KzUcGZmQiXm7Sr0WpS9w7ctsf%2BTUNfFKHMc8cf6pnaG0rw7lpTYrdMmSDJVZv0gjN%2FFM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d628c6e05fd-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 8ms
7ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf7b-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 17ms
16ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 32ms
26ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7f-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 33ms
26ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd188-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 22ms
16ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684523.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlhNbWF2REJLV052ek54Wkx3dldJS2c9PSIsInZhbHVlIjoiOFwvWFI5XC9ZelhaZnRDdEhVWDB0XC9FOHc1NGJKa2l1VWJYaFp3M2loY0tNUVVBT0lncnhPQTlZOG84VFIwYklhZCIsIm1hYyI6IjFmMTY0NzNiZTQ1OGE5ODE2ZGRiNDRkNTBjM2U1NzYzNTc1NzcxODBkOTg1YjJhYzJmNjBhYmJmNzgwNmQzYjIifQ%3D%3D; c=eyJpdiI6IlZxRDZUazlKYTcrM0NsOU1WampucXc9PSIsInZhbHVlIjoiSjdPeEQ3dVFUVW5CZmxaelloSzRVVUl5bG96TTFJVzRKWDUyN0ZrN3dSQkZGUGNqYXJNN0t5clViRVwveWhUaFQiLCJtYWMiOiJmNjBjMTljZDkxMTE2NDU1YTJiYzYzZDUwODk3Y2IxZjAwMzAzOTUxY2YzMzY0MWZkZTRmODE5YzRlODQzZTA2In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5020
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:27:10 GMT
server: cloudflare
etag: "61113b3e-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kQa%2Fujid2kIH%2FRx%2FXOXqv60zM78c6zB5MP%2BL3ov3kw835xJPX0QDJAXUkQe3GIu9z6z6k9MqGOMlcMbp63E4DVHY4yRxQQGrux%2FQXQLwKQiMtakUcAZoI1QXqh2cvxfS8z2XIcop1Tadw58%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d62acde05fd-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 32ms
27ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7e-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 33ms
27ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7d-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 33ms
27ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd193-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 25ms
25ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf82-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 32ms
32ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18f-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 11ms
5ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf87-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 11ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd187-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 11ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7c-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 11ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf79-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18e-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd189-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18b-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd185-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18a-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 9ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf81-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 8ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18d-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 26ms
22ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684523.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlhNbWF2REJLV052ek54Wkx3dldJS2c9PSIsInZhbHVlIjoiOFwvWFI5XC9ZelhaZnRDdEhVWDB0XC9FOHc1NGJKa2l1VWJYaFp3M2loY0tNUVVBT0lncnhPQTlZOG84VFIwYklhZCIsIm1hYyI6IjFmMTY0NzNiZTQ1OGE5ODE2ZGRiNDRkNTBjM2U1NzYzNTc1NzcxODBkOTg1YjJhYzJmNjBhYmJmNzgwNmQzYjIifQ%3D%3D; c=eyJpdiI6IlZxRDZUazlKYTcrM0NsOU1WampucXc9PSIsInZhbHVlIjoiSjdPeEQ3dVFUVW5CZmxaelloSzRVVUl5bG96TTFJVzRKWDUyN0ZrN3dSQkZGUGNqYXJNN0t5clViRVwveWhUaFQiLCJtYWMiOiJmNjBjMTljZDkxMTE2NDU1YTJiYzYzZDUwODk3Y2IxZjAwMzAzOTUxY2YzMzY0MWZkZTRmODE5YzRlODQzZTA2In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 646
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ltD9HmmvSrm0xKkAQXAuibYERWT%2BkcgjbsKiB8K23jgcYDSd28yff%2F8CwcwJGeeX1YqBeQPjgN9BxtjzfVGQF67DeBw8rLN7Sy1zDqbjMGR2jaF3c%2BSHj8trNFIHe0yFYXE1mNNZ4kICV78%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67d16d62ace605fd-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 9ms
9ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684523.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlhNbWF2REJLV052ek54Wkx3dldJS2c9PSIsInZhbHVlIjoiOFwvWFI5XC9ZelhaZnRDdEhVWDB0XC9FOHc1NGJKa2l1VWJYaFp3M2loY0tNUVVBT0lncnhPQTlZOG84VFIwYklhZCIsIm1hYyI6IjFmMTY0NzNiZTQ1OGE5ODE2ZGRiNDRkNTBjM2U1NzYzNTc1NzcxODBkOTg1YjJhYzJmNjBhYmJmNzgwNmQzYjIifQ%3D%3D; c=eyJpdiI6IlZxRDZUazlKYTcrM0NsOU1WampucXc9PSIsInZhbHVlIjoiSjdPeEQ3dVFUVW5CZmxaelloSzRVVUl5bG96TTFJVzRKWDUyN0ZrN3dSQkZGUGNqYXJNN0t5clViRVwveWhUaFQiLCJtYWMiOiJmNjBjMTljZDkxMTE2NDU1YTJiYzYzZDUwODk3Y2IxZjAwMzAzOTUxY2YzMzY0MWZkZTRmODE5YzRlODQzZTA2In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Aug 2021 12:35:03 GMT
server: cloudflare
etag: W/"610bdaf7-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ifXpYk0F8rpsxpNx9na6rUReFBn6xcw3cCxWFtMG2paW%2BE0Y0JPC7Es7gc4u6GKF%2BFi6Rx%2BOnVMiCGhsINgYve0DCNcr8B8eCbVtgZjFXbKdPrOPQsW2NKzkSM%2B1N3dTXqdt3mxp%2BqaXkM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d629c9b05fd-FRA
vary: Accept-Encoding
expires: Fri, 13 Aug 2021 12:22:03 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 19ms
19ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684523.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlhNbWF2REJLV052ek54Wkx3dldJS2c9PSIsInZhbHVlIjoiOFwvWFI5XC9ZelhaZnRDdEhVWDB0XC9FOHc1NGJKa2l1VWJYaFp3M2loY0tNUVVBT0lncnhPQTlZOG84VFIwYklhZCIsIm1hYyI6IjFmMTY0NzNiZTQ1OGE5ODE2ZGRiNDRkNTBjM2U1NzYzNTc1NzcxODBkOTg1YjJhYzJmNjBhYmJmNzgwNmQzYjIifQ%3D%3D; c=eyJpdiI6IlZxRDZUazlKYTcrM0NsOU1WampucXc9PSIsInZhbHVlIjoiSjdPeEQ3dVFUVW5CZmxaelloSzRVVUl5bG96TTFJVzRKWDUyN0ZrN3dSQkZGUGNqYXJNN0t5clViRVwveWhUaFQiLCJtYWMiOiJmNjBjMTljZDkxMTE2NDU1YTJiYzYzZDUwODk3Y2IxZjAwMzAzOTUxY2YzMzY0MWZkZTRmODE5YzRlODQzZTA2In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 646
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: W/"61113bce-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aU6fDKpRG%2BHmWjRHsZy5AuURoAlcSfuYzjlMHQCt1ayI%2FnmDBWl8TWeOdKYND2UMTRo40A6LBso12L0OI0kcOWLLYCl23GbxdcqJUzVbPMXH0K7Jb%2BHJQ1FRZdzCQS1yIS1cWepKQbDnlzA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d629ca705fd-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 35ms
29ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684523.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlhNbWF2REJLV052ek54Wkx3dldJS2c9PSIsInZhbHVlIjoiOFwvWFI5XC9ZelhaZnRDdEhVWDB0XC9FOHc1NGJKa2l1VWJYaFp3M2loY0tNUVVBT0lncnhPQTlZOG84VFIwYklhZCIsIm1hYyI6IjFmMTY0NzNiZTQ1OGE5ODE2ZGRiNDRkNTBjM2U1NzYzNTc1NzcxODBkOTg1YjJhYzJmNjBhYmJmNzgwNmQzYjIifQ%3D%3D; c=eyJpdiI6IlZxRDZUazlKYTcrM0NsOU1WampucXc9PSIsInZhbHVlIjoiSjdPeEQ3dVFUVW5CZmxaelloSzRVVUl5bG96TTFJVzRKWDUyN0ZrN3dSQkZGUGNqYXJNN0t5clViRVwveWhUaFQiLCJtYWMiOiJmNjBjMTljZDkxMTE2NDU1YTJiYzYzZDUwODk3Y2IxZjAwMzAzOTUxY2YzMzY0MWZkZTRmODE5YzRlODQzZTA2In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3896
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fy3Jm02vbeGjJp6GRs4D9O3nNR5J6qjhd9%2FH5Y%2FifytzXsS6KJykqbZ7SHiZZeUPwZtdvI5lD%2B%2BUJi%2FIQSup2j1Rrd7sD7AI%2FQBZzBrmsbMJE0K590hkDJ1HbtJ9F%2BrAz1%2FhtD8j%2FP2KWwM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d62acd705fd-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 14ms
8ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf86-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
635 B 19ms
15ms Script
text/plain 18.193.146.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.146.82 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-146-82.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:22:03 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
635 B 51ms
14ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:22:03 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 19ms
16ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 789421e97c465f7367c2c16bad228afc0d9211d9ff3c949b7ef88b72e9fc30db

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 06 Aug 2021 11:17:33 GMT
server: cloudflare
age: 6664
etag: W/"610d1a4d-97e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DOBRArdGv%2F%2BTxHozQDjMmBs189RIP1WjhiCuQ3iT5vKSJmdlF8nImkJKUnkjH1nlo6XZ78RRmLEe4fdvVOZrR9FTQ2O%2B1Tj458REOhSas04gduObPp1Z0UfXtrJNLbqeQkgPFOD3Wz4Uo5gIjg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d62ace82c22-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 111 KB
41 KB 20ms
17ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

abf5e420544cdc91fec5600e8fac1b07f6fd02f69671fa214259ad6518213358

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42029
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 11 Aug 2021 12:22:03 GMT

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 14ms
11ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.001277248563367861
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: fac33d07cd71df9eef303b7bb2883c402c1dfd10f953141a426f4dad1378d58a

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 12:22:03 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 24ms
24ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx00000000000000491e693-0060df2731-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 26ms
26ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd245-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 9ms
8ms Media
video/mp4 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a44bcc-0060f54e68-141c7b61-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Thu, 11 Aug 2022 18:11:03 GMT

GET
H3-29 200 tag-a511eb58bc7ee0b0cbc6906497418127.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/ 214 KB
61 KB 11ms
10ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.001277248563367861
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: ffef253989420f0b71eec148da3bbe555e1117a9860323b7a39b267bbb62ebe6

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-f354"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62292
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 99ms
95ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=DB76FDD5DD838C8DD81D28BC77422F6F9&h=28831bf43ecbcc7c99f644b2f321bf1e&t=false&r=0.7140829080025985

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:22:03 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 69ms
68ms Fetch
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 4898024456010196187
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 11 Aug 2021 12:22:04 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 15ms
13ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 12f801a85da24b5c932a5c371ce1670873f04fabe49efceb34d231f03eb5ab4e

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:22:03 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 14ms
12ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

1021e8b0802114ce032f5db067e3e84a7ff7618f094b7ebea5fe32b208125ca0

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:59 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 14ms
14ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:22:03 GMT
Server: nginx/1.19.10
Etag: be66723d-fa13-464c-b1eb-98e0fa55a714
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 21ms
20ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:03 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 20ms
20ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:03 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 20ms
19ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:03 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 18ms
18ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:03 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 20ms
20ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:03 GMT

GET
H3-29 200 locate Show response
tgfunnls.org/ 150 B
1 KB 247ms
247ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

126f29647a5fd666abd70f0bfe4f9a9b972c2e385e09554cf2fea5ffe35f62fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6IlhNbWF2REJLV052ek54Wkx3dldJS2c9PSIsInZhbHVlIjoiOFwvWFI5XC9ZelhaZnRDdEhVWDB0XC9FOHc1NGJKa2l1VWJYaFp3M2loY0tNUVVBT0lncnhPQTlZOG84VFIwYklhZCIsIm1hYyI6IjFmMTY0NzNiZTQ1OGE5ODE2ZGRiNDRkNTBjM2U1NzYzNTc1NzcxODBkOTg1YjJhYzJmNjBhYmJmNzgwNmQzYjIifQ==
accept-language: en-US
sec-fetch-dest: empty
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684523.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlhNbWF2REJLV052ek54Wkx3dldJS2c9PSIsInZhbHVlIjoiOFwvWFI5XC9ZelhaZnRDdEhVWDB0XC9FOHc1NGJKa2l1VWJYaFp3M2loY0tNUVVBT0lncnhPQTlZOG84VFIwYklhZCIsIm1hYyI6IjFmMTY0NzNiZTQ1OGE5ODE2ZGRiNDRkNTBjM2U1NzYzNTc1NzcxODBkOTg1YjJhYzJmNjBhYmJmNzgwNmQzYjIifQ%3D%3D; c=eyJpdiI6IlZxRDZUazlKYTcrM0NsOU1WampucXc9PSIsInZhbHVlIjoiSjdPeEQ3dVFUVW5CZmxaelloSzRVVUl5bG96TTFJVzRKWDUyN0ZrN3dSQkZGUGNqYXJNN0t5clViRVwveWhUaFQiLCJtYWMiOiJmNjBjMTljZDkxMTE2NDU1YTJiYzYzZDUwODk3Y2IxZjAwMzAzOTUxY2YzMzY0MWZkZTRmODE5YzRlODQzZTA2In0%3D
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IlhNbWF2REJLV052ek54Wkx3dldJS2c9PSIsInZhbHVlIjoiOFwvWFI5XC9ZelhaZnRDdEhVWDB0XC9FOHc1NGJKa2l1VWJYaFp3M2loY0tNUVVBT0lncnhPQTlZOG84VFIwYklhZCIsIm1hYyI6IjFmMTY0NzNiZTQ1OGE5ODE2ZGRiNDRkNTBjM2U1NzYzNTc1NzcxODBkOTg1YjJhYzJmNjBhYmJmNzgwNmQzYjIifQ==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:04 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r8qPblYIK1ZwehAosx7zlH%2FGGhiHLHztyZfvxsIKvfB3dWdPepDmxucWS9nWOViBlUmzbdXW94dhDawhpsAuTjFiyJDQYbuJ%2Fmc5SwVHlNSxaxirFJoO69TSqdsseX%2BVnIU%2BSJPhzkTOJRk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InBFRm5CZ0tqRjN2b1RqREdHbWtwWlE9PSIsInZhbHVlIjoiSkVtWmhaZHQ1enRZQ3NGcDdyXC93ZWtoU1ZnK1wvXC9yZmxUNjJhalwvaGY2R0xlVk9vWU1oZ1wvN2lQcERXcVI0d1pKIiwibWFjIjoiODgxZjEwMzM1MzZiNjM2YTQyZTVhYTRiY2FjOGY4NzkzM2ExNjYzMTdkMTUxN2IxNTk5NDcxNDgxNWY4OGVlMiJ9; expires=Wed, 11-Aug-2021 14:22:04 GMT; Max-Age=7200; path=/ c=eyJpdiI6IlluazZRdXlzdlZyNGp4S0ZpendsTlE9PSIsInZhbHVlIjoiQ3lUK0JYYWdEaXBRMnRXSDVZQmN5VHFMSVNBcWRxenZFYmpSMDNuRFwvQkh4Ymk2YTJ4WHVVeDVucXlIa2JHUDkiLCJtYWMiOiI2NmU4MDhjZmQzY2E4MjQxMGE5MWE0ZDBmYTcyYTZjZjcxOGU2ZjhiOWQwMzAyNTAyNmIxMTYwMTdjNTVmY2ZmIn0%3D; expires=Wed, 11-Aug-2021 14:22:04 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d637ec005fd-FRA

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 16ms
16ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684523.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlhNbWF2REJLV052ek54Wkx3dldJS2c9PSIsInZhbHVlIjoiOFwvWFI5XC9ZelhaZnRDdEhVWDB0XC9FOHc1NGJKa2l1VWJYaFp3M2loY0tNUVVBT0lncnhPQTlZOG84VFIwYklhZCIsIm1hYyI6IjFmMTY0NzNiZTQ1OGE5ODE2ZGRiNDRkNTBjM2U1NzYzNTc1NzcxODBkOTg1YjJhYzJmNjBhYmJmNzgwNmQzYjIifQ%3D%3D; c=eyJpdiI6IlZxRDZUazlKYTcrM0NsOU1WampucXc9PSIsInZhbHVlIjoiSjdPeEQ3dVFUVW5CZmxaelloSzRVVUl5bG96TTFJVzRKWDUyN0ZrN3dSQkZGUGNqYXJNN0t5clViRVwveWhUaFQiLCJtYWMiOiJmNjBjMTljZDkxMTE2NDU1YTJiYzYzZDUwODk3Y2IxZjAwMzAzOTUxY2YzMzY0MWZkZTRmODE5YzRlODQzZTA2In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:04 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5481
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: "61113bce-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xeKf43OvsrvQsn49O8nUcmzfxpysKizdJ9yCMplkKNEP%2BNltYeUnHDNiANvp7XY9v0co8SLgvxg0B%2BPNvXJk%2BTfxWbmWkBlKvNsaFyqEOHbMD9ICs2%2Ffmo86T%2FYlj%2FhSWfCmrNVdznOGZmY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d637ec705fd-FRA

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 128 KB
50 KB 17ms
17ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6c9bea9ae6f0ce80d62bb455e4c2b0af95a19e05b705666c76add24909fcaec8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:04 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51224
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:04 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2730
date: Wed, 11 Aug 2021 11:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 11 Aug 2021 13:36:34 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 26ms
25ms Script
application/javascript 54.192.219.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.13 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ba0f7c8cd1226246385e057da152929c0c7b7868b6a4b64ff6de9537bf8aeb33

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:14 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 50
etag: W/2bfd20973994a2ba4876103e95eba243
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: MRS52-P2
x-amz-cf-id: AsqDn9uHPy6dVNWmbsDtkSagm7itcjhEKzJtxM9KufTx6W91_fcZvQ==
via: 1.1 ee464261ee466fae8314a91098b35372.cloudfront.net (CloudFront)

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 14ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:04 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 14ms
14ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:04 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
BLOB 200
OK eefc6edb-c5b0-4bbe-84cb-d06b488409fb
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/eefc6edb-c5b0-4bbe-84cb-d06b488409fb
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 518ms
518ms Image
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 9ms
8ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.7154113215383009&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:03 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 14ms
14ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:04 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 16ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:04 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 8ms
8ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.8731207900293281
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:04 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=2046932124&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=668805998.1628684518&tid=UA-192660002-1&_gid=1978519149.1628684523&gtm=2wg891MSK8GMG&z=616260558

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Aug 2021 20:58:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 55414
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 36ms
36ms Script
application/javascript 54.192.219.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 511439
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 1cfafe71e396134dc106e8c1515876bd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: oZ7d0fGnZFICNnPLa58AqFYBonMzpCZSv78Bzuuf1xfTumig7JGl1g==

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 8ms
8ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:04 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-133"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame C374 2 KB
1 KB 25ms
24ms Document
text/html 52.84.45.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.45.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-45-59.mrs52.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 03 Jun 2021 10:15:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 03 Jun 2021 10:14:54 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e5c15247ec560744bc8eee50e069c231.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-P1
x-amz-cf-id: Qiiv5bDRyCo9SOhvzlt7iB0Qyk4pHammXvwzVDpZ0rIAV51sww-fSA==
age: 5969219

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js Show response
cdn.pushcrew.com/js/ 248 KB
70 KB 104ms
103ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a74b97179203cf3de9b255635c3927c34791cabfe69261cc8d1235c13315e78

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:04 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Wed, 11 Aug 2021 12:52:04 GMT

POST
H3-29 201 event
tgfunnls.org/ 2 B
1 KB 251ms
251ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6InBFRm5CZ0tqRjN2b1RqREdHbWtwWlE9PSIsInZhbHVlIjoiSkVtWmhaZHQ1enRZQ3NGcDdyXC93ZWtoU1ZnK1wvXC9yZmxUNjJhalwvaGY2R0xlVk9vWU1oZ1wvN2lQcERXcVI0d1pKIiwibWFjIjoiODgxZjEwMzM1MzZiNjM2YTQyZTVhYTRiY2FjOGY4NzkzM2ExNjYzMTdkMTUxN2IxNTk5NDcxNDgxNWY4OGVlMiJ9
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684524.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6InBFRm5CZ0tqRjN2b1RqREdHbWtwWlE9PSIsInZhbHVlIjoiSkVtWmhaZHQ1enRZQ3NGcDdyXC93ZWtoU1ZnK1wvXC9yZmxUNjJhalwvaGY2R0xlVk9vWU1oZ1wvN2lQcERXcVI0d1pKIiwibWFjIjoiODgxZjEwMzM1MzZiNjM2YTQyZTVhYTRiY2FjOGY4NzkzM2ExNjYzMTdkMTUxN2IxNTk5NDcxNDgxNWY4OGVlMiJ9; c=eyJpdiI6IlluazZRdXlzdlZyNGp4S0ZpendsTlE9PSIsInZhbHVlIjoiQ3lUK0JYYWdEaXBRMnRXSDVZQmN5VHFMSVNBcWRxenZFYmpSMDNuRFwvQkh4Ymk2YTJ4WHVVeDVucXlIa2JHUDkiLCJtYWMiOiI2NmU4MDhjZmQzY2E4MjQxMGE5MWE0ZDBmYTcyYTZjZjcxOGU2ZjhiOWQwMzAyNTAyNmIxMTYwMTdjNTVmY2ZmIn0%3D
content-length: 188
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6InBFRm5CZ0tqRjN2b1RqREdHbWtwWlE9PSIsInZhbHVlIjoiSkVtWmhaZHQ1enRZQ3NGcDdyXC93ZWtoU1ZnK1wvXC9yZmxUNjJhalwvaGY2R0xlVk9vWU1oZ1wvN2lQcERXcVI0d1pKIiwibWFjIjoiODgxZjEwMzM1MzZiNjM2YTQyZTVhYTRiY2FjOGY4NzkzM2ExNjYzMTdkMTUxN2IxNTk5NDcxNDgxNWY4OGVlMiJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Wed, 11 Aug 2021 12:22:04 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JbW6gssuipFWUdC6vNdEB20yJ3g86NCa7w6H5OBcvw2PBEpQktRz36huqpP7SX20uOOfB2nvYGokCov2EkXrhrmzAoJHxoWnuj5XadAoXtTSkt%2FhkeXliKMaiv0Pd5gJSkiJo8VZ%2B8Es2Tg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjA5UklzdVpnZUVpMmxNRzRwaEtDXC9BPT0iLCJ2YWx1ZSI6InJWS2wwR2RsS0ZUTXh1WCtSaVdQRXAwVFVRMnJ0K0pRdGpsN3RGMEFUbmlMS0wwNFpsOTRKWTdkYTJFdVRJOU0iLCJtYWMiOiJjZGI3M2EyYjcxNDE2OWQ4ZTNlNjRiYzA1NmM5MWE4MzI3NjZkOGRmN2ZmNzBhZmNhNzg2M2ExYzZhMmI3ODEwIn0%3D; expires=Wed, 11-Aug-2021 14:22:04 GMT; Max-Age=7200; path=/ c=eyJpdiI6ImwzcEtTbVZaYkpZaVwvaFgrYm83aUZBPT0iLCJ2YWx1ZSI6InZYcTF3cTlmVDNZXC9PYWV5dCtRSUx2YnU4a0RZNEZScTBZUFBNb01UZXpWditzSk1SY1krR3liWUZGaCswNlFuIiwibWFjIjoiNTBlNGU3ODcxZWNiM2M2YjM4N2E0YzUwMzI2NGIyMTkxNGVjNjEzOTIxZjRlY2FiOGI5NWQ4Mzc1N2M1MDg2YiJ9; expires=Wed, 11-Aug-2021 14:22:04 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d650a3005fd-FRA

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 16ms
16ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:04 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 14ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:04 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 384ms
383ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a09d0dbd7d74afc38170040899544c35bea710d8677005b5a09b68c761d5b59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684524.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6InBFRm5CZ0tqRjN2b1RqREdHbWtwWlE9PSIsInZhbHVlIjoiSkVtWmhaZHQ1enRZQ3NGcDdyXC93ZWtoU1ZnK1wvXC9yZmxUNjJhalwvaGY2R0xlVk9vWU1oZ1wvN2lQcERXcVI0d1pKIiwibWFjIjoiODgxZjEwMzM1MzZiNjM2YTQyZTVhYTRiY2FjOGY4NzkzM2ExNjYzMTdkMTUxN2IxNTk5NDcxNDgxNWY4OGVlMiJ9; c=eyJpdiI6IlluazZRdXlzdlZyNGp4S0ZpendsTlE9PSIsInZhbHVlIjoiQ3lUK0JYYWdEaXBRMnRXSDVZQmN5VHFMSVNBcWRxenZFYmpSMDNuRFwvQkh4Ymk2YTJ4WHVVeDVucXlIa2JHUDkiLCJtYWMiOiI2NmU4MDhjZmQzY2E4MjQxMGE5MWE0ZDBmYTcyYTZjZjcxOGU2ZjhiOWQwMzAyNTAyNmIxMTYwMTdjNTVmY2ZmIn0%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Wed, 11 Aug 2021 12:22:04 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImlwMWRzOUE4azVuTkpTRUQ4R0hOUnc9PSIsInZhbHVlIjoiMXdxSVc5ZVwvaG9ZdGx6NVZUelwvU1hiS28wSE5POXlmam85bWw4Nm9nZlYwejA5bUFvSzFQOGpLbWhWaCt4VXA0IiwibWFjIjoiNGNlNzVhNjI0OGVjZWZiNzg2ZDUwYTIwMGMwNDViODM2M2RmZmUzZTMyODg0MzRmMjkzMGNlNGQ3MjIzNTUyYyJ9; expires=Wed, 11-Aug-2021 14:22:04 GMT; Max-Age=7200; path=/ c=eyJpdiI6IjV4aGVmQnFIZ0pMSjI5QUxzODRxUkE9PSIsInZhbHVlIjoia09JZjUrem9xUUt1eEVFcUgrRVwvMHZ0WnN1bm5GNUpyM2Fra201ZjRsZTBKdnZQUTdPQkFyS1ZHQVZyYTN0Y1UiLCJtYWMiOiJhNThkNjE3OWVkMzMzZTM1NDM1NDFmNGViNDc2MzVlODgwYzM2N2IzMWRiOTJkNjEzYTlkZTdmYmNkMjIzNzk0In0%3D; expires=Wed, 11-Aug-2021 14:22:04 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 3
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dSPxG2aqo7nW%2BRpsx0v9L6aiiL8TQU22vhgkTSUnX6P9UZ4DC%2Fkms7KR8rGG8bdu9WeBOsKmXHmqX9gYavMswHGnP1g3aAkjCSCbJocG8jcUsAL0I4TgKRKQuF4KH6ycMFozh0vUPEIrJg8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67d16d666de205fd-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 14ms
13ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 11 Aug 2021 12:22:04 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 40ms
39ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684524.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImlwMWRzOUE4azVuTkpTRUQ4R0hOUnc9PSIsInZhbHVlIjoiMXdxSVc5ZVwvaG9ZdGx6NVZUelwvU1hiS28wSE5POXlmam85bWw4Nm9nZlYwejA5bUFvSzFQOGpLbWhWaCt4VXA0IiwibWFjIjoiNGNlNzVhNjI0OGVjZWZiNzg2ZDUwYTIwMGMwNDViODM2M2RmZmUzZTMyODg0MzRmMjkzMGNlNGQ3MjIzNTUyYyJ9; c=eyJpdiI6IjV4aGVmQnFIZ0pMSjI5QUxzODRxUkE9PSIsInZhbHVlIjoia09JZjUrem9xUUt1eEVFcUgrRVwvMHZ0WnN1bm5GNUpyM2Fra201ZjRsZTBKdnZQUTdPQkFyS1ZHQVZyYTN0Y1UiLCJtYWMiOiJhNThkNjE3OWVkMzMzZTM1NDM1NDFmNGViNDc2MzVlODgwYzM2N2IzMWRiOTJkNjEzYTlkZTdmYmNkMjIzNzk0In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:04 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 647
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NwGCdYrjJNprGfF7pp8s%2F61smhKuFc8UsjosM6Bqtm6tWy3OjtC5qNrO4RzsUtP9CmkY8JOC5lTrUwyA9Xcien0nDM2sWmAdbSVjZunZ9IkV2ltmVm9FN%2BJcHDbYjfEnm%2BZy9mpQLdO99kk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d68eb8405fd-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
760 B 40ms
40ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684524.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImlwMWRzOUE4azVuTkpTRUQ4R0hOUnc9PSIsInZhbHVlIjoiMXdxSVc5ZVwvaG9ZdGx6NVZUelwvU1hiS28wSE5POXlmam85bWw4Nm9nZlYwejA5bUFvSzFQOGpLbWhWaCt4VXA0IiwibWFjIjoiNGNlNzVhNjI0OGVjZWZiNzg2ZDUwYTIwMGMwNDViODM2M2RmZmUzZTMyODg0MzRmMjkzMGNlNGQ3MjIzNTUyYyJ9; c=eyJpdiI6IjV4aGVmQnFIZ0pMSjI5QUxzODRxUkE9PSIsInZhbHVlIjoia09JZjUrem9xUUt1eEVFcUgrRVwvMHZ0WnN1bm5GNUpyM2Fra201ZjRsZTBKdnZQUTdPQkFyS1ZHQVZyYTN0Y1UiLCJtYWMiOiJhNThkNjE3OWVkMzMzZTM1NDM1NDFmNGViNDc2MzVlODgwYzM2N2IzMWRiOTJkNjEzYTlkZTdmYmNkMjIzNzk0In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:04 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 647
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rl5Lf1PBMnrA6NYaXYHKnZ5VqQWJTDLC%2BCO0LY7cWeILyY%2B97iP7QMi4U3tjDKzJh6ClLA9SL%2BUeg2joehSWB2kpoPUTlflfGv7gFcTfHWEOGy7h4Jwuq6d2sdtq9RdHmyvLr88dHHDFanI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d68eb8505fd-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 8ms
7ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:04 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf7b-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:11:04 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 15ms
15ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 32ms
22ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7f-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 33ms
23ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd188-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 23ms
15ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684524.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImlwMWRzOUE4azVuTkpTRUQ4R0hOUnc9PSIsInZhbHVlIjoiMXdxSVc5ZVwvaG9ZdGx6NVZUelwvU1hiS28wSE5POXlmam85bWw4Nm9nZlYwejA5bUFvSzFQOGpLbWhWaCt4VXA0IiwibWFjIjoiNGNlNzVhNjI0OGVjZWZiNzg2ZDUwYTIwMGMwNDViODM2M2RmZmUzZTMyODg0MzRmMjkzMGNlNGQ3MjIzNTUyYyJ9; c=eyJpdiI6IjV4aGVmQnFIZ0pMSjI5QUxzODRxUkE9PSIsInZhbHVlIjoia09JZjUrem9xUUt1eEVFcUgrRVwvMHZ0WnN1bm5GNUpyM2Fra201ZjRsZTBKdnZQUTdPQkFyS1ZHQVZyYTN0Y1UiLCJtYWMiOiJhNThkNjE3OWVkMzMzZTM1NDM1NDFmNGViNDc2MzVlODgwYzM2N2IzMWRiOTJkNjEzYTlkZTdmYmNkMjIzNzk0In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5022
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:27:10 GMT
server: cloudflare
etag: "61113b3e-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DiHU498LCet%2BeMB5ONm2pJqTqIcIHHfwMEgLTSZPcqIcvv7HQaNc16HnBlsGneUvOPaAZBbM3FCmd15rdabiGTvDEcFr7Yz%2Fswdvv2UsNNjMcS3dDFOKSjNdQbfaBzDkuYBS%2B0k2icgJXyI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d696c7605fd-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 32ms
23ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7e-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 33ms
22ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7d-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 33ms
22ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd193-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 25ms
23ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf82-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 25ms
24ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18f-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 9ms
5ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf87-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
5ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd187-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 7ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7c-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 8ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf79-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18e-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd189-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
5ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18b-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd185-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 7ms
5ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18a-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 7ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf81-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 7ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18d-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 20ms
13ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684524.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImlwMWRzOUE4azVuTkpTRUQ4R0hOUnc9PSIsInZhbHVlIjoiMXdxSVc5ZVwvaG9ZdGx6NVZUelwvU1hiS28wSE5POXlmam85bWw4Nm9nZlYwejA5bUFvSzFQOGpLbWhWaCt4VXA0IiwibWFjIjoiNGNlNzVhNjI0OGVjZWZiNzg2ZDUwYTIwMGMwNDViODM2M2RmZmUzZTMyODg0MzRmMjkzMGNlNGQ3MjIzNTUyYyJ9; c=eyJpdiI6IjV4aGVmQnFIZ0pMSjI5QUxzODRxUkE9PSIsInZhbHVlIjoia09JZjUrem9xUUt1eEVFcUgrRVwvMHZ0WnN1bm5GNUpyM2Fra201ZjRsZTBKdnZQUTdPQkFyS1ZHQVZyYTN0Y1UiLCJtYWMiOiJhNThkNjE3OWVkMzMzZTM1NDM1NDFmNGViNDc2MzVlODgwYzM2N2IzMWRiOTJkNjEzYTlkZTdmYmNkMjIzNzk0In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 648
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DBKp7A7cBbfC20iVFFsF5A3Uy1xLMjPrUMDs814B5cOf1kuHeM5dW%2F9sFgn09CQ7ZpWOjydcUJI4bJMfMAO7lNa1ltEhc9hFmTswgQQnKuMSIHF47ZzNRer87kbHo%2Fs5oKXeT6DnhKaqgBA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67d16d696c7805fd-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 10ms
10ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684524.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImlwMWRzOUE4azVuTkpTRUQ4R0hOUnc9PSIsInZhbHVlIjoiMXdxSVc5ZVwvaG9ZdGx6NVZUelwvU1hiS28wSE5POXlmam85bWw4Nm9nZlYwejA5bUFvSzFQOGpLbWhWaCt4VXA0IiwibWFjIjoiNGNlNzVhNjI0OGVjZWZiNzg2ZDUwYTIwMGMwNDViODM2M2RmZmUzZTMyODg0MzRmMjkzMGNlNGQ3MjIzNTUyYyJ9; c=eyJpdiI6IjV4aGVmQnFIZ0pMSjI5QUxzODRxUkE9PSIsInZhbHVlIjoia09JZjUrem9xUUt1eEVFcUgrRVwvMHZ0WnN1bm5GNUpyM2Fra201ZjRsZTBKdnZQUTdPQkFyS1ZHQVZyYTN0Y1UiLCJtYWMiOiJhNThkNjE3OWVkMzMzZTM1NDM1NDFmNGViNDc2MzVlODgwYzM2N2IzMWRiOTJkNjEzYTlkZTdmYmNkMjIzNzk0In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Aug 2021 12:35:03 GMT
server: cloudflare
etag: W/"610bdaf7-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4lGBQNlya7ayDf0rrk7FVLKOiCn8uVr3oyWnLLvdpv0oKRAUgSGxAQ8LGGA%2FXN7GSp03zxSF5%2F2qDx2Kn6d%2BXMy07vkSkWtDn0cmRITTY2t5flpKsVde8QisQ2LMTJqdcDAyNqMqbwJ1Eq0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d691beb05fd-FRA
vary: Accept-Encoding
expires: Fri, 13 Aug 2021 12:22:04 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 15ms
15ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684524.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImlwMWRzOUE4azVuTkpTRUQ4R0hOUnc9PSIsInZhbHVlIjoiMXdxSVc5ZVwvaG9ZdGx6NVZUelwvU1hiS28wSE5POXlmam85bWw4Nm9nZlYwejA5bUFvSzFQOGpLbWhWaCt4VXA0IiwibWFjIjoiNGNlNzVhNjI0OGVjZWZiNzg2ZDUwYTIwMGMwNDViODM2M2RmZmUzZTMyODg0MzRmMjkzMGNlNGQ3MjIzNTUyYyJ9; c=eyJpdiI6IjV4aGVmQnFIZ0pMSjI5QUxzODRxUkE9PSIsInZhbHVlIjoia09JZjUrem9xUUt1eEVFcUgrRVwvMHZ0WnN1bm5GNUpyM2Fra201ZjRsZTBKdnZQUTdPQkFyS1ZHQVZyYTN0Y1UiLCJtYWMiOiJhNThkNjE3OWVkMzMzZTM1NDM1NDFmNGViNDc2MzVlODgwYzM2N2IzMWRiOTJkNjEzYTlkZTdmYmNkMjIzNzk0In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:04 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 647
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: W/"61113bce-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nzTmqsqhHispOwEwvRlkpKq1xEDnRzgGMSU7vhAYV3hJRuQeSjl6rZs7xk0QVf4qlW1zmdSMCFZ4x02p4Pn0mGDea5%2Bdq%2BfP16XMZKbeYY9xvCXCXg7yfXCJlJQ0NsXZPADfIPW1ozZKQUg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d691bee05fd-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 33ms
33ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684524.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImlwMWRzOUE4azVuTkpTRUQ4R0hOUnc9PSIsInZhbHVlIjoiMXdxSVc5ZVwvaG9ZdGx6NVZUelwvU1hiS28wSE5POXlmam85bWw4Nm9nZlYwejA5bUFvSzFQOGpLbWhWaCt4VXA0IiwibWFjIjoiNGNlNzVhNjI0OGVjZWZiNzg2ZDUwYTIwMGMwNDViODM2M2RmZmUzZTMyODg0MzRmMjkzMGNlNGQ3MjIzNTUyYyJ9; c=eyJpdiI6IjV4aGVmQnFIZ0pMSjI5QUxzODRxUkE9PSIsInZhbHVlIjoia09JZjUrem9xUUt1eEVFcUgrRVwvMHZ0WnN1bm5GNUpyM2Fra201ZjRsZTBKdnZQUTdPQkFyS1ZHQVZyYTN0Y1UiLCJtYWMiOiJhNThkNjE3OWVkMzMzZTM1NDM1NDFmNGViNDc2MzVlODgwYzM2N2IzMWRiOTJkNjEzYTlkZTdmYmNkMjIzNzk0In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3897
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FfZcJ921DLfI1%2Bnx0HvrVaGCGubG5H5DbUt6Hua%2FTy9Ljole%2BlnuzWyXhRCuEGfiLkNXOHOIvmmpLctySqDGVcxuG2vMwoo2N3aYZD41%2F4EwmEINOvxXqGQDNmq8MeyMbE5kPjHz5X16kiw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d693c1d05fd-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 9ms
9ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf86-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 21ms
14ms Script
text/plain 18.193.146.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.146.82 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-146-82.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:22:05 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 47ms
14ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:22:05 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 22ms
15ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 789421e97c465f7367c2c16bad228afc0d9211d9ff3c949b7ef88b72e9fc30db

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 06 Aug 2021 11:17:33 GMT
server: cloudflare
age: 6666
etag: W/"610d1a4d-97e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OWeMkFxX7ifbmywL6wsR1NNkcQjv92xg6syHzZkxVSORTFNpBEYTeu7hNaCSGxwr%2FHZmSZzh0XF5UvRnpcc58dI4DOX7SU8gfxArQascos%2BV%2Fou7NdNZOhd%2BNT3ASHUKECIyAXwiwHNR8pi%2F4w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d696bf92c22-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 111 KB
41 KB 22ms
16ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

abf5e420544cdc91fec5600e8fac1b07f6fd02f69671fa214259ad6518213358

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42029
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 11 Aug 2021 12:22:05 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 40ms
14ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 16ms
10ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.6967728547283996
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: ca2cb46f94a8ab9fd126185842e2c223a7ed31c236cf983a8ac187f2d64569fe

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 12:22:05 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 25ms
23ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx00000000000000491e693-0060df2731-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 22ms
20ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd245-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 7ms
6ms Media
video/mp4 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a44bcc-0060f54e68-141c7b61-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Thu, 11 Aug 2022 18:11:05 GMT

GET
H3-29 200 tag-a511eb58bc7ee0b0cbc6906497418127.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/ 214 KB
61 KB 12ms
10ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.6967728547283996
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: ffef253989420f0b71eec148da3bbe555e1117a9860323b7a39b267bbb62ebe6

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:04 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-f354"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62292
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 111ms
109ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=DB76FDD5DD838C8DD81D28BC77422F6F9&h=28831bf43ecbcc7c99f644b2f321bf1e&t=false&r=0.9917027438126593

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:22:05 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 15ms
14ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684524.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImlwMWRzOUE4azVuTkpTRUQ4R0hOUnc9PSIsInZhbHVlIjoiMXdxSVc5ZVwvaG9ZdGx6NVZUelwvU1hiS28wSE5POXlmam85bWw4Nm9nZlYwejA5bUFvSzFQOGpLbWhWaCt4VXA0IiwibWFjIjoiNGNlNzVhNjI0OGVjZWZiNzg2ZDUwYTIwMGMwNDViODM2M2RmZmUzZTMyODg0MzRmMjkzMGNlNGQ3MjIzNTUyYyJ9; c=eyJpdiI6IjV4aGVmQnFIZ0pMSjI5QUxzODRxUkE9PSIsInZhbHVlIjoia09JZjUrem9xUUt1eEVFcUgrRVwvMHZ0WnN1bm5GNUpyM2Fra201ZjRsZTBKdnZQUTdPQkFyS1ZHQVZyYTN0Y1UiLCJtYWMiOiJhNThkNjE3OWVkMzMzZTM1NDM1NDFmNGViNDc2MzVlODgwYzM2N2IzMWRiOTJkNjEzYTlkZTdmYmNkMjIzNzk0In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5482
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: "61113bce-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F16tJJitTyuH3bAPKhyX%2FYtFZpyeWVHjI89DF2%2B8ZmB4FIkRtlyotR14CU52iS%2FgId4FEj03PXo%2F42v18wKQ%2FUctMoNOn9wqmCQpcYixtRYGG38DsdZgleTpTbRAnZG0C5A69mLJtgzqa0k%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d69ad0d05fd-FRA

GET
H3-29 200 locate Show response
tgfunnls.org/ 150 B
1 KB 183ms
183ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

126f29647a5fd666abd70f0bfe4f9a9b972c2e385e09554cf2fea5ffe35f62fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6ImlwMWRzOUE4azVuTkpTRUQ4R0hOUnc9PSIsInZhbHVlIjoiMXdxSVc5ZVwvaG9ZdGx6NVZUelwvU1hiS28wSE5POXlmam85bWw4Nm9nZlYwejA5bUFvSzFQOGpLbWhWaCt4VXA0IiwibWFjIjoiNGNlNzVhNjI0OGVjZWZiNzg2ZDUwYTIwMGMwNDViODM2M2RmZmUzZTMyODg0MzRmMjkzMGNlNGQ3MjIzNTUyYyJ9
accept-language: en-US
sec-fetch-dest: empty
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684524.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImlwMWRzOUE4azVuTkpTRUQ4R0hOUnc9PSIsInZhbHVlIjoiMXdxSVc5ZVwvaG9ZdGx6NVZUelwvU1hiS28wSE5POXlmam85bWw4Nm9nZlYwejA5bUFvSzFQOGpLbWhWaCt4VXA0IiwibWFjIjoiNGNlNzVhNjI0OGVjZWZiNzg2ZDUwYTIwMGMwNDViODM2M2RmZmUzZTMyODg0MzRmMjkzMGNlNGQ3MjIzNTUyYyJ9; c=eyJpdiI6IjV4aGVmQnFIZ0pMSjI5QUxzODRxUkE9PSIsInZhbHVlIjoia09JZjUrem9xUUt1eEVFcUgrRVwvMHZ0WnN1bm5GNUpyM2Fra201ZjRsZTBKdnZQUTdPQkFyS1ZHQVZyYTN0Y1UiLCJtYWMiOiJhNThkNjE3OWVkMzMzZTM1NDM1NDFmNGViNDc2MzVlODgwYzM2N2IzMWRiOTJkNjEzYTlkZTdmYmNkMjIzNzk0In0%3D
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6ImlwMWRzOUE4azVuTkpTRUQ4R0hOUnc9PSIsInZhbHVlIjoiMXdxSVc5ZVwvaG9ZdGx6NVZUelwvU1hiS28wSE5POXlmam85bWw4Nm9nZlYwejA5bUFvSzFQOGpLbWhWaCt4VXA0IiwibWFjIjoiNGNlNzVhNjI0OGVjZWZiNzg2ZDUwYTIwMGMwNDViODM2M2RmZmUzZTMyODg0MzRmMjkzMGNlNGQ3MjIzNTUyYyJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qXpEZmMqexpTRNTaG96QPDEtAHWH7uzKyVVbpjwekval6y6tvKLCiIjC8V9C1c8QR2gMSf1NzBCMjL8sByRk%2F%2FpxIctQyEeWTMc2rUSB048Mrq3gEq%2BRW%2FHWAJVZvRZ3142y4A7s5c33HLM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InloSWs2TkF4NVFvRllkaGZYVnBSY0E9PSIsInZhbHVlIjoiXC9mNjVndTVIM3hrUDdTQzhWR2crQnV5TndyNTc2Z3pNTEIrNkpjb24rbHBSWG5qVEhTemt0Tkt0TEpzWTRqdXgiLCJtYWMiOiI1YzM4NzZjZGY0Zjk3ZjRlY2Y3MDFiNDVjMjNmNjUyMzU0MjAyODgzZWJjODc5MzgyZGIzNDIwZGJkZDExMjc2In0%3D; expires=Wed, 11-Aug-2021 14:22:05 GMT; Max-Age=7200; path=/ c=eyJpdiI6IjdLd3RCcEIxWWxaQ1RrNnI4RmtrZHc9PSIsInZhbHVlIjoiM0ZIb0ZyUmxiQklrbXd3S1JlVlRqTUhwZmRqVVdlUjBrMEc0dlJkbXpyeWhsd01Ja3hTK2I4MmRkcjE1akdFdCIsIm1hYyI6IjgxZjMxNjc5ZDU1Nzk2YTQwMTg1N2E3NzIzMTg2NGMxZTdkNGZiODk4NTRlYmZkMzdkY2UxN2M3Y2MyZTVjZDkifQ%3D%3D; expires=Wed, 11-Aug-2021 14:22:05 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d69dd6005fd-FRA

GET
BLOB 200
OK e327a12c-40af-4732-9290-2b8f9330ee26
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/e327a12c-40af-4732-9290-2b8f9330ee26
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 39ms
39ms Image
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 39ms
38ms Fetch
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 4898024456010196187
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 11 Aug 2021 12:22:05 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 43ms
14ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: ae1c8601b11a0964cfd063e89aa5d9441ca5fac9aeddc32c1359bb367bb1078e

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:22:05 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
542 B 15ms
13ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

162aa644ab9a525906b543be495a333f0d22fb80473ebe1a5604ef6bdaedda08

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:00 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 16ms
15ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:22:05 GMT
Server: nginx/1.19.10
Etag: 9d6b1b98-3884-4fd3-8ac2-52f454f55038
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 16ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:05 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 16ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:05 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 17ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:05 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 16ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:05 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 16ms
15ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:05 GMT

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 15ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:05 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 15ms
15ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:05 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 9ms
9ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.24116460279952578&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 128 KB
50 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c6d9537247b2c33b014a1f9f866faf62de1ebdbef63a8d63f3f4a686d2d88c8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51223
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:05 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2731
date: Wed, 11 Aug 2021 11:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 11 Aug 2021 13:36:34 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 25ms
25ms Script
application/javascript 54.192.219.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.13 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ba0f7c8cd1226246385e057da152929c0c7b7868b6a4b64ff6de9537bf8aeb33

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:14 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 51
etag: W/2bfd20973994a2ba4876103e95eba243
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: MRS52-P2
x-amz-cf-id: Fb5FZo_s3shJiIBREjo9RYU_lMF4DUBBpWS0iMx66LTD2tmmTz88uA==
via: 1.1 ee464261ee466fae8314a91098b35372.cloudfront.net (CloudFront)

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 13ms
13ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.7617876503692547
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 15ms
15ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:05 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 15ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:05 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 21ms
21ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-133"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=2145017856&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=668805998.1628684518&tid=UA-192660002-1&_gid=1978519149.1628684523&gtm=2wg891MSK8GMG&z=171496589

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Aug 2021 20:58:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 55415
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 26ms
26ms Script
application/javascript 54.192.219.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 511440
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 1cfafe71e396134dc106e8c1515876bd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: ZafXAvql68oahKciQ0lCESO8K13AEN8iSwwC_zmPzk4jMsQxooBQUw==

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js Show response
cdn.pushcrew.com/js/ 248 KB
70 KB 101ms
100ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a74b97179203cf3de9b255635c3927c34791cabfe69261cc8d1235c13315e78

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Wed, 11 Aug 2021 12:52:05 GMT

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 237ms
237ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6InloSWs2TkF4NVFvRllkaGZYVnBSY0E9PSIsInZhbHVlIjoiXC9mNjVndTVIM3hrUDdTQzhWR2crQnV5TndyNTc2Z3pNTEIrNkpjb24rbHBSWG5qVEhTemt0Tkt0TEpzWTRqdXgiLCJtYWMiOiI1YzM4NzZjZGY0Zjk3ZjRlY2Y3MDFiNDVjMjNmNjUyMzU0MjAyODgzZWJjODc5MzgyZGIzNDIwZGJkZDExMjc2In0=
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684525.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6InloSWs2TkF4NVFvRllkaGZYVnBSY0E9PSIsInZhbHVlIjoiXC9mNjVndTVIM3hrUDdTQzhWR2crQnV5TndyNTc2Z3pNTEIrNkpjb24rbHBSWG5qVEhTemt0Tkt0TEpzWTRqdXgiLCJtYWMiOiI1YzM4NzZjZGY0Zjk3ZjRlY2Y3MDFiNDVjMjNmNjUyMzU0MjAyODgzZWJjODc5MzgyZGIzNDIwZGJkZDExMjc2In0%3D; c=eyJpdiI6IjdLd3RCcEIxWWxaQ1RrNnI4RmtrZHc9PSIsInZhbHVlIjoiM0ZIb0ZyUmxiQklrbXd3S1JlVlRqTUhwZmRqVVdlUjBrMEc0dlJkbXpyeWhsd01Ja3hTK2I4MmRkcjE1akdFdCIsIm1hYyI6IjgxZjMxNjc5ZDU1Nzk2YTQwMTg1N2E3NzIzMTg2NGMxZTdkNGZiODk4NTRlYmZkMzdkY2UxN2M3Y2MyZTVjZDkifQ%3D%3D
content-length: 188
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6InloSWs2TkF4NVFvRllkaGZYVnBSY0E9PSIsInZhbHVlIjoiXC9mNjVndTVIM3hrUDdTQzhWR2crQnV5TndyNTc2Z3pNTEIrNkpjb24rbHBSWG5qVEhTemt0Tkt0TEpzWTRqdXgiLCJtYWMiOiI1YzM4NzZjZGY0Zjk3ZjRlY2Y3MDFiNDVjMjNmNjUyMzU0MjAyODgzZWJjODc5MzgyZGIzNDIwZGJkZDExMjc2In0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TtMi7L%2B%2BLdFJxgUhpStEmm%2BoznMfidXvqHYpjksEQQJdVIKlTKAnDIIBbfQjUcMiVpn1jmX4KKYsOVgi4IyP5WJ43HzTnRefNj6nAmb85qAP3vDTz5ScrUoKGjMEXogE0AYee%2Fera1lTosI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IldFMXREQm9vRW4xWWVaVDZuOWVrMUE9PSIsInZhbHVlIjoiN2lraVFhc2N4ZE5NT0NhUnZVV3ZoemFoXC83SkhSYkVcL25saXJrelRRRm1NODFHYW9LNFB4YzNib1U5a0NhbzQ5IiwibWFjIjoiOTA1MDhlNmZlYjg5NGQ5Nzg4OGFkZDczNTM1NzRhZjU2NjM5ZmI1YjM3MzgzMWIwNjJkMmJhNDllY2EwZTc1NCJ9; expires=Wed, 11-Aug-2021 14:22:05 GMT; Max-Age=7200; path=/ c=eyJpdiI6Im44Z0ZweUxPcCs0SFJyZGZQQ0xzSGc9PSIsInZhbHVlIjoiTzdoMEFLV1lyY1wvblwvUjhkNlE4VlNPVVwvVXJ2UFU5cWRPWEprbmx0RFwvVmRodSttMjJ0UWFaZHNCbkVSdWtUb20iLCJtYWMiOiI5NjRlMTM2NWU4OTU2OGEzYjhjZTFkZWEyYzVkMzlmMWZjN2EzZGY5YTU4ZDY5YzI0ZGE3MTY0ZmE4ZGZhMGM0In0%3D; expires=Wed, 11-Aug-2021 14:22:05 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d6af83105fd-FRA

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 3DFC 2 KB
1 KB 25ms
25ms Document
text/html 52.84.45.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.45.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-45-59.mrs52.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 03 Jun 2021 10:15:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 03 Jun 2021 10:14:54 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e5c15247ec560744bc8eee50e069c231.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-P1
x-amz-cf-id: I4Abj64cFRj8Wo9O-t1d86WbqggdV078U172kYiRe0x-ZIV1E_Fuyg==
age: 5969220

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 21ms
21ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:05 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 15ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:05 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 15ms
15ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 11 Aug 2021 12:22:05 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 307ms
306ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84d988cbe7e8c51f7e9b2be70eecd3de45e6f9c8f592b86c9c809a3d5f9e15a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684525.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IldFMXREQm9vRW4xWWVaVDZuOWVrMUE9PSIsInZhbHVlIjoiN2lraVFhc2N4ZE5NT0NhUnZVV3ZoemFoXC83SkhSYkVcL25saXJrelRRRm1NODFHYW9LNFB4YzNib1U5a0NhbzQ5IiwibWFjIjoiOTA1MDhlNmZlYjg5NGQ5Nzg4OGFkZDczNTM1NzRhZjU2NjM5ZmI1YjM3MzgzMWIwNjJkMmJhNDllY2EwZTc1NCJ9; c=eyJpdiI6Im44Z0ZweUxPcCs0SFJyZGZQQ0xzSGc9PSIsInZhbHVlIjoiTzdoMEFLV1lyY1wvblwvUjhkNlE4VlNPVVwvVXJ2UFU5cWRPWEprbmx0RFwvVmRodSttMjJ0UWFaZHNCbkVSdWtUb20iLCJtYWMiOiI5NjRlMTM2NWU4OTU2OGEzYjhjZTFkZWEyYzVkMzlmMWZjN2EzZGY5YTU4ZDY5YzI0ZGE3MTY0ZmE4ZGZhMGM0In0%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImVmdENhbUNGMk5MT2hINjhVdGNVNWc9PSIsInZhbHVlIjoiYXM0bk92K092SDNnU1FadVpVS2JiaDFZUGF6TnZuTVBNWlhcL1dPNENTWXVWWEdKRFJKTmRPcXVKWDlSWEVUNzYiLCJtYWMiOiJlZWI0ZmQzYmM4MGFkZjU4NGJkNDlhMjg5MDhiYzU5OWE3MmY0OTE0Y2ZjODY5MTYxMTE3MzUxNjFlMDc3YTk2In0%3D; expires=Wed, 11-Aug-2021 14:22:05 GMT; Max-Age=7200; path=/ c=eyJpdiI6IkxjMVh1TzZhd21sbENnYW9cL0FuOFwvdz09IiwidmFsdWUiOiJsXC9hakhvZUlLVzMyakNNM1RvWlwvQ21uOU1PWm5mMDRNb0xSR2JKb3IzMnl2Tm5qN0lrZXMzZ1JRd3hweGUzZmMiLCJtYWMiOiI0YzI3ZTExZjY2OTNmNjdjMTRkZjRmYTUxNTNhZTUzYzU3NzY4ZTNhYTM3YTJiMGY4MGVmZGY1MGNkZWE0MWY3In0%3D; expires=Wed, 11-Aug-2021 14:22:05 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 2
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QOlbTmDYd%2FpMPp5HQmSdMZ9NjMwEDISrQK9WpZDhlVqKCnBffrOwpqp%2FR6AnH%2FyNfAPnc07bpnMNU%2BTR3pFDPZgkw1yIYxHI5ZvKD0ip%2FL%2FOjq4T8HfmsXAamVApkOcnaDtr18%2FwVVF7is0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67d16d6dbe7e05fd-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 20ms
19ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684525.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImVmdENhbUNGMk5MT2hINjhVdGNVNWc9PSIsInZhbHVlIjoiYXM0bk92K092SDNnU1FadVpVS2JiaDFZUGF6TnZuTVBNWlhcL1dPNENTWXVWWEdKRFJKTmRPcXVKWDlSWEVUNzYiLCJtYWMiOiJlZWI0ZmQzYmM4MGFkZjU4NGJkNDlhMjg5MDhiYzU5OWE3MmY0OTE0Y2ZjODY5MTYxMTE3MzUxNjFlMDc3YTk2In0%3D; c=eyJpdiI6IkxjMVh1TzZhd21sbENnYW9cL0FuOFwvdz09IiwidmFsdWUiOiJsXC9hakhvZUlLVzMyakNNM1RvWlwvQ21uOU1PWm5mMDRNb0xSR2JKb3IzMnl2Tm5qN0lrZXMzZ1JRd3hweGUzZmMiLCJtYWMiOiI0YzI3ZTExZjY2OTNmNjdjMTRkZjRmYTUxNTNhZTUzYzU3NzY4ZTNhYTM3YTJiMGY4MGVmZGY1MGNkZWE0MWY3In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 649
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XNK%2F8tLB%2FcXnehWVxv%2FYpOh%2BqA%2B8dy%2BBrhj8%2BHnHCD0OiG9pnDIg1lvoNHEsAOm4JpnFvcGpTUjTtNjhJmYjXQl284MbM%2FmFxEjkQM4u4iAy8R4F%2BvBzbaV9EZ5nbC0M%2BLO3Ao2%2FfOQIz78%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d6fbaec05fd-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
758 B 15ms
14ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684525.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImVmdENhbUNGMk5MT2hINjhVdGNVNWc9PSIsInZhbHVlIjoiYXM0bk92K092SDNnU1FadVpVS2JiaDFZUGF6TnZuTVBNWlhcL1dPNENTWXVWWEdKRFJKTmRPcXVKWDlSWEVUNzYiLCJtYWMiOiJlZWI0ZmQzYmM4MGFkZjU4NGJkNDlhMjg5MDhiYzU5OWE3MmY0OTE0Y2ZjODY5MTYxMTE3MzUxNjFlMDc3YTk2In0%3D; c=eyJpdiI6IkxjMVh1TzZhd21sbENnYW9cL0FuOFwvdz09IiwidmFsdWUiOiJsXC9hakhvZUlLVzMyakNNM1RvWlwvQ21uOU1PWm5mMDRNb0xSR2JKb3IzMnl2Tm5qN0lrZXMzZ1JRd3hweGUzZmMiLCJtYWMiOiI0YzI3ZTExZjY2OTNmNjdjMTRkZjRmYTUxNTNhZTUzYzU3NzY4ZTNhYTM3YTJiMGY4MGVmZGY1MGNkZWE0MWY3In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 649
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=szkA%2BDFtVwH9bbrD0Zx7uZoKuwCjuZvsryV1wP3RXhl5xBGQzmtTnvizmJfxIJWd6JO2zLy8UtfGZ4TrdPnuOdug1uFb08kavqok7QLNedbs8ORW0A4CVtdYQtr5l0dOzg5%2BXk7SAgr1MP0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d6fbaf005fd-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 14ms
13ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf7b-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 16ms
15ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 29ms
24ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7f-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 30ms
25ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd188-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 24ms
21ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684525.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImVmdENhbUNGMk5MT2hINjhVdGNVNWc9PSIsInZhbHVlIjoiYXM0bk92K092SDNnU1FadVpVS2JiaDFZUGF6TnZuTVBNWlhcL1dPNENTWXVWWEdKRFJKTmRPcXVKWDlSWEVUNzYiLCJtYWMiOiJlZWI0ZmQzYmM4MGFkZjU4NGJkNDlhMjg5MDhiYzU5OWE3MmY0OTE0Y2ZjODY5MTYxMTE3MzUxNjFlMDc3YTk2In0%3D; c=eyJpdiI6IkxjMVh1TzZhd21sbENnYW9cL0FuOFwvdz09IiwidmFsdWUiOiJsXC9hakhvZUlLVzMyakNNM1RvWlwvQ21uOU1PWm5mMDRNb0xSR2JKb3IzMnl2Tm5qN0lrZXMzZ1JRd3hweGUzZmMiLCJtYWMiOiI0YzI3ZTExZjY2OTNmNjdjMTRkZjRmYTUxNTNhZTUzYzU3NzY4ZTNhYTM3YTJiMGY4MGVmZGY1MGNkZWE0MWY3In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5023
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:27:10 GMT
server: cloudflare
etag: "61113b3e-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DHCgbxbiLvMZRuGwKnX7MOOBZTdwcW2GiRvqP5AlRzgiYMVHlHHvsgspzE1tKt91ar2lteZJ95Bl4G0cNqF%2Bbd%2BbIJ3CPoTybl4cB92A0dBlB49O2W1IT4TaIK8TjgPLNHxh5elVOS5JShs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d702bf905fd-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 30ms
26ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7e-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 31ms
26ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7d-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 31ms
24ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd193-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 21ms
21ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf82-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 24ms
24ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18f-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 8ms
5ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf87-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
5ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd187-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 9ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7c-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 7ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf79-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 7ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18e-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd189-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18b-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd185-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18a-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 7ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf81-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 8ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18d-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 23ms
19ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684525.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImVmdENhbUNGMk5MT2hINjhVdGNVNWc9PSIsInZhbHVlIjoiYXM0bk92K092SDNnU1FadVpVS2JiaDFZUGF6TnZuTVBNWlhcL1dPNENTWXVWWEdKRFJKTmRPcXVKWDlSWEVUNzYiLCJtYWMiOiJlZWI0ZmQzYmM4MGFkZjU4NGJkNDlhMjg5MDhiYzU5OWE3MmY0OTE0Y2ZjODY5MTYxMTE3MzUxNjFlMDc3YTk2In0%3D; c=eyJpdiI6IkxjMVh1TzZhd21sbENnYW9cL0FuOFwvdz09IiwidmFsdWUiOiJsXC9hakhvZUlLVzMyakNNM1RvWlwvQ21uOU1PWm5mMDRNb0xSR2JKb3IzMnl2Tm5qN0lrZXMzZ1JRd3hweGUzZmMiLCJtYWMiOiI0YzI3ZTExZjY2OTNmNjdjMTRkZjRmYTUxNTNhZTUzYzU3NzY4ZTNhYTM3YTJiMGY4MGVmZGY1MGNkZWE0MWY3In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 649
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=01WdYnmEGHg27rGho1tIOBxnms1ODbf53LTZam81lHW0NKzQyPkEaW7gGHl3HEMn5uDIsPAZBT44IbO6yDUJVrcqro0otW3cbmFwUD7UDq2EIFLmf3861%2FIG3%2FPyXMT79RB4%2FdSQnuasJgI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67d16d702c0d05fd-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 13ms
12ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684525.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImVmdENhbUNGMk5MT2hINjhVdGNVNWc9PSIsInZhbHVlIjoiYXM0bk92K092SDNnU1FadVpVS2JiaDFZUGF6TnZuTVBNWlhcL1dPNENTWXVWWEdKRFJKTmRPcXVKWDlSWEVUNzYiLCJtYWMiOiJlZWI0ZmQzYmM4MGFkZjU4NGJkNDlhMjg5MDhiYzU5OWE3MmY0OTE0Y2ZjODY5MTYxMTE3MzUxNjFlMDc3YTk2In0%3D; c=eyJpdiI6IkxjMVh1TzZhd21sbENnYW9cL0FuOFwvdz09IiwidmFsdWUiOiJsXC9hakhvZUlLVzMyakNNM1RvWlwvQ21uOU1PWm5mMDRNb0xSR2JKb3IzMnl2Tm5qN0lrZXMzZ1JRd3hweGUzZmMiLCJtYWMiOiI0YzI3ZTExZjY2OTNmNjdjMTRkZjRmYTUxNTNhZTUzYzU3NzY4ZTNhYTM3YTJiMGY4MGVmZGY1MGNkZWE0MWY3In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Aug 2021 12:35:03 GMT
server: cloudflare
etag: W/"610bdaf7-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BLODnoyEjygewP7Bxr%2Bt77uOkiFtvu4fARx5gmgYT0gTRahxwnUHBdJv6jDA2CUxKAoqMU01PMQuNpqsNNiIT99ZUrkscWkFqFrMRzEf995Zpgo1QjeVsukxZEMZXdWQcemZgYbaBFlnf2k%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d6fdb3b05fd-FRA
vary: Accept-Encoding
expires: Fri, 13 Aug 2021 12:22:06 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 19ms
19ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684525.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImVmdENhbUNGMk5MT2hINjhVdGNVNWc9PSIsInZhbHVlIjoiYXM0bk92K092SDNnU1FadVpVS2JiaDFZUGF6TnZuTVBNWlhcL1dPNENTWXVWWEdKRFJKTmRPcXVKWDlSWEVUNzYiLCJtYWMiOiJlZWI0ZmQzYmM4MGFkZjU4NGJkNDlhMjg5MDhiYzU5OWE3MmY0OTE0Y2ZjODY5MTYxMTE3MzUxNjFlMDc3YTk2In0%3D; c=eyJpdiI6IkxjMVh1TzZhd21sbENnYW9cL0FuOFwvdz09IiwidmFsdWUiOiJsXC9hakhvZUlLVzMyakNNM1RvWlwvQ21uOU1PWm5mMDRNb0xSR2JKb3IzMnl2Tm5qN0lrZXMzZ1JRd3hweGUzZmMiLCJtYWMiOiI0YzI3ZTExZjY2OTNmNjdjMTRkZjRmYTUxNTNhZTUzYzU3NzY4ZTNhYTM3YTJiMGY4MGVmZGY1MGNkZWE0MWY3In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 649
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: W/"61113bce-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C4HkVoQLjDkaz6sEAT6U%2FfS5Q0jQ10h4CUTaBvYonoFdLPEccIpm6e83rcHFhSmUDk9pLaL3RE%2F%2F4UW10kMi%2FxI2iuYsq2sL0%2BuVKXUm0T0kMhyZmO3rKD5LJFNu7zlOGHru0A5VU5nrHgs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d6fdb4005fd-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 31ms
31ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684525.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImVmdENhbUNGMk5MT2hINjhVdGNVNWc9PSIsInZhbHVlIjoiYXM0bk92K092SDNnU1FadVpVS2JiaDFZUGF6TnZuTVBNWlhcL1dPNENTWXVWWEdKRFJKTmRPcXVKWDlSWEVUNzYiLCJtYWMiOiJlZWI0ZmQzYmM4MGFkZjU4NGJkNDlhMjg5MDhiYzU5OWE3MmY0OTE0Y2ZjODY5MTYxMTE3MzUxNjFlMDc3YTk2In0%3D; c=eyJpdiI6IkxjMVh1TzZhd21sbENnYW9cL0FuOFwvdz09IiwidmFsdWUiOiJsXC9hakhvZUlLVzMyakNNM1RvWlwvQ21uOU1PWm5mMDRNb0xSR2JKb3IzMnl2Tm5qN0lrZXMzZ1JRd3hweGUzZmMiLCJtYWMiOiI0YzI3ZTExZjY2OTNmNjdjMTRkZjRmYTUxNTNhZTUzYzU3NzY4ZTNhYTM3YTJiMGY4MGVmZGY1MGNkZWE0MWY3In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3899
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W7OQLsNzWWFS1KQdiqmW2hBEg9d4RURIi8EwdaUNgxo2Tzmyp9bAOwxJP7jgmF9FJQogy3BrG57WtTizO5yl%2FWWl5uEom0IEPA0Z862JASoOH9fz%2FIGvZzAi2JCcVeSZhkR0h1hRwvUE0KY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d6ffb8305fd-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 9ms
8ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf86-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 20ms
16ms Script
text/plain 18.193.146.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.146.82 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-146-82.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:22:06 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 47ms
15ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:22:06 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 31ms
27ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 789421e97c465f7367c2c16bad228afc0d9211d9ff3c949b7ef88b72e9fc30db

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 06 Aug 2021 11:17:33 GMT
server: cloudflare
age: 6667
etag: W/"610d1a4d-97e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=06%2FDrmGQ4U4vvmbV7zVpNnFKTW%2Fvll1da%2FjEAV%2FiD11vCOklZ2MFFx2lQTVNnO5uOr6PcRvBS3zEROKDqbfBYXOIFGwFLPiIR5XCUEHKYPyNycZXjFJqDtPzN%2BzjwwbSEyic2FgupDoFqy24mg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d702b782c22-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 111 KB
41 KB 18ms
14ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a162969e2b65a15d2ad5f2f7ae26f9c048df44bc88b9438d33c203ba783b9c01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42027
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 11 Aug 2021 12:22:06 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 43ms
15ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 25ms
21ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.05621311246396732
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: f84d22312728695c67a659efe57839e0f964f73408a46e6535ce66196ff3e11e

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 12:22:05 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 24ms
24ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx00000000000000491e693-0060df2731-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 22ms
21ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd245-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 8ms
8ms Media
video/mp4 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a44bcc-0060f54e68-141c7b61-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Thu, 11 Aug 2022 18:11:06 GMT

GET
H3-29 200 locate Show response
tgfunnls.org/ 150 B
1 KB 211ms
209ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

126f29647a5fd666abd70f0bfe4f9a9b972c2e385e09554cf2fea5ffe35f62fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6ImVmdENhbUNGMk5MT2hINjhVdGNVNWc9PSIsInZhbHVlIjoiYXM0bk92K092SDNnU1FadVpVS2JiaDFZUGF6TnZuTVBNWlhcL1dPNENTWXVWWEdKRFJKTmRPcXVKWDlSWEVUNzYiLCJtYWMiOiJlZWI0ZmQzYmM4MGFkZjU4NGJkNDlhMjg5MDhiYzU5OWE3MmY0OTE0Y2ZjODY5MTYxMTE3MzUxNjFlMDc3YTk2In0=
accept-language: en-US
sec-fetch-dest: empty
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684525.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImVmdENhbUNGMk5MT2hINjhVdGNVNWc9PSIsInZhbHVlIjoiYXM0bk92K092SDNnU1FadVpVS2JiaDFZUGF6TnZuTVBNWlhcL1dPNENTWXVWWEdKRFJKTmRPcXVKWDlSWEVUNzYiLCJtYWMiOiJlZWI0ZmQzYmM4MGFkZjU4NGJkNDlhMjg5MDhiYzU5OWE3MmY0OTE0Y2ZjODY5MTYxMTE3MzUxNjFlMDc3YTk2In0%3D; c=eyJpdiI6IkxjMVh1TzZhd21sbENnYW9cL0FuOFwvdz09IiwidmFsdWUiOiJsXC9hakhvZUlLVzMyakNNM1RvWlwvQ21uOU1PWm5mMDRNb0xSR2JKb3IzMnl2Tm5qN0lrZXMzZ1JRd3hweGUzZmMiLCJtYWMiOiI0YzI3ZTExZjY2OTNmNjdjMTRkZjRmYTUxNTNhZTUzYzU3NzY4ZTNhYTM3YTJiMGY4MGVmZGY1MGNkZWE0MWY3In0%3D
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6ImVmdENhbUNGMk5MT2hINjhVdGNVNWc9PSIsInZhbHVlIjoiYXM0bk92K092SDNnU1FadVpVS2JiaDFZUGF6TnZuTVBNWlhcL1dPNENTWXVWWEdKRFJKTmRPcXVKWDlSWEVUNzYiLCJtYWMiOiJlZWI0ZmQzYmM4MGFkZjU4NGJkNDlhMjg5MDhiYzU5OWE3MmY0OTE0Y2ZjODY5MTYxMTE3MzUxNjFlMDc3YTk2In0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Ox2nKx%2FcEYrAFhbuXjGw%2FYjMI7pYYx7jL4Zuf6o00OGH6WCnSEx7iBgBMIHA4zcEI0RCI3Xsm%2BRjuDD%2BqKJSrb%2BSE9NNyBJBwBJVrJPhNPfizfGQVk5ZgzhHVxfRAFis8lxw%2FGhOMAwvUE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InFMaVJHT0VmY3VaakJubkZNRjVsXC9BPT0iLCJ2YWx1ZSI6IlcwdUhQZEJRZm1jY1BobDdieEd4TTFuamFlSVk4TWtub0Vmalo1Q1cwU3laTE5NWDRReUF4OVRGMnNETXpia2kiLCJtYWMiOiI2Yjc0ZTdhODg3MzM3YjZkZjA3MzExMDI2NTg2NWQ5ZjQzODNiMmM0MzhlN2E1NjIwOTYzOTZiZDFjZmJkNGEyIn0%3D; expires=Wed, 11-Aug-2021 14:22:06 GMT; Max-Age=7200; path=/ c=eyJpdiI6IkNHSjZQdGtMV213clExTU5vc3BWTkE9PSIsInZhbHVlIjoiS1B3Vm5SR08wM2V0Z2JRcmF6Q0NiSEVnZ3RoWHM5MUNMS1pRNTR5azgyc0JRSHU2ZTNEZm0wNmhWdjhVXC9taWMiLCJtYWMiOiJlOTE2NzA5ZGUyZTBkMGVhYTM2NzgyMjNkY2JlMTMxMjMwMTg1M2Q4NDhiNTcyMzUwOTE3YTA2YTdhMDRlNDNlIn0%3D; expires=Wed, 11-Aug-2021 14:22:06 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d709cfe05fd-FRA

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 32ms
30ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684525.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6ImVmdENhbUNGMk5MT2hINjhVdGNVNWc9PSIsInZhbHVlIjoiYXM0bk92K092SDNnU1FadVpVS2JiaDFZUGF6TnZuTVBNWlhcL1dPNENTWXVWWEdKRFJKTmRPcXVKWDlSWEVUNzYiLCJtYWMiOiJlZWI0ZmQzYmM4MGFkZjU4NGJkNDlhMjg5MDhiYzU5OWE3MmY0OTE0Y2ZjODY5MTYxMTE3MzUxNjFlMDc3YTk2In0%3D; c=eyJpdiI6IkxjMVh1TzZhd21sbENnYW9cL0FuOFwvdz09IiwidmFsdWUiOiJsXC9hakhvZUlLVzMyakNNM1RvWlwvQ21uOU1PWm5mMDRNb0xSR2JKb3IzMnl2Tm5qN0lrZXMzZ1JRd3hweGUzZmMiLCJtYWMiOiI0YzI3ZTExZjY2OTNmNjdjMTRkZjRmYTUxNTNhZTUzYzU3NzY4ZTNhYTM3YTJiMGY4MGVmZGY1MGNkZWE0MWY3In0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5483
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: "61113bce-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b7BL7n7d%2Bdh39mARc6mEgh9zGuknFLDudoEPa89TgIK4aCnsgGwd0tjUt2JODk7WFwaCC0JIRaabotjHY4AvYHM52Wrmp0knTgqWjzc7cgrXb22CUoN6OTixOkdEIK%2Feb6G1HE6fAYjTSy8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d709d0005fd-FRA

GET
BLOB 200
OK 5d0a48b4-c2e4-4e84-ad39-42fa9f2608a0
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/5d0a48b4-c2e4-4e84-ad39-42fa9f2608a0
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 38ms
37ms Image
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-29 200 tag-a511eb58bc7ee0b0cbc6906497418127.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/ 214 KB
61 KB 38ms
37ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.05621311246396732
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: ffef253989420f0b71eec148da3bbe555e1117a9860323b7a39b267bbb62ebe6

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-f354"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62292
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 96ms
95ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=DB76FDD5DD838C8DD81D28BC77422F6F9&h=28831bf43ecbcc7c99f644b2f321bf1e&t=false&r=0.020142407421462227

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:22:05 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 41ms
41ms Fetch
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 4898024456010196187
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 11 Aug 2021 12:22:06 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 14ms
14ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 691b5c4f12cf351b97c20ea98197eab4bf05a0e26bb67d47f4b6590725f40832

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:22:06 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 13ms
13ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

8f7cc2ac9f4c7afe1222455462465074d5b54f9468a79a8ebde0eb212a674faa

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:01 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 19ms
15ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:22:06 GMT
Server: nginx/1.19.10
Etag: 47d3fe5c-44d6-436f-96d7-1d667de883f2
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 21ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:06 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 21ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:06 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 22ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:06 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 157ms
154ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:06 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 21ms
18ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:06 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 128 KB
50 KB 17ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c6d9537247b2c33b014a1f9f866faf62de1ebdbef63a8d63f3f4a686d2d88c8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51223
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:06 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2732
date: Wed, 11 Aug 2021 11:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 11 Aug 2021 13:36:34 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 26ms
25ms Script
application/javascript 54.192.219.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.13 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ba0f7c8cd1226246385e057da152929c0c7b7868b6a4b64ff6de9537bf8aeb33

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:14 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 52
etag: W/2bfd20973994a2ba4876103e95eba243
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: MRS52-P2
x-amz-cf-id: hOCdxdPvNXtZsWAS4HGifJpfyQ3S2VAqk_to1jBfRH7IlvQedlYZMg==
via: 1.1 ee464261ee466fae8314a91098b35372.cloudfront.net (CloudFront)

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 14ms
13ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:06 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 15ms
14ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:06 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 14ms
14ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:06 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 14ms
13ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:06 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=1401049265&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=668805998.1628684518&tid=UA-192660002-1&_gid=1978519149.1628684523&gtm=2wg891MSK8GMG&z=438550633

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Aug 2021 20:58:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 55416
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 10ms
9ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.2898746768412366&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 25ms
25ms Script
application/javascript 54.192.219.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 511441
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 1cfafe71e396134dc106e8c1515876bd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: Wa0TYWZLct_panolNpzg9eh_taeRfNgX0EXKAaAtXg3rSjUfpted1g==

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 9ms
9ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.7505684395347101
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 9ms
8ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-133"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js Show response
cdn.pushcrew.com/js/ 248 KB
70 KB 102ms
102ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a74b97179203cf3de9b255635c3927c34791cabfe69261cc8d1235c13315e78

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Wed, 11 Aug 2021 12:52:06 GMT

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 5E37 2 KB
1 KB 25ms
25ms Document
text/html 52.84.45.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.45.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-45-59.mrs52.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 03 Jun 2021 10:15:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 03 Jun 2021 10:14:54 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e5c15247ec560744bc8eee50e069c231.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-P1
x-amz-cf-id: ycb0d2XjgvAKdFIgwLYJDor44Ow0nBkPXe8709A_Ok1mbYYh0IjZtQ==
age: 5969221

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 256ms
256ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6InFMaVJHT0VmY3VaakJubkZNRjVsXC9BPT0iLCJ2YWx1ZSI6IlcwdUhQZEJRZm1jY1BobDdieEd4TTFuamFlSVk4TWtub0Vmalo1Q1cwU3laTE5NWDRReUF4OVRGMnNETXpia2kiLCJtYWMiOiI2Yjc0ZTdhODg3MzM3YjZkZjA3MzExMDI2NTg2NWQ5ZjQzODNiMmM0MzhlN2E1NjIwOTYzOTZiZDFjZmJkNGEyIn0=
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684526.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6InFMaVJHT0VmY3VaakJubkZNRjVsXC9BPT0iLCJ2YWx1ZSI6IlcwdUhQZEJRZm1jY1BobDdieEd4TTFuamFlSVk4TWtub0Vmalo1Q1cwU3laTE5NWDRReUF4OVRGMnNETXpia2kiLCJtYWMiOiI2Yjc0ZTdhODg3MzM3YjZkZjA3MzExMDI2NTg2NWQ5ZjQzODNiMmM0MzhlN2E1NjIwOTYzOTZiZDFjZmJkNGEyIn0%3D; c=eyJpdiI6IkNHSjZQdGtMV213clExTU5vc3BWTkE9PSIsInZhbHVlIjoiS1B3Vm5SR08wM2V0Z2JRcmF6Q0NiSEVnZ3RoWHM5MUNMS1pRNTR5azgyc0JRSHU2ZTNEZm0wNmhWdjhVXC9taWMiLCJtYWMiOiJlOTE2NzA5ZGUyZTBkMGVhYTM2NzgyMjNkY2JlMTMxMjMwMTg1M2Q4NDhiNTcyMzUwOTE3YTA2YTdhMDRlNDNlIn0%3D
content-length: 188
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6InFMaVJHT0VmY3VaakJubkZNRjVsXC9BPT0iLCJ2YWx1ZSI6IlcwdUhQZEJRZm1jY1BobDdieEd4TTFuamFlSVk4TWtub0Vmalo1Q1cwU3laTE5NWDRReUF4OVRGMnNETXpia2kiLCJtYWMiOiI2Yjc0ZTdhODg3MzM3YjZkZjA3MzExMDI2NTg2NWQ5ZjQzODNiMmM0MzhlN2E1NjIwOTYzOTZiZDFjZmJkNGEyIn0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Wed, 11 Aug 2021 12:22:06 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ei7QMXmBqS80%2FRUQ9apBSjYEM8pQUyzE4Ec9paznuulcKr%2BVIEuilUekzmFGFT91kln1Mwe8vvgK16f%2BwG8Z3rtGuil97De%2BT7mEcNWCIuZkZrkKao9lrXqqlsRSd70O2jLOA7BL1e8vZfI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlRkOWczRVphQkhsV0FXM1A3d3NnRWc9PSIsInZhbHVlIjoiOGVqYWR0RDJ0NWg1aG00YXJmb1wvRzNra2NyK25HSUJYN0JIdDJWSDJTblNPdndDcUpnQysrbGROMnYyd3h1bUQiLCJtYWMiOiJiOWM5ODhjYTJhNDE4YjhlNWM3YjU1YjEyYjBkMTA3ZDQwNGU0NzVhMTY5Zjk3YzEzNWIxNWI2OGRiODM2YTc3In0%3D; expires=Wed, 11-Aug-2021 14:22:06 GMT; Max-Age=7200; path=/ c=eyJpdiI6Im1pN2lIN01MMjU2MU9rUG1HYWxTWFE9PSIsInZhbHVlIjoiVlc1QXM3SjJLODZ3ZGtGUzkwZ2ZlMnpidTNiK0pCMlViTmpZbTdPK3BRWE1qb3hxZHVPY0FqWFp1OG1KMytQSyIsIm1hYyI6ImZmNDRhMTc2MGNlNTRkZGZlNWUxYzFkYzQzNzM4YjVmMDM2NWUwZjk1Mzk0NDRiMDI0MmM4ZTgyOGJjOTQ3YzgifQ%3D%3D; expires=Wed, 11-Aug-2021 14:22:06 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d71dfc305fd-FRA

POST
H/1.1 200
OK add Show response
tagdataxrt.com/log/ 12 B
597 B 16ms
16ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:06 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 14ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:06 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 14ms
13ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 11 Aug 2021 12:22:06 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 275ms
274ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3d4c58541d78332805513468a71dc6d3c6eec634b479a202e1284f6308ddfcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684526.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6IlRkOWczRVphQkhsV0FXM1A3d3NnRWc9PSIsInZhbHVlIjoiOGVqYWR0RDJ0NWg1aG00YXJmb1wvRzNra2NyK25HSUJYN0JIdDJWSDJTblNPdndDcUpnQysrbGROMnYyd3h1bUQiLCJtYWMiOiJiOWM5ODhjYTJhNDE4YjhlNWM3YjU1YjEyYjBkMTA3ZDQwNGU0NzVhMTY5Zjk3YzEzNWIxNWI2OGRiODM2YTc3In0%3D; c=eyJpdiI6Im1pN2lIN01MMjU2MU9rUG1HYWxTWFE9PSIsInZhbHVlIjoiVlc1QXM3SjJLODZ3ZGtGUzkwZ2ZlMnpidTNiK0pCMlViTmpZbTdPK3BRWE1qb3hxZHVPY0FqWFp1OG1KMytQSyIsIm1hYyI6ImZmNDRhMTc2MGNlNTRkZGZlNWUxYzFkYzQzNzM4YjVmMDM2NWUwZjk1Mzk0NDRiMDI0MmM4ZTgyOGJjOTQ3YzgifQ%3D%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InJNdHZLVlwvOGQ5UjZSZjloYUFiY3ZBPT0iLCJ2YWx1ZSI6Im5RMXA4VVlXUEVNYnJ6WjVMS0pDRU1TUFlQbUlWelhrQ1BzSlRsZUVZQmh1c0tnSzhGdjJBdG01NkptWTlLWEgiLCJtYWMiOiIwYTIzMDg5ZTI0YjUxZDgxYTc4MWJhNWQzNGVmMjNiYzBhY2QzMGU1YjM5N2YzYzk0OWM2ZjkwMmMzMjM1ZGJlIn0%3D; expires=Wed, 11-Aug-2021 14:22:06 GMT; Max-Age=7200; path=/ c=eyJpdiI6IlBKa3poKzRFdE5UYXJhYmdHYVBSbGc9PSIsInZhbHVlIjoiUlFRYWFBZlJTS0lVSXdxdXY2RHdaMDFDTTZ3XC9YYVFpSGE1XC9QeHlSSERVUU13TnhvNXg0SkxTVXdtKzBtWFlLIiwibWFjIjoiZWU4YWUwOWUwYzUzZDYzNmNiNTRiZDk4MWQ1NzRjMjM3MzMyNjFkZDE0MjgyM2IyOGU4NmNhMzlmMjgxNjc1ZiJ9; expires=Wed, 11-Aug-2021 14:22:06 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 2
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zxyqpf29t%2BgLrJnHk7gqtCPzlgr8YbqrRCf5GyClk08aHKp%2FRR576PjGu40DH34561GFvaxus1MZMdZ8oF8Uh3OqsHKBiD0Og1N%2B0Z%2FW7iGBFCCn82%2Bm6%2Fd4KT1kWTIhPSOTgDfcaq1UZUI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67d16d744da405fd-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 13ms
12ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684526.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6InJNdHZLVlwvOGQ5UjZSZjloYUFiY3ZBPT0iLCJ2YWx1ZSI6Im5RMXA4VVlXUEVNYnJ6WjVMS0pDRU1TUFlQbUlWelhrQ1BzSlRsZUVZQmh1c0tnSzhGdjJBdG01NkptWTlLWEgiLCJtYWMiOiIwYTIzMDg5ZTI0YjUxZDgxYTc4MWJhNWQzNGVmMjNiYzBhY2QzMGU1YjM5N2YzYzk0OWM2ZjkwMmMzMjM1ZGJlIn0%3D; c=eyJpdiI6IlBKa3poKzRFdE5UYXJhYmdHYVBSbGc9PSIsInZhbHVlIjoiUlFRYWFBZlJTS0lVSXdxdXY2RHdaMDFDTTZ3XC9YYVFpSGE1XC9QeHlSSERVUU13TnhvNXg0SkxTVXdtKzBtWFlLIiwibWFjIjoiZWU4YWUwOWUwYzUzZDYzNmNiNTRiZDk4MWQ1NzRjMjM3MzMyNjFkZDE0MjgyM2IyOGU4NmNhMzlmMjgxNjc1ZiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 650
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F6BOuz5lbHkFS7a7R%2Bw%2F5iVkcIgZAejxruu9No3tkxRcztNz4UM7bYKPPiWAslvOSVxNdzMhynJs8koSkMVDYgJQRtiA3R8Wtbp8a1rfpIBOWpMBPwNmJAwLXifT%2FVkHroASvndVRQYFsnw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d76199905fd-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
763 B 13ms
12ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684526.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6InJNdHZLVlwvOGQ5UjZSZjloYUFiY3ZBPT0iLCJ2YWx1ZSI6Im5RMXA4VVlXUEVNYnJ6WjVMS0pDRU1TUFlQbUlWelhrQ1BzSlRsZUVZQmh1c0tnSzhGdjJBdG01NkptWTlLWEgiLCJtYWMiOiIwYTIzMDg5ZTI0YjUxZDgxYTc4MWJhNWQzNGVmMjNiYzBhY2QzMGU1YjM5N2YzYzk0OWM2ZjkwMmMzMjM1ZGJlIn0%3D; c=eyJpdiI6IlBKa3poKzRFdE5UYXJhYmdHYVBSbGc9PSIsInZhbHVlIjoiUlFRYWFBZlJTS0lVSXdxdXY2RHdaMDFDTTZ3XC9YYVFpSGE1XC9QeHlSSERVUU13TnhvNXg0SkxTVXdtKzBtWFlLIiwibWFjIjoiZWU4YWUwOWUwYzUzZDYzNmNiNTRiZDk4MWQ1NzRjMjM3MzMyNjFkZDE0MjgyM2IyOGU4NmNhMzlmMjgxNjc1ZiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 650
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BsQOnp21bK9TJ8pY1FEnlEv6b3kybxecUOkgnN7ZUBxawcnxNUd%2BSXgrVoG%2BPJDuRVNPUA6yz9aUK%2F1DpY55PBiICVwQhWXm0rYglVkFkfvj5iq2GT42ELJ3UnNAiVis16Y1pqF%2BSAveurs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d76199b05fd-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 11ms
10ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf7b-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 15ms
14ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 32ms
22ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7f-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 32ms
23ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd188-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 18ms
12ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684526.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6InJNdHZLVlwvOGQ5UjZSZjloYUFiY3ZBPT0iLCJ2YWx1ZSI6Im5RMXA4VVlXUEVNYnJ6WjVMS0pDRU1TUFlQbUlWelhrQ1BzSlRsZUVZQmh1c0tnSzhGdjJBdG01NkptWTlLWEgiLCJtYWMiOiIwYTIzMDg5ZTI0YjUxZDgxYTc4MWJhNWQzNGVmMjNiYzBhY2QzMGU1YjM5N2YzYzk0OWM2ZjkwMmMzMjM1ZGJlIn0%3D; c=eyJpdiI6IlBKa3poKzRFdE5UYXJhYmdHYVBSbGc9PSIsInZhbHVlIjoiUlFRYWFBZlJTS0lVSXdxdXY2RHdaMDFDTTZ3XC9YYVFpSGE1XC9QeHlSSERVUU13TnhvNXg0SkxTVXdtKzBtWFlLIiwibWFjIjoiZWU4YWUwOWUwYzUzZDYzNmNiNTRiZDk4MWQ1NzRjMjM3MzMyNjFkZDE0MjgyM2IyOGU4NmNhMzlmMjgxNjc1ZiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5024
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:27:10 GMT
server: cloudflare
etag: "61113b3e-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P7jsJp7gN2WO5g%2BlhqW0tGR5M1u57RVwZSjJJSUGUtsqBWLtHH1YyBrnS4eJV4NSqsIp1i0YYJEqQ4kabwSQPUk5O6gvtfE2qlar2w1YyJoMcS8BAPFsKH5wd6u%2FZ8jDsJF0nHL96Q%2BzZ%2BU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d768a9a05fd-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 31ms
24ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7e-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 32ms
24ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7d-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 32ms
24ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd193-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 24ms
23ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf82-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 24ms
24ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18f-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 10ms
5ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf87-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 10ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd187-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 8ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7c-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 9ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf79-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
8ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18e-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
8ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd189-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 15ms
11ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18b-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 15ms
12ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd185-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 15ms
12ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18a-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 13ms
12ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf81-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 14ms
13ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18d-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 24ms
19ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684526.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6InJNdHZLVlwvOGQ5UjZSZjloYUFiY3ZBPT0iLCJ2YWx1ZSI6Im5RMXA4VVlXUEVNYnJ6WjVMS0pDRU1TUFlQbUlWelhrQ1BzSlRsZUVZQmh1c0tnSzhGdjJBdG01NkptWTlLWEgiLCJtYWMiOiIwYTIzMDg5ZTI0YjUxZDgxYTc4MWJhNWQzNGVmMjNiYzBhY2QzMGU1YjM5N2YzYzk0OWM2ZjkwMmMzMjM1ZGJlIn0%3D; c=eyJpdiI6IlBKa3poKzRFdE5UYXJhYmdHYVBSbGc9PSIsInZhbHVlIjoiUlFRYWFBZlJTS0lVSXdxdXY2RHdaMDFDTTZ3XC9YYVFpSGE1XC9QeHlSSERVUU13TnhvNXg0SkxTVXdtKzBtWFlLIiwibWFjIjoiZWU4YWUwOWUwYzUzZDYzNmNiNTRiZDk4MWQ1NzRjMjM3MzMyNjFkZDE0MjgyM2IyOGU4NmNhMzlmMjgxNjc1ZiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 650
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3I9i%2F3s0cN1KP9dNvSIPYmA5lcBzY1vTM7UwKP%2FEuc9H68yK7kUoFAzEJWsskLu%2BjYD6bUSAhkBXTJIgSzHloNnKhdzTeE1shadb0i119DYhIhttVEljy7i89uMplCkfNn6kj6S9TBLCUFs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67d16d768a9d05fd-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 8ms
8ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684526.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6InJNdHZLVlwvOGQ5UjZSZjloYUFiY3ZBPT0iLCJ2YWx1ZSI6Im5RMXA4VVlXUEVNYnJ6WjVMS0pDRU1TUFlQbUlWelhrQ1BzSlRsZUVZQmh1c0tnSzhGdjJBdG01NkptWTlLWEgiLCJtYWMiOiIwYTIzMDg5ZTI0YjUxZDgxYTc4MWJhNWQzNGVmMjNiYzBhY2QzMGU1YjM5N2YzYzk0OWM2ZjkwMmMzMjM1ZGJlIn0%3D; c=eyJpdiI6IlBKa3poKzRFdE5UYXJhYmdHYVBSbGc9PSIsInZhbHVlIjoiUlFRYWFBZlJTS0lVSXdxdXY2RHdaMDFDTTZ3XC9YYVFpSGE1XC9QeHlSSERVUU13TnhvNXg0SkxTVXdtKzBtWFlLIiwibWFjIjoiZWU4YWUwOWUwYzUzZDYzNmNiNTRiZDk4MWQ1NzRjMjM3MzMyNjFkZDE0MjgyM2IyOGU4NmNhMzlmMjgxNjc1ZiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Aug 2021 12:35:03 GMT
server: cloudflare
etag: W/"610bdaf7-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cP9zmscAXAWoUBxqLskckVCHtQ%2FbtU0panQ4EgqeCzLGjTSdE8Q5LU11GE0f1UXquynq9wql5NuN6uai4n86ubjZNIQjsHgHLszO756is%2FjgaNpUITA5dQT4%2BdOdwwGtWfGRHHkq%2Bb4SBkk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d7639cb05fd-FRA
vary: Accept-Encoding
expires: Fri, 13 Aug 2021 12:22:07 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 14ms
13ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684526.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6InJNdHZLVlwvOGQ5UjZSZjloYUFiY3ZBPT0iLCJ2YWx1ZSI6Im5RMXA4VVlXUEVNYnJ6WjVMS0pDRU1TUFlQbUlWelhrQ1BzSlRsZUVZQmh1c0tnSzhGdjJBdG01NkptWTlLWEgiLCJtYWMiOiIwYTIzMDg5ZTI0YjUxZDgxYTc4MWJhNWQzNGVmMjNiYzBhY2QzMGU1YjM5N2YzYzk0OWM2ZjkwMmMzMjM1ZGJlIn0%3D; c=eyJpdiI6IlBKa3poKzRFdE5UYXJhYmdHYVBSbGc9PSIsInZhbHVlIjoiUlFRYWFBZlJTS0lVSXdxdXY2RHdaMDFDTTZ3XC9YYVFpSGE1XC9QeHlSSERVUU13TnhvNXg0SkxTVXdtKzBtWFlLIiwibWFjIjoiZWU4YWUwOWUwYzUzZDYzNmNiNTRiZDk4MWQ1NzRjMjM3MzMyNjFkZDE0MjgyM2IyOGU4NmNhMzlmMjgxNjc1ZiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 650
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: W/"61113bce-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=26ygcZT2zgXtZuIkAPYdl6dLEoNrB4GnRMRUjWoVOOW8TYHg6bwnuNoPoMAp8OYnDT3Cn7MfMAu1wREdYWbdtrbxHVsf4psQDx4Nvmw4Y4UVyXS2Um9SV36C%2Bw%2FNe8S6E7yra5UmnOo5ctY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d7639ce05fd-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 34ms
34ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vis_opt_test_cookie=1; _hjid=0ce6ed2a-6245-4e01-a0e5-6db4a4ddfe19; _hjFirstSeen=1; _vwo_uuid_v2=DB76FDD5DD838C8DD81D28BC77422F6F9|28831bf43ecbcc7c99f644b2f321bf1e; _gid=GA1.2.1978519149.1628684523; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684522.1.1.1628684526.0; _ga=GA1.1.668805998.1628684518; XSRF-TOKEN=eyJpdiI6InJNdHZLVlwvOGQ5UjZSZjloYUFiY3ZBPT0iLCJ2YWx1ZSI6Im5RMXA4VVlXUEVNYnJ6WjVMS0pDRU1TUFlQbUlWelhrQ1BzSlRsZUVZQmh1c0tnSzhGdjJBdG01NkptWTlLWEgiLCJtYWMiOiIwYTIzMDg5ZTI0YjUxZDgxYTc4MWJhNWQzNGVmMjNiYzBhY2QzMGU1YjM5N2YzYzk0OWM2ZjkwMmMzMjM1ZGJlIn0%3D; c=eyJpdiI6IlBKa3poKzRFdE5UYXJhYmdHYVBSbGc9PSIsInZhbHVlIjoiUlFRYWFBZlJTS0lVSXdxdXY2RHdaMDFDTTZ3XC9YYVFpSGE1XC9QeHlSSERVUU13TnhvNXg0SkxTVXdtKzBtWFlLIiwibWFjIjoiZWU4YWUwOWUwYzUzZDYzNmNiNTRiZDk4MWQ1NzRjMjM3MzMyNjFkZDE0MjgyM2IyOGU4NmNhMzlmMjgxNjc1ZiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3900
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2FaepCE3eIkL5lqKEmP6Xvfy6JpnOwUWyBTsVdmm%2F90%2B3QScvGUufEYUkGZ9Tdk9GP%2BXKplhtEVHfoxHfxU0nWcTdylcZUbwnXoaWh0rR6c%2F97Rcg%2BXfRMEe3vPFeeFUd5EvNp6%2BCT%2Bu3nE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d7659f605fd-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 10ms
9ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf86-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 19ms
14ms Script
text/plain 18.193.146.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.146.82 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-146-82.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:22:07 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 47ms
15ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:22:07 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 18ms
13ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 789421e97c465f7367c2c16bad228afc0d9211d9ff3c949b7ef88b72e9fc30db

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 06 Aug 2021 11:17:33 GMT
server: cloudflare
age: 6668
etag: W/"610d1a4d-97e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z70VrdqtplsVMNjz8CxM6Hk8jqhccVh0rvXfzQmt7tgovcBc54GXE4CkPrNDSALcvVNBUIDcAZ4%2F2vIv584VEAsgwzYURjskJMz3NJodc9G421Urqyzlb86zi%2BevFdkeAifCd1w1WH7B2acyhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d7689902c22-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 111 KB
41 KB 20ms
17ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

96ebb46ec94633e9d6d36d0e58f352ef5552981704ceabd38ede88918f0c1539

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42033
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 11 Aug 2021 12:22:07 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 42ms
15ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 19ms
16ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.705778563214678
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 606a990fecd7842bf059872a2693b7e9e4397977ba62f954ad3ab0b842e3ac59

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 12:22:07 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 24ms
23ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx00000000000000491e693-0060df2731-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 21ms
20ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd245-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 14ms
13ms Media
video/mp4 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a44bcc-0060f54e68-141c7b61-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Thu, 11 Aug 2022 18:11:07 GMT

GET
H2 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 17ms
17ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5484
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: "61113bce-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dmPbeiGk1mKYY7vxq6pfvcQDNGFsWWk3elDux0j%2B9knDwvQYh8VqRZqAGmP%2BomDweuhYW9YikNzi1gadDjOqd%2FoSo69ZJOolSGaNRygvEruzHKrUEvrIfw3f%2B3EO02A9mXfzX3txb9C3Dpo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d76dde1c28b-FRA

GET
H3-29 200 locate Show response
tgfunnls.org/ 150 B
1 KB 165ms
163ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

126f29647a5fd666abd70f0bfe4f9a9b972c2e385e09554cf2fea5ffe35f62fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: application/json, text/plain, */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ooNQOBpmPaJWhDrqkIKMrioG5gzvOuSiLZl7Xum2pIDET4rFyyZYLNYMyYBOPqiKN3CUFPXMwCiOLqqK3uO4YwAmZfXTsZVMSZ0%2BJVrG169cL2QqUJLPdgMZKQfeub0lMqIAFLwDLly8aVo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InprMjdvWmg5WEtWWmNGSUhtMlNXK3c9PSIsInZhbHVlIjoiTWQ5bDF1ODE1T0NvbXpySFFMcTJvckpwcnkyXC9YQVhqbFIyT0Z6VGN1UmRXNWhCRWs3NFVKRDZcL2NySVBNRVY0IiwibWFjIjoiN2EwZWY4MGI5YjZjZTU3NjIzN2JhZjMzMmMyNzIxZTg2ZjcwZGU2OWQ3YWFkNTI1YmJjM2U2ZDc4YmQ3MzU1YiJ9; expires=Wed, 11-Aug-2021 14:22:07 GMT; Max-Age=7200; path=/ c=eyJpdiI6IlJQbW9iZnNkamdUdEszd0kyWVowK1E9PSIsInZhbHVlIjoiS2NHcG5Ib0FneXRib2ZQZUtaWTBacGdidVFORFdpeWNMb2xlVnBGRXhPOFhrUERsNjlnSnpnWUxjMytFR3FFKyIsIm1hYyI6IjYzYTg3YWQ3ZmE0MTRmZGJiZmE3ZTBjNTUxZjYwZjhjNzJlNWMzYzI2NDcwNGNhZDM0NWI3NjA1OTNmMWQyNzgifQ%3D%3D; expires=Wed, 11-Aug-2021 14:22:07 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d770be505fd-FRA

GET
BLOB 200
OK a85bf385-7340-43d3-997b-f916f07ef8eb
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/a85bf385-7340-43d3-997b-f916f07ef8eb
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 29ms
28ms Image
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 tag-a511eb58bc7ee0b0cbc6906497418127.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/ 214 KB
61 KB 8ms
8ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.705778563214678
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: ffef253989420f0b71eec148da3bbe555e1117a9860323b7a39b267bbb62ebe6

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-f354"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62292
via: 1.1 google

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
214 B 92ms
92ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D0B80472655D9D378F7E734C7B39DA29A&h=dc785cd8ac282534ae7bdb8bd3e4b4c5&t=false&r=0.43801425552855067

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:22:06 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

HEAD
H2 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 40ms
40ms Fetch
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 12:22:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
etag: 4898024456010196187
vary: Accept-Encoding, Origin
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private, max-age=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:07 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 14ms
13ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 2cde8951e81db79dbb05b48379bd926d0af3ed8f634aa0f8c653194fcb295d03

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:22:07 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 38ms
38ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

640b123370302565f58b4a0b26622fa79a43deb3b7c3674b1cd6f35344a2dba0

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:02 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 14ms
14ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:22:07 GMT
Server: nginx/1.19.10
Etag: 432d718d-a822-4528-9c61-f6b40adf9566
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H2 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 18ms
16ms Image
image/png 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:07 GMT

GET
H2 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 26ms
24ms Image
image/png 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:07 GMT

GET
H2 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 19ms
17ms Image
image/png 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:07 GMT

GET
H2 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 18ms
17ms Image
image/png 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:07 GMT

GET
H2 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 18ms
17ms Image
image/png 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:07 GMT

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 15ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:07 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 14ms
14ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:07 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 128 KB
50 KB 17ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7d88b754fb20a228ccb18fb29e64e1eaf8d8ca55d18373465cdd9e38fb093a0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51221
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:07 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 4106
date: Wed, 11 Aug 2021 11:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 11 Aug 2021 13:13:41 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 26ms
24ms Script
application/javascript 54.192.219.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.13 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ba0f7c8cd1226246385e057da152929c0c7b7868b6a4b64ff6de9537bf8aeb33

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:14 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 53
etag: W/2bfd20973994a2ba4876103e95eba243
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: MRS52-P2
x-amz-cf-id: vynnYRcvIY0CBZtgInfI_7v8rNGmL03yAkGK7dV7Hu6zTH-YN6BwpQ==
via: 1.1 ee464261ee466fae8314a91098b35372.cloudfront.net (CloudFront)

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 14ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:07 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 13ms
13ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:07 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 25ms
25ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.520292835333316&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 8ms
8ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.3681351447946264
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=1768595397&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=54447517&gjid=1159319134&cid=770290842.1628684527&tid=UA-192660002-1&_gid=642354007.1628684527&_r=1&gtm=2wg891MSK8GMG&z=294095777

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:22:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 236ms
236ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6InprMjdvWmg5WEtWWmNGSUhtMlNXK3c9PSIsInZhbHVlIjoiTWQ5bDF1ODE1T0NvbXpySFFMcTJvckpwcnkyXC9YQVhqbFIyT0Z6VGN1UmRXNWhCRWs3NFVKRDZcL2NySVBNRVY0IiwibWFjIjoiN2EwZWY4MGI5YjZjZTU3NjIzN2JhZjMzMmMyNzIxZTg2ZjcwZGU2OWQ3YWFkNTI1YmJjM2U2ZDc4YmQ3MzU1YiJ9
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; XSRF-TOKEN=eyJpdiI6InprMjdvWmg5WEtWWmNGSUhtMlNXK3c9PSIsInZhbHVlIjoiTWQ5bDF1ODE1T0NvbXpySFFMcTJvckpwcnkyXC9YQVhqbFIyT0Z6VGN1UmRXNWhCRWs3NFVKRDZcL2NySVBNRVY0IiwibWFjIjoiN2EwZWY4MGI5YjZjZTU3NjIzN2JhZjMzMmMyNzIxZTg2ZjcwZGU2OWQ3YWFkNTI1YmJjM2U2ZDc4YmQ3MzU1YiJ9; c=eyJpdiI6IlJQbW9iZnNkamdUdEszd0kyWVowK1E9PSIsInZhbHVlIjoiS2NHcG5Ib0FneXRib2ZQZUtaWTBacGdidVFORFdpeWNMb2xlVnBGRXhPOFhrUERsNjlnSnpnWUxjMytFR3FFKyIsIm1hYyI6IjYzYTg3YWQ3ZmE0MTRmZGJiZmE3ZTBjNTUxZjYwZjhjNzJlNWMzYzI2NDcwNGNhZDM0NWI3NjA1OTNmMWQyNzgifQ%3D%3D; _ga=GA1.2.770290842.1628684527; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1
content-length: 188
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6InprMjdvWmg5WEtWWmNGSUhtMlNXK3c9PSIsInZhbHVlIjoiTWQ5bDF1ODE1T0NvbXpySFFMcTJvckpwcnkyXC9YQVhqbFIyT0Z6VGN1UmRXNWhCRWs3NFVKRDZcL2NySVBNRVY0IiwibWFjIjoiN2EwZWY4MGI5YjZjZTU3NjIzN2JhZjMzMmMyNzIxZTg2ZjcwZGU2OWQ3YWFkNTI1YmJjM2U2ZDc4YmQ3MzU1YiJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ECeV3Tq%2FUJPL9O0o7cyGZl6VitVby6ivwjL9GdazpHrz6KalnJKloZPWeKPvHE%2B7rz3%2FKMoTl9mhb%2Fu1xiThbrM726qwfDVgTDbssUdTATBLn%2FrJDrCYTPGe5vf34nvgO47ydNW0JysZlc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjYwczU0YWcrMTNaKzFzYjVTTlh4YUE9PSIsInZhbHVlIjoiOGtxWExPd3lneXBUNlRSWEdFbzhYOWxuOUEwXC9CWTlhcEx0R01xVURJOXhsb0FybVIzOGhPZUpRSkFKSG1CSlQiLCJtYWMiOiI4NDhiNDk3MGNlNDZlNTJiZjUyYjc3ZjA5Mjk4NWVlMzU3NzljNDA4ZGVkNmI1NDI1ODE5ZWU3MDkxMGY5MWE4In0%3D; expires=Wed, 11-Aug-2021 14:22:07 GMT; Max-Age=7200; path=/ c=eyJpdiI6IlBIZzlwcUlJTTBWbzdqWm5XbWIzQ1E9PSIsInZhbHVlIjoiQlVITFhLN0cwWFwvREFHc2x2OVBsR2c2YWU1dXo1aFNCVXBINWI4eEkxVlJmakRNTzVhV0p4bUk1aTYrZ2JMU3YiLCJtYWMiOiI1Mjk2ZmZjMTA1NDE5YjU0OWZkYTNmZjUxZTEyMDkzMDI1YjJhZjQwYWFiODQ5ZTczYWMyNmQ0YWViMDkxZTc2In0%3D; expires=Wed, 11-Aug-2021 14:22:07 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d782e2b05fd-FRA

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 26ms
26ms Script
application/javascript 54.192.219.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 511442
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 1cfafe71e396134dc106e8c1515876bd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: pIixRbYm3GuzjPaqAA6PByhliCBX1TkIvd4R-OO7nhlhAnoXPxmP1g==

POST
H3-29 204 collect
www.google-analytics.com/g/ 0
17 B 14ms
13ms Ping
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-Y6C8Y8V9BH&gtm=2oe891&_p=1768595397&sr=1600x1200&ul=en-us&cid=770290842.1628684527&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&dr=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&dt=Daily%20Profit&sid=1628684527&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:22:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 16ms
15ms XHR
text/plain 2a00:1450:400c:c0a::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-192660002-1&cid=770290842.1628684527&jid=54447517&gjid=1159319134&_gid=642354007.1628684527&_u=YEBAAEAAAAAAAC~&z=371861920

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 11 Aug 2021 12:22:07 GMT
content-type: text/plain
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 8ms
8ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-133"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js Show response
cdn.pushcrew.com/js/ 248 KB
70 KB 102ms
101ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a74b97179203cf3de9b255635c3927c34791cabfe69261cc8d1235c13315e78

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Wed, 11 Aug 2021 12:52:07 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 31ms
31ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-192660002-1&cid=770290842.1628684527&jid=54447517&_u=YEBAAEAAAAAAAC~&z=50975648

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:22:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 29ms
29ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-192660002-1&cid=770290842.1628684527&jid=54447517&_u=YEBAAEAAAAAAAC~&z=50975648

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:22:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 546A 2 KB
1 KB 24ms
24ms Document
text/html 52.84.45.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.45.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-45-59.mrs52.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 03 Jun 2021 10:15:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 03 Jun 2021 10:14:54 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e5c15247ec560744bc8eee50e069c231.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-P1
x-amz-cf-id: 0dXkQzuwvqNl20-nArTqghzkafo3Jod665bxYr9b1Xwmmmp0bG45cA==
age: 5969222

POST
H/1.1 200
OK add
tagdataxrt.com/log/ 12 B
597 B 16ms
16ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:07 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 13ms
12ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:07 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 14ms
13ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 11 Aug 2021 12:22:07 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 287ms
286ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3f37cca7e7ebe28b17d954df58edd0cc3a72afbf4e2d3c83123c99c1b54a380

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.0.1628684527.0; _ga=GA1.1.770290842.1628684527; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IjYwczU0YWcrMTNaKzFzYjVTTlh4YUE9PSIsInZhbHVlIjoiOGtxWExPd3lneXBUNlRSWEdFbzhYOWxuOUEwXC9CWTlhcEx0R01xVURJOXhsb0FybVIzOGhPZUpRSkFKSG1CSlQiLCJtYWMiOiI4NDhiNDk3MGNlNDZlNTJiZjUyYjc3ZjA5Mjk4NWVlMzU3NzljNDA4ZGVkNmI1NDI1ODE5ZWU3MDkxMGY5MWE4In0%3D; c=eyJpdiI6IlBIZzlwcUlJTTBWbzdqWm5XbWIzQ1E9PSIsInZhbHVlIjoiQlVITFhLN0cwWFwvREFHc2x2OVBsR2c2YWU1dXo1aFNCVXBINWI4eEkxVlJmakRNTzVhV0p4bUk1aTYrZ2JMU3YiLCJtYWMiOiI1Mjk2ZmZjMTA1NDE5YjU0OWZkYTNmZjUxZTEyMDkzMDI1YjJhZjQwYWFiODQ5ZTczYWMyNmQ0YWViMDkxZTc2In0%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Imx6S3JXMFdtNFNuamNxcHVUTzQ2THc9PSIsInZhbHVlIjoiTHhzK0hjSVNMWVM3K0dzVE1oWWFVb1ZuMGVSalRVYkRcL3JXaTBLekd6dmE3WkVcL0RZY1VoQmVOV3lYNlN6aVFUIiwibWFjIjoiNzhiNGIyYjRiYjA4ZDQ4OTgzMmE4ZGIzOThlZGU0NzhlNGQxNDdiZTk1ODkzM2RkMTIxODg2NGIwMDg0ZGJmNiJ9; expires=Wed, 11-Aug-2021 14:22:08 GMT; Max-Age=7200; path=/ c=eyJpdiI6IjF1dnB2N3RybkR1NGN4NDlsVlwvSVhRPT0iLCJ2YWx1ZSI6IkhPakZJUTlHNFVpd2ZuK29oTUlhRUFoK2JncGJVM2hqSFFIaVcrbnpidndUYmVhNU4rd3F4Y2FWazRlOTJLQlMiLCJtYWMiOiI5N2U1ZDUyZGY4NzkzMTY2YzIyOWMyYTZkODUxMzQ5MmVjNjVmZmM4MDk0MTFjYWEwNzc1NjliYTVmYjAzYmNkIn0%3D; expires=Wed, 11-Aug-2021 14:22:08 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 2
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8bCRPhHKXlWAR6I0xWAnkgOccZ4XFm09uIvPJwWTpOlA3BzcoXPVr51ob86Lo9ZBOYGLU1DxNzY4sF%2FdixB6SZUnNdJoB3CvEKNCTxhq7sgCXgVbBoNNmU1YtPOpn5mHBge5VpxMDz5T%2FMQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67d16d7afd6105fd-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 14ms
13ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.0.1628684527.0; _ga=GA1.1.770290842.1628684527; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6Imx6S3JXMFdtNFNuamNxcHVUTzQ2THc9PSIsInZhbHVlIjoiTHhzK0hjSVNMWVM3K0dzVE1oWWFVb1ZuMGVSalRVYkRcL3JXaTBLekd6dmE3WkVcL0RZY1VoQmVOV3lYNlN6aVFUIiwibWFjIjoiNzhiNGIyYjRiYjA4ZDQ4OTgzMmE4ZGIzOThlZGU0NzhlNGQxNDdiZTk1ODkzM2RkMTIxODg2NGIwMDg0ZGJmNiJ9; c=eyJpdiI6IjF1dnB2N3RybkR1NGN4NDlsVlwvSVhRPT0iLCJ2YWx1ZSI6IkhPakZJUTlHNFVpd2ZuK29oTUlhRUFoK2JncGJVM2hqSFFIaVcrbnpidndUYmVhNU4rd3F4Y2FWazRlOTJLQlMiLCJtYWMiOiI5N2U1ZDUyZGY4NzkzMTY2YzIyOWMyYTZkODUxMzQ5MmVjNjVmZmM4MDk0MTFjYWEwNzc1NjliYTVmYjAzYmNkIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 651
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S941Y%2BDuEmE2RhsAhuWDQ8y15z2PqiQ9IR5he3QL4mx9DsMrduKpQQaYpZ0b4kbNTIVjq3cSW4FQT2XYmoE9B%2BlSozLmkCNKt3F84ciLZv4MDc3qHzb12PsZTq2CMDzaH1b2Rr16hsTXPig%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d7dab6705fd-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
760 B 27ms
26ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.0.1628684527.0; _ga=GA1.1.770290842.1628684527; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6Imx6S3JXMFdtNFNuamNxcHVUTzQ2THc9PSIsInZhbHVlIjoiTHhzK0hjSVNMWVM3K0dzVE1oWWFVb1ZuMGVSalRVYkRcL3JXaTBLekd6dmE3WkVcL0RZY1VoQmVOV3lYNlN6aVFUIiwibWFjIjoiNzhiNGIyYjRiYjA4ZDQ4OTgzMmE4ZGIzOThlZGU0NzhlNGQxNDdiZTk1ODkzM2RkMTIxODg2NGIwMDg0ZGJmNiJ9; c=eyJpdiI6IjF1dnB2N3RybkR1NGN4NDlsVlwvSVhRPT0iLCJ2YWx1ZSI6IkhPakZJUTlHNFVpd2ZuK29oTUlhRUFoK2JncGJVM2hqSFFIaVcrbnpidndUYmVhNU4rd3F4Y2FWazRlOTJLQlMiLCJtYWMiOiI5N2U1ZDUyZGY4NzkzMTY2YzIyOWMyYTZkODUxMzQ5MmVjNjVmZmM4MDk0MTFjYWEwNzc1NjliYTVmYjAzYmNkIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 651
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H4Z0KLCP9tuV2PE6SVsAvFYu67ENovCSlO8BD3FAA5ixkNp0uPyB4WVutq9qexUIA%2B5hEJziHve3z6bbEUG3mAdZFhSDz%2BU3iJveFuV36huM4VDRRp2a4uT%2F5bVy2Vr6ijKHjehKhaaCXSg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d7dab6c05fd-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 9ms
8ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf7b-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 16ms
15ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 16ms
15ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7f-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 15ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd188-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 20ms
13ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.0.1628684527.0; _ga=GA1.1.770290842.1628684527; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6Imx6S3JXMFdtNFNuamNxcHVUTzQ2THc9PSIsInZhbHVlIjoiTHhzK0hjSVNMWVM3K0dzVE1oWWFVb1ZuMGVSalRVYkRcL3JXaTBLekd6dmE3WkVcL0RZY1VoQmVOV3lYNlN6aVFUIiwibWFjIjoiNzhiNGIyYjRiYjA4ZDQ4OTgzMmE4ZGIzOThlZGU0NzhlNGQxNDdiZTk1ODkzM2RkMTIxODg2NGIwMDg0ZGJmNiJ9; c=eyJpdiI6IjF1dnB2N3RybkR1NGN4NDlsVlwvSVhRPT0iLCJ2YWx1ZSI6IkhPakZJUTlHNFVpd2ZuK29oTUlhRUFoK2JncGJVM2hqSFFIaVcrbnpidndUYmVhNU4rd3F4Y2FWazRlOTJLQlMiLCJtYWMiOiI5N2U1ZDUyZGY4NzkzMTY2YzIyOWMyYTZkODUxMzQ5MmVjNjVmZmM4MDk0MTFjYWEwNzc1NjliYTVmYjAzYmNkIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5025
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:27:10 GMT
server: cloudflare
etag: "61113b3e-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oKNAJ4SVZazVTmeGCbx%2BWsvmApzbNT96PrfztqZnc7sE99vzyKR%2F3Svhi4deVjMNB4BjLLDlXses3FsCDs%2B4UB%2Bd3qkd3wAB%2BByjyNnglJV8W7n%2BeoMdt71S03IRlXPRoPg66hlkUbU7Vrc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d7e2c7d05fd-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 15ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7e-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 15ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7d-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 15ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd193-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 10ms
9ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf82-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 10ms
9ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18f-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 8ms
5ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf87-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
5ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd187-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 12ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7c-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 13ms
8ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf79-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 14ms
9ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18e-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 12ms
9ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd189-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 11ms
10ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18b-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 11ms
10ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd185-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 13ms
10ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18a-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 13ms
10ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf81-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 11ms
10ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18d-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 18ms
14ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.0.1628684527.0; _ga=GA1.1.770290842.1628684527; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6Imx6S3JXMFdtNFNuamNxcHVUTzQ2THc9PSIsInZhbHVlIjoiTHhzK0hjSVNMWVM3K0dzVE1oWWFVb1ZuMGVSalRVYkRcL3JXaTBLekd6dmE3WkVcL0RZY1VoQmVOV3lYNlN6aVFUIiwibWFjIjoiNzhiNGIyYjRiYjA4ZDQ4OTgzMmE4ZGIzOThlZGU0NzhlNGQxNDdiZTk1ODkzM2RkMTIxODg2NGIwMDg0ZGJmNiJ9; c=eyJpdiI6IjF1dnB2N3RybkR1NGN4NDlsVlwvSVhRPT0iLCJ2YWx1ZSI6IkhPakZJUTlHNFVpd2ZuK29oTUlhRUFoK2JncGJVM2hqSFFIaVcrbnpidndUYmVhNU4rd3F4Y2FWazRlOTJLQlMiLCJtYWMiOiI5N2U1ZDUyZGY4NzkzMTY2YzIyOWMyYTZkODUxMzQ5MmVjNjVmZmM4MDk0MTFjYWEwNzc1NjliYTVmYjAzYmNkIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 651
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5cYYefdtgj0wZf38FsYbke8XacPj%2FjUUyjj3Xxmzpq%2BEbDVLJpXFep%2FHPPFrFU2PWLJdyRKZVDMusLBcTaiAirVbqhcogDRyJUO3tqvuJbG7ARrPx31OJV6xDfh1rzj0pgBvOOHu0ut9aic%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67d16d7e2c8205fd-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 8ms
8ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.0.1628684527.0; _ga=GA1.1.770290842.1628684527; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6Imx6S3JXMFdtNFNuamNxcHVUTzQ2THc9PSIsInZhbHVlIjoiTHhzK0hjSVNMWVM3K0dzVE1oWWFVb1ZuMGVSalRVYkRcL3JXaTBLekd6dmE3WkVcL0RZY1VoQmVOV3lYNlN6aVFUIiwibWFjIjoiNzhiNGIyYjRiYjA4ZDQ4OTgzMmE4ZGIzOThlZGU0NzhlNGQxNDdiZTk1ODkzM2RkMTIxODg2NGIwMDg0ZGJmNiJ9; c=eyJpdiI6IjF1dnB2N3RybkR1NGN4NDlsVlwvSVhRPT0iLCJ2YWx1ZSI6IkhPakZJUTlHNFVpd2ZuK29oTUlhRUFoK2JncGJVM2hqSFFIaVcrbnpidndUYmVhNU4rd3F4Y2FWazRlOTJLQlMiLCJtYWMiOiI5N2U1ZDUyZGY4NzkzMTY2YzIyOWMyYTZkODUxMzQ5MmVjNjVmZmM4MDk0MTFjYWEwNzc1NjliYTVmYjAzYmNkIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Aug 2021 12:35:03 GMT
server: cloudflare
etag: W/"610bdaf7-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3YoaBKbCMEeRwK4nrYRFWN1pqmHQLSXkezCBFhNvKz7FNj%2FR%2BFCBTOEzB1yWygRPMA2QMGM1sYULnYiziqLncwRvS71w7YCshHrTbgFmfRcnMuZ5OrJ9Wruq5tzkubuIg0bK2NdYTISiyH4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d7dbbab05fd-FRA
vary: Accept-Encoding
expires: Fri, 13 Aug 2021 12:22:08 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 16ms
16ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.0.1628684527.0; _ga=GA1.1.770290842.1628684527; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6Imx6S3JXMFdtNFNuamNxcHVUTzQ2THc9PSIsInZhbHVlIjoiTHhzK0hjSVNMWVM3K0dzVE1oWWFVb1ZuMGVSalRVYkRcL3JXaTBLekd6dmE3WkVcL0RZY1VoQmVOV3lYNlN6aVFUIiwibWFjIjoiNzhiNGIyYjRiYjA4ZDQ4OTgzMmE4ZGIzOThlZGU0NzhlNGQxNDdiZTk1ODkzM2RkMTIxODg2NGIwMDg0ZGJmNiJ9; c=eyJpdiI6IjF1dnB2N3RybkR1NGN4NDlsVlwvSVhRPT0iLCJ2YWx1ZSI6IkhPakZJUTlHNFVpd2ZuK29oTUlhRUFoK2JncGJVM2hqSFFIaVcrbnpidndUYmVhNU4rd3F4Y2FWazRlOTJLQlMiLCJtYWMiOiI5N2U1ZDUyZGY4NzkzMTY2YzIyOWMyYTZkODUxMzQ5MmVjNjVmZmM4MDk0MTFjYWEwNzc1NjliYTVmYjAzYmNkIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 651
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: W/"61113bce-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ayk5JkGVj4UoUbHowTM6eLQZhqRv6Qi7l8XLl83ycYbn4tY11XzWQbV0WacA3pcRYWEJT7eKfQ2NWp0jXzhiRCxDrIF5AxIzDp5%2BN%2BHtdSVVKLPIZcUD0JZYxN7yaa2%2FEWDafqz2QmNeoLI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d7dcbcc05fd-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 23ms
23ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.0.1628684527.0; _ga=GA1.1.770290842.1628684527; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6Imx6S3JXMFdtNFNuamNxcHVUTzQ2THc9PSIsInZhbHVlIjoiTHhzK0hjSVNMWVM3K0dzVE1oWWFVb1ZuMGVSalRVYkRcL3JXaTBLekd6dmE3WkVcL0RZY1VoQmVOV3lYNlN6aVFUIiwibWFjIjoiNzhiNGIyYjRiYjA4ZDQ4OTgzMmE4ZGIzOThlZGU0NzhlNGQxNDdiZTk1ODkzM2RkMTIxODg2NGIwMDg0ZGJmNiJ9; c=eyJpdiI6IjF1dnB2N3RybkR1NGN4NDlsVlwvSVhRPT0iLCJ2YWx1ZSI6IkhPakZJUTlHNFVpd2ZuK29oTUlhRUFoK2JncGJVM2hqSFFIaVcrbnpidndUYmVhNU4rd3F4Y2FWazRlOTJLQlMiLCJtYWMiOiI5N2U1ZDUyZGY4NzkzMTY2YzIyOWMyYTZkODUxMzQ5MmVjNjVmZmM4MDk0MTFjYWEwNzc1NjliYTVmYjAzYmNkIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3901
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tIvHillOl1zdcseb8oB5aaO%2Bz%2FKwx4jyCSSNA1wSwslhUAGeQ3CWjgrcXqhzXfb%2FLajzIu39xu7ZceUkkotEZkrxz2SHNYSKhDbLjnCc%2BIAK3bACojPheBfm9RNUjwVP20YscigqxMK%2FTR8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d7dcbd005fd-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 8ms
7ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf86-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 20ms
16ms Script
text/plain 18.193.146.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.146.82 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-146-82.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:22:08 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 48ms
16ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:22:08 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 18ms
14ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 789421e97c465f7367c2c16bad228afc0d9211d9ff3c949b7ef88b72e9fc30db

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 06 Aug 2021 11:17:33 GMT
server: cloudflare
age: 6669
etag: W/"610d1a4d-97e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QLUDnwiMvCR7xSGSbuebfmWmUAetfAgYmtM1Wp%2Ba0vm11H7kv17vfBefLO66mIYHMQmrMN98AP2ThIH29QSXg%2BOtVGtJ2MmA8trQI32uFw5GeYIaUbfw%2BpV7sTeDFwkCq5dLKLILQmcOWPTaFg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d7e2a21c28b-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 111 KB
41 KB 20ms
17ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a162969e2b65a15d2ad5f2f7ae26f9c048df44bc88b9438d33c203ba783b9c01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42027
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 11 Aug 2021 12:22:08 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 45ms
16ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 14ms
11ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.7142074125546412
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: cd861a6729276daa55389345a9defa5b07c7ae213caa420413c82e8882779216

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 12:22:07 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 10ms
9ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx00000000000000491e693-0060df2731-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 7ms
6ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd245-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 12ms
11ms Media
video/mp4 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a44bcc-0060f54e68-141c7b61-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Thu, 11 Aug 2022 18:11:08 GMT

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 12ms
12ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.0.1628684527.0; _ga=GA1.1.770290842.1628684527; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6Imx6S3JXMFdtNFNuamNxcHVUTzQ2THc9PSIsInZhbHVlIjoiTHhzK0hjSVNMWVM3K0dzVE1oWWFVb1ZuMGVSalRVYkRcL3JXaTBLekd6dmE3WkVcL0RZY1VoQmVOV3lYNlN6aVFUIiwibWFjIjoiNzhiNGIyYjRiYjA4ZDQ4OTgzMmE4ZGIzOThlZGU0NzhlNGQxNDdiZTk1ODkzM2RkMTIxODg2NGIwMDg0ZGJmNiJ9; c=eyJpdiI6IjF1dnB2N3RybkR1NGN4NDlsVlwvSVhRPT0iLCJ2YWx1ZSI6IkhPakZJUTlHNFVpd2ZuK29oTUlhRUFoK2JncGJVM2hqSFFIaVcrbnpidndUYmVhNU4rd3F4Y2FWazRlOTJLQlMiLCJtYWMiOiI5N2U1ZDUyZGY4NzkzMTY2YzIyOWMyYTZkODUxMzQ5MmVjNjVmZmM4MDk0MTFjYWEwNzc1NjliYTVmYjAzYmNkIn0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5485
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: "61113bce-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bhjoqQAZQir0uJugEwHQcNXc4TqobongxbJmKlbU1Czus9Il%2FSAb2LfGzdlbWOMN23xUmXM5SIl59cw%2BgfNqY%2B6L1E%2Br%2BdtAY8RbVFWoWpPZrrhb3abz0IrcTD4UX18RojIGSRocP9yQNI0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d7e4cc605fd-FRA

GET
H3-29 200 locate Show response
tgfunnls.org/ 150 B
1 KB 173ms
172ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/locate

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

126f29647a5fd666abd70f0bfe4f9a9b972c2e385e09554cf2fea5ffe35f62fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-xsrf-token: eyJpdiI6Imx6S3JXMFdtNFNuamNxcHVUTzQ2THc9PSIsInZhbHVlIjoiTHhzK0hjSVNMWVM3K0dzVE1oWWFVb1ZuMGVSalRVYkRcL3JXaTBLekd6dmE3WkVcL0RZY1VoQmVOV3lYNlN6aVFUIiwibWFjIjoiNzhiNGIyYjRiYjA4ZDQ4OTgzMmE4ZGIzOThlZGU0NzhlNGQxNDdiZTk1ODkzM2RkMTIxODg2NGIwMDg0ZGJmNiJ9
accept-language: en-US
sec-fetch-dest: empty
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.0.1628684527.0; _ga=GA1.1.770290842.1628684527; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6Imx6S3JXMFdtNFNuamNxcHVUTzQ2THc9PSIsInZhbHVlIjoiTHhzK0hjSVNMWVM3K0dzVE1oWWFVb1ZuMGVSalRVYkRcL3JXaTBLekd6dmE3WkVcL0RZY1VoQmVOV3lYNlN6aVFUIiwibWFjIjoiNzhiNGIyYjRiYjA4ZDQ4OTgzMmE4ZGIzOThlZGU0NzhlNGQxNDdiZTk1ODkzM2RkMTIxODg2NGIwMDg0ZGJmNiJ9; c=eyJpdiI6IjF1dnB2N3RybkR1NGN4NDlsVlwvSVhRPT0iLCJ2YWx1ZSI6IkhPakZJUTlHNFVpd2ZuK29oTUlhRUFoK2JncGJVM2hqSFFIaVcrbnpidndUYmVhNU4rd3F4Y2FWazRlOTJLQlMiLCJtYWMiOiI5N2U1ZDUyZGY4NzkzMTY2YzIyOWMyYTZkODUxMzQ5MmVjNjVmZmM4MDk0MTFjYWEwNzc1NjliYTVmYjAzYmNkIn0%3D
:path: /locate
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6Imx6S3JXMFdtNFNuamNxcHVUTzQ2THc9PSIsInZhbHVlIjoiTHhzK0hjSVNMWVM3K0dzVE1oWWFVb1ZuMGVSalRVYkRcL3JXaTBLekd6dmE3WkVcL0RZY1VoQmVOV3lYNlN6aVFUIiwibWFjIjoiNzhiNGIyYjRiYjA4ZDQ4OTgzMmE4ZGIzOThlZGU0NzhlNGQxNDdiZTk1ODkzM2RkMTIxODg2NGIwMDg0ZGJmNiJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RRLACuPszWJt%2Fhp%2FB%2BEMPeVTBJSzfsEAFZzL4hE%2BP0voitVt2B6k2YNJhg%2BHikaFb1XwWMWaIF%2F9rrF6q52EzY5nRkbA5Jx2m6RC%2BitAV69jffoD8iSO3gMsPUtvrhLSz%2Fc%2BacbNmJwqgp4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlwveklKTTBycTZ6TkRmN1YrMGhic2dBPT0iLCJ2YWx1ZSI6Ik9kTHB2T2lyazU2QkFEa3NqYnc4aU5xUnpzaDBERGFhUjN5WEFsZHJkcHhFWVRaWlwvRUwxUTFMaEt6c2szSEpIIiwibWFjIjoiYmI2NDQwYzc1Njk5OGQ0MTEwMWNhYzUwNjc3OGMxNjhkNjU3OGRkMmQxYTNhMjg3NDE1NTg5N2I5NTIwYzU2OCJ9; expires=Wed, 11-Aug-2021 14:22:08 GMT; Max-Age=7200; path=/ c=eyJpdiI6ImNkV0h2Q2llVWl5cVdrb2dBcEhsanc9PSIsInZhbHVlIjoiaVZqZHBFUXpqZngyWEhCXC9kd3RMOHZZRzNUWUplMnkxU1VZZXo1K1hlR21HNVdkazFJV2dhcU5iUzRcL0R6VzlEIiwibWFjIjoiZTBhMWY3Njg2MDZmYTA4OTgwNzI5Yzg0N2JmMjMzMzNiNWY3YTk0Mjk0YjE4ZTQ3YmIyOWM0YTg4MzFlZTYyZSJ9; expires=Wed, 11-Aug-2021 14:22:08 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d7e6d0c05fd-FRA

GET
BLOB 200
OK 72fd2e8c-bb58-49a3-b602-b960ef874a34
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/72fd2e8c-bb58-49a3-b602-b960ef874a34
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 50ms
49ms Image
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-29 200 tag-a511eb58bc7ee0b0cbc6906497418127.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/ 214 KB
61 KB 24ms
24ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.7142074125546412
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: ffef253989420f0b71eec148da3bbe555e1117a9860323b7a39b267bbb62ebe6

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-f354"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62292
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 95ms
94ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D0B80472655D9D378F7E734C7B39DA29A&h=dc785cd8ac282534ae7bdb8bd3e4b4c5&t=false&r=0.1469310819117391

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:22:07 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 30ms
29ms Fetch
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 4898024456010196187
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 11 Aug 2021 12:22:08 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 15ms
14ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: ffcfdb3754f1adddd907a6bfb088cae417282e33ef063c27efb017b4b2185bd5

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:22:08 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 13ms
13ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

0b47a559d4bd006e590f09b167a01dacc3a2ec891eaf185dcb9decec4ce889fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:04 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 17ms
15ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:22:08 GMT
Server: nginx/1.19.10
Etag: 3699e197-3dae-48d8-8059-abcbd9d22c84
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 19ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:08 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 20ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:08 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 21ms
19ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:08 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 20ms
18ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:08 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 20ms
18ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:08 GMT

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 15ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:08 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 13ms
13ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:08 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 128 KB
50 KB 45ms
44ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c6d9537247b2c33b014a1f9f866faf62de1ebdbef63a8d63f3f4a686d2d88c8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51223
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:08 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2734
date: Wed, 11 Aug 2021 11:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 11 Aug 2021 13:36:34 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 43ms
42ms Script
application/javascript 54.192.219.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.13 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ba0f7c8cd1226246385e057da152929c0c7b7868b6a4b64ff6de9537bf8aeb33

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:14 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 54
etag: W/2bfd20973994a2ba4876103e95eba243
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: MRS52-P2
x-amz-cf-id: KRG7ftsRWOR7g6eLNkiMOW6wD971TQzdxQP3xxc39g7jFyN95V58iQ==
via: 1.1 ee464261ee466fae8314a91098b35372.cloudfront.net (CloudFront)

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 15ms
14ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:08 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 33ms
33ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:08 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 9ms
9ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.5978078414091843&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

POST
H3-29 201 event Show response
tgfunnls.org/ 2 B
1 KB 247ms
247ms XHR
application/json 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/event?hitid={clickId}

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://tgfunnls.org
x-xsrf-token: eyJpdiI6IlwveklKTTBycTZ6TkRmN1YrMGhic2dBPT0iLCJ2YWx1ZSI6Ik9kTHB2T2lyazU2QkFEa3NqYnc4aU5xUnpzaDBERGFhUjN5WEFsZHJkcHhFWVRaWlwvRUwxUTFMaEt6c2szSEpIIiwibWFjIjoiYmI2NDQwYzc1Njk5OGQ0MTEwMWNhYzUwNjc3OGMxNjhkNjU3OGRkMmQxYTNhMjg3NDE1NTg5N2I5NTIwYzU2OCJ9
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.0.1628684527.0; _ga=GA1.1.770290842.1628684527; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; XSRF-TOKEN=eyJpdiI6IlwveklKTTBycTZ6TkRmN1YrMGhic2dBPT0iLCJ2YWx1ZSI6Ik9kTHB2T2lyazU2QkFEa3NqYnc4aU5xUnpzaDBERGFhUjN5WEFsZHJkcHhFWVRaWlwvRUwxUTFMaEt6c2szSEpIIiwibWFjIjoiYmI2NDQwYzc1Njk5OGQ0MTEwMWNhYzUwNjc3OGMxNjhkNjU3OGRkMmQxYTNhMjg3NDE1NTg5N2I5NTIwYzU2OCJ9; c=eyJpdiI6ImNkV0h2Q2llVWl5cVdrb2dBcEhsanc9PSIsInZhbHVlIjoiaVZqZHBFUXpqZngyWEhCXC9kd3RMOHZZRzNUWUplMnkxU1VZZXo1K1hlR21HNVdkazFJV2dhcU5iUzRcL0R6VzlEIiwibWFjIjoiZTBhMWY3Njg2MDZmYTA4OTgwNzI5Yzg0N2JmMjMzMzNiNWY3YTk0Mjk0YjE4ZTQ3YmIyOWM0YTg4MzFlZTYyZSJ9
content-length: 188
:path: /event?hitid={clickId}
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
X-XSRF-TOKEN: eyJpdiI6IlwveklKTTBycTZ6TkRmN1YrMGhic2dBPT0iLCJ2YWx1ZSI6Ik9kTHB2T2lyazU2QkFEa3NqYnc4aU5xUnpzaDBERGFhUjN5WEFsZHJkcHhFWVRaWlwvRUwxUTFMaEt6c2szSEpIIiwibWFjIjoiYmI2NDQwYzc1Njk5OGQ0MTEwMWNhYzUwNjc3OGMxNjhkNjU3OGRkMmQxYTNhMjg3NDE1NTg5N2I5NTIwYzU2OCJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2BYQbfolNYS4g1py%2Fcw2EdM1AMF%2Fe5w5vKEoDt2%2BKymYEQA%2BfNWoPfh0KhRym4gaOf8n%2BWUeEoOPXCbgE%2BkJ02nkeMGs63VhNdmJRL%2Fg%2Btm70CVLaMYU0q7NdatW1aY7KoyyHlxfpJ%2FZkgg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://tgfunnls.org
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjZZQVwvNDBEWWZYM3F0OGV1N1hlbmFBPT0iLCJ2YWx1ZSI6IlRldlNIRlI1aDdHOFNvNFZQYUJVSThhQ0NLUlBwVytmalpXcFpUQlkrMERaZ1BzXC84UENSOXVxb29pXC9TUjZyRiIsIm1hYyI6IjQwZmExODlhY2RlMGI1MzBjODAzZjU1YWI5MjBmNGQ2NTg4ZTkzMjYxZjU0YTBhYWFhZDk5OTJiMzkwYjEyZDIifQ%3D%3D; expires=Wed, 11-Aug-2021 14:22:08 GMT; Max-Age=7200; path=/ c=eyJpdiI6Ik9zVCtvVG9xXC8rbVNGSVc0TjJIK2lRPT0iLCJ2YWx1ZSI6IkhiWnRFR0lJQUZpK1YwQndGU0ZVZEJyTnN0XC9nU0Vqa1hnVmpnMUtYWEczMVBudWx3dDN3WUVPVmhxXC9sWlhYTyIsIm1hYyI6IjdjZDIzYzcwYTU0MTg2MzBjYmIzMzNhMmI5YTFmM2E2ZTE1NmI1NmQxZGFiOTcwNzhlYjUzYTE4N2MxNTVjNWIifQ%3D%3D; expires=Wed, 11-Aug-2021 14:22:08 GMT; Max-Age=7200; path=/; httponly
cf-ray: 67d16d7f9f9605fd-FRA

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 9ms
8ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.6074726728950597
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:07 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 26ms
26ms Script
application/javascript 54.192.219.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 511443
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 1cfafe71e396134dc106e8c1515876bd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: jh2sXLLGR8jZak9089fEMgpY38WsrDzKted_ZqAwO-W6u3wMrni8cQ==

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 9ms
6ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=1116970119&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=770290842.1628684527&tid=UA-192660002-1&_gid=642354007.1628684527&gtm=2wg891MSK8GMG&z=1189468428

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Aug 2021 20:58:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 55418
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 tag-1a6cb79d9b921e9f733a3a9f91c43b90.js Show response
dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/ 668 B
329 B 11ms
10ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 6e1f2e0970c3d1d6cdacfecdd613ce1c42990ea5d4a9a85fe6f0700d20a96634

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-133"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 307
via: 1.1 google

GET
H2 200 a3a7b431bde66f8790628956fd6a9e14.js Show response
cdn.pushcrew.com/js/ 248 KB
70 KB 102ms
102ms Script
application/javascript 34.102.183.26
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushcrew.com/js/a3a7b431bde66f8790628956fd6a9e14.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkcGM6MS4w/tag-1a6cb79d9b921e9f733a3a9f91c43b90.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.183.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.183.102.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a74b97179203cf3de9b255635c3927c34791cabfe69261cc8d1235c13315e78

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 08:48:27 GMT
server: nginx
etag: W/"60cc5ddb-3e05c"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1800
alt-svc: clear
via: 1.1 google
expires: Wed, 11 Aug 2021 12:52:08 GMT

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame E0CF 2 KB
1 KB 25ms
25ms Document
text/html 52.84.45.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.45.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-45-59.mrs52.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tgfunnls.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 03 Jun 2021 10:15:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 03 Jun 2021 10:14:54 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e5c15247ec560744bc8eee50e069c231.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-P1
x-amz-cf-id: _9qwYRlX9G1dHOyDMdB28AVVYK0Tly0VC4evbk7qIb5P5dNN0Zpsbg==
age: 5969223

POST
H/1.1 200
OK add
tagdataxrt.com/log/ 12 B
597 B 16ms
16ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:08 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ Frame 0
0 14ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:08 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add
tagdataxrt.com/time_visit/ 0
422 B 14ms
14ms Ping
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/time_visit/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 11 Aug 2021 12:22:08 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 Primary Request / Show response
tgfunnls.org/dly1st/ 31 KB
8 KB 384ms
383ms Document
text/html 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8e90d5ba45e39b1c471b76f6c2e5c24258cdf08af7a955bb3ab4790c4e502fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tgfunnls.org
:scheme: https
:path: /dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.1.1628684528.0; _ga=GA1.1.770290842.1628684527; XSRF-TOKEN=eyJpdiI6IjZZQVwvNDBEWWZYM3F0OGV1N1hlbmFBPT0iLCJ2YWx1ZSI6IlRldlNIRlI1aDdHOFNvNFZQYUJVSThhQ0NLUlBwVytmalpXcFpUQlkrMERaZ1BzXC84UENSOXVxb29pXC9TUjZyRiIsIm1hYyI6IjQwZmExODlhY2RlMGI1MzBjODAzZjU1YWI5MjBmNGQ2NTg4ZTkzMjYxZjU0YTBhYWFhZDk5OTJiMzkwYjEyZDIifQ%3D%3D; c=eyJpdiI6Ik9zVCtvVG9xXC8rbVNGSVc0TjJIK2lRPT0iLCJ2YWx1ZSI6IkhiWnRFR0lJQUZpK1YwQndGU0ZVZEJyTnN0XC9nU0Vqa1hnVmpnMUtYWEczMVBudWx3dDN3WUVPVmhxXC9sWlhYTyIsIm1hYyI6IjdjZDIzYzcwYTU0MTg2MzBjYmIzMzNhMmI5YTFmM2E2ZTE1NmI1NmQxZGFiOTcwNzhlYjUzYTE4N2MxNTVjNWIifQ%3D%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Ik0zMGd3VjJua1lybGVlUlJMVU9YeEE9PSIsInZhbHVlIjoiemZVdHE0NEV0ZjdGaGJMcytCV2d4ZE1sMFhZMGZOdE9ObG81QTZxZzZORmVXUjhYR1JhSmNmZElHbHA5ZTFyTCIsIm1hYyI6IjIyMjgzNmE5OTA2ZTc2Yzc3ZWE0YmEzMDM2NTYxNjFjMTNmNTQzZDE2MjE2YmM5OTNkNjEzZDNlNWI5YmYzZmQifQ%3D%3D; expires=Wed, 11-Aug-2021 14:22:09 GMT; Max-Age=7200; path=/ c=eyJpdiI6IlN2OVwvRWQ5dlRUUUdodFpCczdZQmt3PT0iLCJ2YWx1ZSI6IjhETXVrNHkwWmFFa0tNdEJ5TWtMZTlvXC80ZHp4UEg0SnlGRFQxWUtreW5OVitNNFE5cmE2K2NOcnlyRTloNnVmIiwibWFjIjoiZjRlM2NmM2QyZGNmNmQyNTdmZWU4YWNjOGY5ZjAzMjhmOGJlMTMwNTRjZGEwYWJmMjJmY2RiOWVhY2RlN2JkZiJ9; expires=Wed, 11-Aug-2021 14:22:09 GMT; Max-Age=7200; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-proc: 1
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yXrURpWiESZEbZUO%2B3peK9C6EtRgnusmNLq6oy%2F785IyjqPgvuB7zOOv55ILoUC8G%2BVB%2FU41lqdh0c%2FEDGFpkUzTNK9SLiAnO5x4ZZjBNFL93fh7ABwQAYe5smtKUg2e%2FoHo5bVukSPC0do%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67d16d825dbf05fd-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST collect
www.google-analytics.com/g/ 0
0

GET
H3-29 200 forms.css
tgfunnls.org/css/ 20 KB
4 KB 16ms
15ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cc75f6ff6ccc8f9737ba9b6e44903687d4cd600464dc9a25b2fcfbfd231ebc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/forms.css?id=108aa07ef4cadffb88ba
pragma: no-cache
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.1.1628684528.0; _ga=GA1.1.770290842.1628684527; XSRF-TOKEN=eyJpdiI6Ik0zMGd3VjJua1lybGVlUlJMVU9YeEE9PSIsInZhbHVlIjoiemZVdHE0NEV0ZjdGaGJMcytCV2d4ZE1sMFhZMGZOdE9ObG81QTZxZzZORmVXUjhYR1JhSmNmZElHbHA5ZTFyTCIsIm1hYyI6IjIyMjgzNmE5OTA2ZTc2Yzc3ZWE0YmEzMDM2NTYxNjFjMTNmNTQzZDE2MjE2YmM5OTNkNjEzZDNlNWI5YmYzZmQifQ%3D%3D; c=eyJpdiI6IlN2OVwvRWQ5dlRUUUdodFpCczdZQmt3PT0iLCJ2YWx1ZSI6IjhETXVrNHkwWmFFa0tNdEJ5TWtMZTlvXC80ZHp4UEg0SnlGRFQxWUtreW5OVitNNFE5cmE2K2NOcnlyRTloNnVmIiwibWFjIjoiZjRlM2NmM2QyZGNmNmQyNTdmZWU4YWNjOGY5ZjAzMjhmOGJlMTMwNTRjZGEwYWJmMjJmY2RiOWVhY2RlN2JkZiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 652
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-5107"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1JfCbM6B%2Fc6SYqgYmVxpfk9JOly%2B5FyoiVqc1V4KmyOD3MJlNwiuQq7ld1sMciFXXAEdDH6R3wdn7YVSITjzuvxNbfwTn3onLOF8LEm3urbqKkxAnFE%2Bi3FyjY6VmFGGFRE0M%2FD%2B1hj1V%2FA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d84dbb405fd-FRA

GET
H3-29 200 flow.css
tgfunnls.org/css/ 385 B
761 B 16ms
16ms Stylesheet
text/css 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/css/flow.css?id=1a2dada5ba76c1b29ae1

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df456c4794989b11dda8d76813cbf505b2707048f4cc89d7db15956779ca3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /css/flow.css?id=1a2dada5ba76c1b29ae1
pragma: no-cache
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.1.1628684528.0; _ga=GA1.1.770290842.1628684527; XSRF-TOKEN=eyJpdiI6Ik0zMGd3VjJua1lybGVlUlJMVU9YeEE9PSIsInZhbHVlIjoiemZVdHE0NEV0ZjdGaGJMcytCV2d4ZE1sMFhZMGZOdE9ObG81QTZxZzZORmVXUjhYR1JhSmNmZElHbHA5ZTFyTCIsIm1hYyI6IjIyMjgzNmE5OTA2ZTc2Yzc3ZWE0YmEzMDM2NTYxNjFjMTNmNTQzZDE2MjE2YmM5OTNkNjEzZDNlNWI5YmYzZmQifQ%3D%3D; c=eyJpdiI6IlN2OVwvRWQ5dlRUUUdodFpCczdZQmt3PT0iLCJ2YWx1ZSI6IjhETXVrNHkwWmFFa0tNdEJ5TWtMZTlvXC80ZHp4UEg0SnlGRFQxWUtreW5OVitNNFE5cmE2K2NOcnlyRTloNnVmIiwibWFjIjoiZjRlM2NmM2QyZGNmNmQyNTdmZWU4YWNjOGY5ZjAzMjhmOGJlMTMwNTRjZGEwYWJmMjJmY2RiOWVhY2RlN2JkZiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 652
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-181"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yOMAYMSRWuSLJ%2B1wlnK7UbxsTLYVnAVpke4jjCQKQloaua7pbuLT38i4fZ6MkScBNWTmwJl%2By5JIMfMGbjZRjIOqXp0okMDXAPtXGyi4jrQJT6l%2Fu7ddgFcxtMes2w4W4oolPKSD9tZEYGg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d16d84dbb705fd-FRA

GET
H2 200 funnel.css
static-13333.kxcdn.com/5275/build/ 91 KB
26 KB 10ms
9ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.css

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dd81a03016de5c1be49281bb42f5db84bf8968b636e893daa0ee24de5dbdd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf7b-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"0e60432e5a822d61eaf0ff2172f524ed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 15ms
14ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 logo.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 32ms
25ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/logo.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

3d0776f2afd4256733e307cf46921dde2e1497a2767eb8bcb8ac17d5de9d2344

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7f-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2455
last-modified: Fri, 02 Jul 2021 14:32:26 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "cded24bb8b99f2aa7ab4e4ddc59c28e6"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H2 200 top-arrow.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 32ms
25ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/top-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c4d3b32e24ea06591e7f166b20939f84cb767bb0742bc3c51f07c6f4b684f1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd188-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2961
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e2980701aad64cef71bd2296f5f6386b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H3-29 200 check-icon.png
tgfunnls.org/images/ 44 KB
45 KB 42ms
36ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb457691c6f5dc0d3fd537218a627750b199db5253e22dad9dc4f78fa48016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/check-icon.png
pragma: no-cache
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.1.1628684528.0; _ga=GA1.1.770290842.1628684527; XSRF-TOKEN=eyJpdiI6Ik0zMGd3VjJua1lybGVlUlJMVU9YeEE9PSIsInZhbHVlIjoiemZVdHE0NEV0ZjdGaGJMcytCV2d4ZE1sMFhZMGZOdE9ObG81QTZxZzZORmVXUjhYR1JhSmNmZElHbHA5ZTFyTCIsIm1hYyI6IjIyMjgzNmE5OTA2ZTc2Yzc3ZWE0YmEzMDM2NTYxNjFjMTNmNTQzZDE2MjE2YmM5OTNkNjEzZDNlNWI5YmYzZmQifQ%3D%3D; c=eyJpdiI6IlN2OVwvRWQ5dlRUUUdodFpCczdZQmt3PT0iLCJ2YWx1ZSI6IjhETXVrNHkwWmFFa0tNdEJ5TWtMZTlvXC80ZHp4UEg0SnlGRFQxWUtreW5OVitNNFE5cmE2K2NOcnlyRTloNnVmIiwibWFjIjoiZjRlM2NmM2QyZGNmNmQyNTdmZWU4YWNjOGY5ZjAzMjhmOGJlMTMwNTRjZGEwYWJmMjJmY2RiOWVhY2RlN2JkZiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5026
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45018
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:27:10 GMT
server: cloudflare
etag: "61113b3e-afda"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9mmlCSv8ujMPkA%2Fsk3OmLhpbftH5T8iI2umCHmzcsoBLn%2B1a80%2BI8Ye3cr41XNVuBpq5ivMzGs0e5UtLRxsyzrDZFUFZFwVzmPogFa83%2FNMpvWimgE%2B%2BUyBTaIOw2NwCQzs2yPM5lRbyO1I%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d855d0605fd-FRA

GET
H2 200 safe.png
static-13333.kxcdn.com/5275/images/ 10 KB
11 KB 32ms
25ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/safe.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

c001780d5a0136da809d6908ac44d8b0e4d9b36bf9891772a006294888226576

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7e-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 10593
last-modified: Fri, 02 Jul 2021 14:32:17 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "e16845cf547d72f2f0b2febfa375d9f9"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H2 200 bg-arrow.png
static-13333.kxcdn.com/5275/images/ 7 KB
8 KB 32ms
26ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5902ac2e28cc5433d57a98a62be69037be09754da694348e03d3e3b9e776f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7d-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 7356
last-modified: Fri, 02 Jul 2021 14:32:23 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "0575766ae817ee467a729e846374d22c"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H2 200 check-icon.png
static-13333.kxcdn.com/5275/images/ 2 KB
3 KB 32ms
26ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/check-icon.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

4a404a950ef8cfa3eb686e62c8ab17e0a4609f2300e53d874a96ec618ab9474d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd193-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2273
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c34ab81524c5f98e40dc0dad59601758"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H2 200 spots-arrow.png
static-13333.kxcdn.com/5275/images/ 5 KB
6 KB 28ms
28ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/spots-arrow.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

7c01610e53cbe2313bd441cd9182762cec4240e4eecebeca6d086f34e4672784

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf82-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 5306
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32acdf2cce46993b09041ebed9d00140"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H2 200 john.jpg
static-13333.kxcdn.com/5275/images/ 9 KB
10 KB 29ms
28ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john.jpg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

aff262b0ff8882606831b77cb7fe8c2b7ee184a4c3a4e10de152932dde9ed3f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18f-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 9704
last-modified: Fri, 02 Jul 2021 14:32:21 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "ca826d01f1cbba3eb6e3e1f697bca6bc"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H2 200 john-sign.png
static-13333.kxcdn.com/5275/images/ 7 KB
7 KB 9ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/john-sign.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2c92fcee0f7c5fd992e818cd6e5f621e8701cea9b4b23eb03e2567560c7dd266

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf87-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 6824
last-modified: Fri, 02 Jul 2021 14:32:43 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e77bdde18036a84289f7b89b03cddc0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H2 200 social-callback-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/social-callback-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

b097d9409b9b2fcde3993197635d6e7d49126e794dec3c3a5de9892cce15ec84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd187-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2899
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "26e1186a209747d755be97f26d7fef17"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H2 200 facebook.png
static-13333.kxcdn.com/5275/images/ 45 KB
46 KB 9ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/facebook.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

45a8e9f975bd2d7db2041c671affac022eaf0b8db46c516a6f2021d30631aea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf7c-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 46358
last-modified: Fri, 02 Jul 2021 14:32:18 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "99efc09d6e35b01ef07e555c6c9c06ac"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H2 200 twitter.png
static-13333.kxcdn.com/5275/images/ 33 KB
34 KB 8ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/twitter.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

f3567cf9eb0717ad9840ff19014abf051d9bebb63ba3d270eb23d409dd449b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf79-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 33933
last-modified: Fri, 02 Jul 2021 14:32:45 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1538bf85a2428c7ab27b923233ceac2d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H2 200 features-title.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 8ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/features-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

5e840708085df16224eeb0d8a8b3758d39bc7c60d3f0587ea1308f7d37d2e9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18e-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2835
last-modified: Fri, 02 Jul 2021 14:32:24 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "8e8fd39ca90b9e536e71366f72e27061"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H2 200 feature1.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 9ms
9ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature1.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

427e9cf9bc070b73cae44b858b1cbb147385ccf3b74522b00606e8441d74eb21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd189-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2649
last-modified: Fri, 02 Jul 2021 14:32:27 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "32e947291780f319b5424fb0fed97339"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H2 200 feature2.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 12ms
7ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature2.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d35ec7636f20627c46249b7ac076fd59aad2c15c8207c92cc8251df812abc0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18b-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2845
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "a02cbfb7009f4eb7bca716371bbc6162"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H2 200 feature3.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 13ms
8ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature3.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

41cc8226265d071dd816f01b4e656e9575b49927ecb0806984d85fd2acb3b318

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd185-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2618
last-modified: Fri, 02 Jul 2021 14:32:44 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "1e439861ae0e257dd74094cd20495531"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H2 200 feature4.png
static-13333.kxcdn.com/5275/images/ 3 KB
3 KB 12ms
9ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/feature4.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

d7e57b7c8fc1a0e25b893fc00da8cca5368cc489227958d4a781665339cd7260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18a-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 2573
last-modified: Fri, 02 Jul 2021 14:32:19 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "f042fbbf22d575de6d906249ec2dc324"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H2 200 faq-title.png
static-13333.kxcdn.com/5275/images/ 4 KB
4 KB 13ms
10ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-title.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

218be04d48aa9aa4da9bb4a708dbb463576fd8653914fd05bb113ce654dce714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048dcf81-0060df2533-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3706
last-modified: Fri, 02 Jul 2021 14:32:42 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "b95f5e7ccaaf9e8f6f1117efa9ab100a"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H2 200 faq-list-title-bg.png
static-13333.kxcdn.com/5275/images/ 2 KB
2 KB 12ms
11ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/faq-list-title-bg.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

9749d6d7aee9bdd7b806eb8fd8fa1bfd7ef25aab0aba744948b279d4c1a348ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd18d-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 1546
last-modified: Fri, 02 Jul 2021 14:32:22 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "567ea5254334fde95913b6cd592aad5f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H3-29 200 sad-face.svg
tgfunnls.org/media/ 1 KB
1 KB 28ms
24ms Image
image/svg+xml 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/media/sad-face.svg

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186b9079a05f19ddd2a548dbc1ec2c69087c76d8e9e1637dbced630edb793104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /media/sad-face.svg
pragma: no-cache
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.1.1628684528.0; _ga=GA1.1.770290842.1628684527; XSRF-TOKEN=eyJpdiI6Ik0zMGd3VjJua1lybGVlUlJMVU9YeEE9PSIsInZhbHVlIjoiemZVdHE0NEV0ZjdGaGJMcytCV2d4ZE1sMFhZMGZOdE9ObG81QTZxZzZORmVXUjhYR1JhSmNmZElHbHA5ZTFyTCIsIm1hYyI6IjIyMjgzNmE5OTA2ZTc2Yzc3ZWE0YmEzMDM2NTYxNjFjMTNmNTQzZDE2MjE2YmM5OTNkNjEzZDNlNWI5YmYzZmQifQ%3D%3D; c=eyJpdiI6IlN2OVwvRWQ5dlRUUUdodFpCczdZQmt3PT0iLCJ2YWx1ZSI6IjhETXVrNHkwWmFFa0tNdEJ5TWtMZTlvXC80ZHp4UEg0SnlGRFQxWUtreW5OVitNNFE5cmE2K2NOcnlyRTloNnVmIiwibWFjIjoiZjRlM2NmM2QyZGNmNmQyNTdmZWU4YWNjOGY5ZjAzMjhmOGJlMTMwNTRjZGEwYWJmMjJmY2RiOWVhY2RlN2JkZiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
x-proc: 2
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 652
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:19 GMT
server: cloudflare
etag: W/"61113bbf-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nOYn%2B971J%2FyaRkVpOR74vNi%2BxtFM6Zzcufux4LjQx%2BgnZdQzwLyDWQ%2BpkW%2FxooLLrMFEJKaNBoZ6C6iB54aKlDuK2YWRzqRGDKGFMBbwc1U52Mn992oB35vHyawcey6vXkCw504FDnrW7l8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 67d16d855d0905fd-FRA

GET
H3-29 200 email-decode.min.js Show response
tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 11ms
11ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.1.1628684528.0; _ga=GA1.1.770290842.1628684527; XSRF-TOKEN=eyJpdiI6Ik0zMGd3VjJua1lybGVlUlJMVU9YeEE9PSIsInZhbHVlIjoiemZVdHE0NEV0ZjdGaGJMcytCV2d4ZE1sMFhZMGZOdE9ObG81QTZxZzZORmVXUjhYR1JhSmNmZElHbHA5ZTFyTCIsIm1hYyI6IjIyMjgzNmE5OTA2ZTc2Yzc3ZWE0YmEzMDM2NTYxNjFjMTNmNTQzZDE2MjE2YmM5OTNkNjEzZDNlNWI5YmYzZmQifQ%3D%3D; c=eyJpdiI6IlN2OVwvRWQ5dlRUUUdodFpCczdZQmt3PT0iLCJ2YWx1ZSI6IjhETXVrNHkwWmFFa0tNdEJ5TWtMZTlvXC80ZHp4UEg0SnlGRFQxWUtreW5OVitNNFE5cmE2K2NOcnlyRTloNnVmIiwibWFjIjoiZjRlM2NmM2QyZGNmNmQyNTdmZWU4YWNjOGY5ZjAzMjhmOGJlMTMwNTRjZGEwYWJmMjJmY2RiOWVhY2RlN2JkZiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Aug 2021 12:35:03 GMT
server: cloudflare
etag: W/"610bdaf7-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ja0SPQEu6g0wuqF1VB7EfPjwZVQUZ8wCNsdTcxnvflX4arW%2BmwxGBokqsxOcadv%2F7sEJ%2FXJgVsM2OUs2qccsry6rZyLi77J%2B1q7M8mK4kmjfE9TpHfrkmBCdCY1mVtTk95xlmypfDTwQmNI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d84fc1b05fd-FRA
vary: Accept-Encoding
expires: Fri, 13 Aug 2021 12:22:09 GMT

GET
H3-29 200 redirect.js Show response
tgfunnls.org/js/ 3 KB
2 KB 17ms
17ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/redirect.js?id=bd8708e91008076c9ff9

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0979e653bf7370685f5d0ec7448e28d33f46754d5411cf5a7cd3df6ecafc1a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/redirect.js?id=bd8708e91008076c9ff9
pragma: no-cache
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.1.1628684528.0; _ga=GA1.1.770290842.1628684527; XSRF-TOKEN=eyJpdiI6Ik0zMGd3VjJua1lybGVlUlJMVU9YeEE9PSIsInZhbHVlIjoiemZVdHE0NEV0ZjdGaGJMcytCV2d4ZE1sMFhZMGZOdE9ObG81QTZxZzZORmVXUjhYR1JhSmNmZElHbHA5ZTFyTCIsIm1hYyI6IjIyMjgzNmE5OTA2ZTc2Yzc3ZWE0YmEzMDM2NTYxNjFjMTNmNTQzZDE2MjE2YmM5OTNkNjEzZDNlNWI5YmYzZmQifQ%3D%3D; c=eyJpdiI6IlN2OVwvRWQ5dlRUUUdodFpCczdZQmt3PT0iLCJ2YWx1ZSI6IjhETXVrNHkwWmFFa0tNdEJ5TWtMZTlvXC80ZHp4UEg0SnlGRFQxWUtreW5OVitNNFE5cmE2K2NOcnlyRTloNnVmIiwibWFjIjoiZjRlM2NmM2QyZGNmNmQyNTdmZWU4YWNjOGY5ZjAzMjhmOGJlMTMwNTRjZGEwYWJmMjJmY2RiOWVhY2RlN2JkZiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 652
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: W/"61113bce-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ejQFk4rHkcOGVKCDVUK8dizKjgFhxtQQjn9dRIcOgqkoLoyo0xMO1zxKsZMnRPUdrg92JI6D%2BV59JZ4fVsMYxBjH%2Fpceu71u6veFB3gjUpS2mNJur28BHUpOJiASTL43At%2BZOIEx2quLkjc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d84fc1c05fd-FRA

GET
H3-29 200 l.js Show response
tgfunnls.org/js/ 401 KB
110 KB 25ms
25ms Script
application/javascript 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tgfunnls.org/js/l.js?id=6cf7b69175b2a676ebf3

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1669423eca631e2fa8053ff74039a11ff6afac3a94dc37f357ce8d6ec9362913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/l.js?id=6cf7b69175b2a676ebf3
pragma: no-cache
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.1.1628684528.0; _ga=GA1.1.770290842.1628684527; XSRF-TOKEN=eyJpdiI6Ik0zMGd3VjJua1lybGVlUlJMVU9YeEE9PSIsInZhbHVlIjoiemZVdHE0NEV0ZjdGaGJMcytCV2d4ZE1sMFhZMGZOdE9ObG81QTZxZzZORmVXUjhYR1JhSmNmZElHbHA5ZTFyTCIsIm1hYyI6IjIyMjgzNmE5OTA2ZTc2Yzc3ZWE0YmEzMDM2NTYxNjFjMTNmNTQzZDE2MjE2YmM5OTNkNjEzZDNlNWI5YmYzZmQifQ%3D%3D; c=eyJpdiI6IlN2OVwvRWQ5dlRUUUdodFpCczdZQmt3PT0iLCJ2YWx1ZSI6IjhETXVrNHkwWmFFa0tNdEJ5TWtMZTlvXC80ZHp4UEg0SnlGRFQxWUtreW5OVitNNFE5cmE2K2NOcnlyRTloNnVmIiwibWFjIjoiZjRlM2NmM2QyZGNmNmQyNTdmZWU4YWNjOGY5ZjAzMjhmOGJlMTMwNTRjZGEwYWJmMjJmY2RiOWVhY2RlN2JkZiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: tgfunnls.org
referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
x-proc: 1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3902
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:21 GMT
server: cloudflare
etag: W/"61113bc1-645ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UOBWE4VemP18IfqA81vQ8h1q3yPbdA8%2FfiA2MlMCB%2BxX%2BsRXADBDYkJG0GLKTvsmT3NGBIazc%2FUdl%2BJmZHV2n3p7BpGWjXNKPsVDYgrBHhZ8VuM%2FLYyXMz34RX8uB1c1xsxszhWGyxDSFbE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 67d16d851c4c05fd-FRA

GET
H2 200 funnel.js Show response
static-13333.kxcdn.com/5275/build/ 954 KB
319 KB 11ms
5ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/build/funnel.js

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a52901c6296f571a48143efc8c7626714f2f15a0e034390d31380d508684ad0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 14:31:57 GMT
server: keycdn-engine
x-amz-request-id: tx0000000000000048dcf86-0060df2533-12e87130-fra1a
x-edge-location: defr
etag: W/"545236a1390ffa369d186b44dab8e706"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556940
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H/1.1 200 hp Show response
in.xr117.xyz/ 382 B
616 B 18ms
15ms Script
text/plain 18.193.146.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.xr117.xyz/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.146.82 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-146-82.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:22:09 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200 hp Show response
in.bd44.fun/ 382 B
616 B 48ms
15ms Script
text/plain 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/hp
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 12:22:09 GMT
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Server: nginx
Connection: keep-alive
Content-Length: 382
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 tag.js Show response
tagstaticx.com/ 38 KB
14 KB 23ms
20ms Script
application/javascript 2606:4700:3033::6815:3d08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3d08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 789421e97c465f7367c2c16bad228afc0d9211d9ff3c949b7ef88b72e9fc30db

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 06 Aug 2021 11:17:33 GMT
server: cloudflare
age: 6670
etag: W/"610d1a4d-97e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K8UMxioG2FflRhO1qCGSsNvJd1UWTrXOAYyZHlnxnsxVCx180%2FYtLKmgFL5y%2Fcrj9Esvjw5W27TtB8eJ5V8Pjh5hKI42whvmNqPD%2FY3plkTW4dyK2ppkuV%2BXC%2BdZaqQPia5p1%2FLBcuErsH0imA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d16d8549b72c22-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 111 KB
41 KB 19ms
16ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

abf5e420544cdc91fec5600e8fac1b07f6fd02f69671fa214259ad6518213358

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42029
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 11 Aug 2021 12:22:09 GMT

GET
H/1.1 400 conversion.js
in.bd44.fun/ 0
0 41ms
14ms Script
text/html 18.195.174.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.bd44.fun/conversion.js?cid=OPTIONAL&et=CLICK
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 12ms
10ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.6828384383712032
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 8b93b565a4ca452a29e3b7922c91eed64430f754a4fd43218e35f39e9f9c6052

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 12:22:09 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 bg-pattern2.png
static-13333.kxcdn.com/5275/images/ 3 KB
4 KB 25ms
25ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/bg-pattern2.png

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

0dbbd4b1f92b5f123bb6d85da5224dbac1ef2873359ae63159fbd8c1d8aee472

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx00000000000000491e693-0060df2731-12e87130-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 3494
last-modified: Fri, 02 Jul 2021 14:32:28 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "9ff60a873ce8a83d6f92c07bbb97461d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H2 200 money-bg.jpg
static-13333.kxcdn.com/5275/images/ 192 KB
193 KB 26ms
25ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static-13333.kxcdn.com/5275/images/money-bg.jpg

Requested by

Host: static-13333.kxcdn.com
URL: https://static-13333.kxcdn.com/5275/build/funnel.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d6b0b2b3ce3ec690491ad53348667285877a284d43a58bae67219df3128c453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://static-13333.kxcdn.com/5275/build/funnel.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx0000000000000048fd245-0060df2533-12ed1804-fra1a
x-edge-location: defr
x-cache: HIT
content-length: 196622
last-modified: Fri, 02 Jul 2021 14:32:29 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "00484ef568e5c529bc92d2698631954b"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
x-rgw-object-type: Normal
accept-ranges: bytes
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H2 206 de-1.mp4
static-13333.kxcdn.com/5275/media/ 64 KB
0 13ms
12ms Media
video/mp4 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://static-13333.kxcdn.com/5275/media/de-1.mp4

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn-engine /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://tgfunnls.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: tx000000000000004a44bcc-0060f54e68-141c7b61-fra1a
x-edge-location: defr
x-cache: HIT
Content-Range: bytes 0-124690623/124690624
Content-Length: 124690624
last-modified: Fri, 02 Jul 2021 14:32:03 GMT
server: keycdn-engine
cache-control: max-age=31556940
etag: "c8811d0b7aa283893d6ec2a19899685f-24"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: video/mp4
access-control-allow-origin: *
x-rgw-object-type: Normal
expires: Thu, 11 Aug 2022 18:11:09 GMT

GET
H3-29 200 flags.png
tgfunnls.org/images/vendor/intl-tel-input/build/ 69 KB
70 KB 27ms
24ms Image
image/png 2606:4700:3033::ac43:bc5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tgfunnls.org/images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:bc5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/vendor/intl-tel-input/build/flags.png?416250f60d785a2e02f17e054d2e4e44
pragma: no-cache
cookie: _vwo_uuid_v2=D0B80472655D9D378F7E734C7B39DA29A|dc785cd8ac282534ae7bdb8bd3e4b4c5; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gid=GA1.2.642354007.1628684527; _gat_UA-192660002-1=1; _hjid=74ba1074-6ae6-456b-bcea-bda49f8b4b17; _hjFirstSeen=1; _ga_Y6C8Y8V9BH=GS1.1.1628684527.1.1.1628684528.0; _ga=GA1.1.770290842.1628684527; XSRF-TOKEN=eyJpdiI6Ik0zMGd3VjJua1lybGVlUlJMVU9YeEE9PSIsInZhbHVlIjoiemZVdHE0NEV0ZjdGaGJMcytCV2d4ZE1sMFhZMGZOdE9ObG81QTZxZzZORmVXUjhYR1JhSmNmZElHbHA5ZTFyTCIsIm1hYyI6IjIyMjgzNmE5OTA2ZTc2Yzc3ZWE0YmEzMDM2NTYxNjFjMTNmNTQzZDE2MjE2YmM5OTNkNjEzZDNlNWI5YmYzZmQifQ%3D%3D; c=eyJpdiI6IlN2OVwvRWQ5dlRUUUdodFpCczdZQmt3PT0iLCJ2YWx1ZSI6IjhETXVrNHkwWmFFa0tNdEJ5TWtMZTlvXC80ZHp4UEg0SnlGRFQxWUtreW5OVitNNFE5cmE2K2NOcnlyRTloNnVmIiwibWFjIjoiZjRlM2NmM2QyZGNmNmQyNTdmZWU4YWNjOGY5ZjAzMjhmOGJlMTMwNTRjZGEwYWJmMjJmY2RiOWVhY2RlN2JkZiJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tgfunnls.org
referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tgfunnls.org/css/forms.css?id=108aa07ef4cadffb88ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
x-proc: 3
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5486
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 70857
x-xss-protection: 1; mode=block
last-modified: Mon, 09 Aug 2021 14:29:34 GMT
server: cloudflare
etag: "61113bce-114c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jLg7kK8AB1jvsHnXJ6bii%2FQZmhNQbLmNpP%2FMmlat8TuQanXZZ4oPirF56XPogPO25IxfdJGsWS7j5MMvhlYw8Ru60029Ml8%2BkjQsq7L3oxNax1AOPBZFmNrbQGoY%2B8HXYkmX4CWTnp6QYGI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d16d859db105fd-FRA

GET locate
tgfunnls.org/ 0
0

GET
BLOB 200
OK a9cd4b0c-5693-4623-9af5-3e9cd3342afe
https://tgfunnls.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://tgfunnls.org/a9cd4b0c-5693-4623-9af5-3e9cd3342afe
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 403 videothumbnail-1.png
static-13333.kxcdn.com/5275/images/ 0
0 38ms
37ms Image
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-13333.kxcdn.com/5275/images/videothumbnail-1.png
Requested by: Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://tgfunnls.org
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-29 200 tag-a511eb58bc7ee0b0cbc6906497418127.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/ 214 KB
61 KB 10ms
9ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=449005&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&f=1&r=0.6828384383712032
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: ffef253989420f0b71eec148da3bbe555e1117a9860323b7a39b267bbb62ebe6

Request headers

Origin: https://tgfunnls.org
Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:08 GMT
content-encoding: br
last-modified: Tue, 10 Aug 2021 11:55:59 GMT
server: gfra1
etag: "6112694f-f354"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62292
via: 1.1 google

GET
H3-29 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 95ms
94ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=449005&d=tgfunnls.org&u=D0B80472655D9D378F7E734C7B39DA29A&h=dc785cd8ac282534ae7bdb8bd3e4b4c5&t=false&r=0.09582791475065333

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 12:22:09 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

HEAD
H3-29 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 36ms
36ms Fetch
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 4898024456010196187
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 11 Aug 2021 12:22:09 GMT

GET
H/1.1 200
OK version.js Show response
tagdatax.com/ 57 B
260 B 22ms
18ms Script
application/javascript 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/version.js
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: a721c5f16c4c255bb01b2a0228c4f153697b5f412d20aa17bf6f929075adcccd

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:22:09 GMT
Cache-Control: private, max-age=63072000
Server: nginx/1.19.10
Connection: keep-alive
Content-Length: 57
Content-Type: application/javascript

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 22ms
16ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

9367bb7ab6d26766ce5ddc21e5018563dfc695825839b9adbc87a88f49678a6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:05 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://tgfunnls.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg Show response
tagdatax.com/ 28 B
617 B 23ms
20ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdatax.com/pix.jpg
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 12:22:09 GMT
Server: nginx/1.19.10
Etag: 652346f3-a943-4983-8726-9c666d89f626
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET
H3-29 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
5 KB 19ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:09 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 19ms
16ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:09 GMT

GET
H3-29 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 19ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:09 GMT

GET
H3-29 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 19ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:09 GMT

GET
H3-29 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 18ms
17ms Image
image/png 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:09 GMT

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ Frame 0
0 18ms
18ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:09 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add Show response
tagdataxrt.com/ir/ 0
537 B 22ms
22ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:09 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 128 KB
50 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y6C8Y8V9BH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c6d9537247b2c33b014a1f9f866faf62de1ebdbef63a8d63f3f4a686d2d88c8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51223
x-xss-protection: 0
expires: Wed, 11 Aug 2021 12:22:09 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MSK8GMG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 2735
date: Wed, 11 Aug 2021 11:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 11 Aug 2021 13:36:34 GMT

GET
H2 200 hotjar-2304105.js Show response
static.hotjar.com/c/ 5 KB
2 KB 29ms
28ms Script
application/javascript 54.192.219.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.13 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ba0f7c8cd1226246385e057da152929c0c7b7868b6a4b64ff6de9537bf8aeb33

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:14 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 55
etag: W/2bfd20973994a2ba4876103e95eba243
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: MRS52-P2
x-amz-cf-id: mCbgRrva4l_EPRRHkUY3nAk8b052eqa0wgN1Z8UucYoTzD83yAHZKQ==
via: 1.1 ee464261ee466fae8314a91098b35372.cloudfront.net (CloudFront)

POST
H/1.1 200
OK etag Show response
tagdataxrt.com/ 0
537 B 16ms
15ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 11 Aug 2021 12:22:09 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ Frame 0
0 15ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=8986ccc2-2e26-47a9-9229-e20b23e914d5
Protocol: HTTP/1.1
Server: 37.48.68.71 Den Helder, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://tgfunnls.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 11 Aug 2021 12:22:09 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://tgfunnls.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 11ms
10ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=3&vn=7.0&r=0.9925413656047857&u=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 572 B
397 B 10ms
10ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=449005&settings_type=1&vn=7.0&r=0.15302167823280133
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWpxdWVyeQ==/tag-a511eb58bc7ee0b0cbc6906497418127.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 31042bafbba3ee3bae8f21d8d8744230a7c558630068c64e1e5ecb4721ab3910

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:22:09 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=229031874&t=pageview&_s=1&dl=https%3A%2F%2Ftgfunnls.org%2Fdly1st%2F%3Fhitid%3D%7BclickId%7D%26qze%3D7%26aff_sub%3D%7BcustomId1%7D%26aff_sub2%3D%7BcustomId2%7D&ul=en-us&de=UTF-8&dt=Daily%20Profit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=770290842.1628684527&tid=UA-192660002-1&_gid=642354007.1628684527&gtm=2wg891MSK8GMG&z=1146106061

Requested by

Host: tgfunnls.org
URL: https://tgfunnls.org/dly1st/?hitid={clickId}&qze=7&aff_sub={customId1}&aff_sub2={customId2}

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tgfunnls.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Aug 2021 20:58:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 55419
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 26ms
25ms Script
application/javascript 54.192.219.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2304105.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS