stfly.me Open in urlscan Pro
2606:4700:e0::ac40:6b08 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://stfly.me/e8RxAIfTJ
Submission: On November 03 via manual (November 3rd 2021, 8:44:47 pm UTC) from BR — Scanned from DE

Summary HTTP 61 Redirects Behaviour Indicators

Summary

This website contacted 22 IPs in 4 countries across 17 domains to perform 61 HTTP transactions. The main IP is 2606:4700:e0::ac40:6b08, located in United States and belongs to CLOUDFLARENET, US. The main domain is stfly.me.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 19th 2021. Valid for: a year.

This is the only time stfly.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	2606:4700:e0:... 2606:4700:e0::ac40:6b08	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
6	2606:4700:303... 2606:4700:3033::ac43:9993	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	139.45.197.238 139.45.197.238	9002 (RETN-AS) (RETN-AS)
1	142.91.159.136 142.91.159.136	7979 (SERVERS-COM) (SERVERS-COM)
3	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
3	139.45.197.237 139.45.197.237	9002 (RETN-AS) (RETN-AS)
5	139.45.197.239 139.45.197.239	9002 (RETN-AS) (RETN-AS)
2	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
4	2606:4700:303... 2606:4700:3034::6815:5a0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:211... 2600:9000:211e:7200:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
61	22

9 2606:4700:e0::ac40:6b08 (United States)

ASN13335 (CLOUDFLARENET, US)

stfly.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3033::ac43:9993 (United States)

ASN13335 (CLOUDFLARENET, US)

account.adstripe.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.197.238 (United Kingdom)

ASN9002 (RETN-AS, GB)

omchanseyr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.91.159.136 (Netherlands)

ASN7979 (SERVERS-COM, US)

gimpybedderump.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 139.45.197.237 (United Kingdom)

ASN9002 (RETN-AS, GB)

dozubatan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 139.45.197.239 (United Kingdom)

ASN9002 (RETN-AS, GB)

toglooman.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3034::6815:5a0 (United States)

ASN13335 (CLOUDFLARENET, US)

itsguider.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:7200:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ac5b63de87daa3661bfd32c23184efdf.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	stfly.me stfly.me	73 KB
8	googlesyndication.com ac5b63de87daa3661bfd32c23184efdf.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	23 KB
6	adstripe.net account.adstripe.net	90 KB
5	ampproject.org cdn.ampproject.org	103 KB
5	doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net	157 KB
5	toglooman.com toglooman.com	126 KB
4	itsguider.com itsguider.com	37 KB
3	google.com 1 redirects adservice.google.com www.google.com	2 KB
3	dozubatan.com dozubatan.com	25 KB
3	gstatic.com fonts.gstatic.com	87 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	10 KB
2	rtmark.net my.rtmark.net	1 KB
2	omchanseyr.com omchanseyr.com	24 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	google.de adservice.google.de	792 B
1	quantcount.com rules.quantcount.com	428 B
1	gimpybedderump.com gimpybedderump.com	1 KB
61	17

	Domain	Requested by
9	stfly.me	stfly.me
6	account.adstripe.net	stfly.me account.adstripe.net
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	toglooman.com	omchanseyr.com toglooman.com
4	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com itsguider.com
4	securepubads.g.doubleclick.net	itsguider.com securepubads.g.doubleclick.net
4	itsguider.com	account.adstripe.net itsguider.com
3	pagead2.googlesyndication.com	securepubads.g.doubleclick.net
3	dozubatan.com	omchanseyr.com dozubatan.com
3	fonts.gstatic.com	fonts.googleapis.com
2	www.google.com	1 redirects tpc.googlesyndication.com
2	my.rtmark.net	omchanseyr.com dozubatan.com
2	omchanseyr.com	stfly.me omchanseyr.com
2	fonts.googleapis.com	stfly.me securepubads.g.doubleclick.net
1	googleads.g.doubleclick.net	itsguider.com
1	pixel.quantserve.com	itsguider.com
1	ac5b63de87daa3661bfd32c23184efdf.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	rules.quantcount.com	secure.quantserve.com
1	secure.quantserve.com	itsguider.com
1	gimpybedderump.com	stfly.me
61	22

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-05-19` - `2022-05-18`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
omchanseyr.com R3	`2021-08-13` - `2021-11-11`	3 months	crt.sh
gimpybedderump.com R3	`2021-09-26` - `2021-12-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
dozubatan.com R3	`2021-10-09` - `2022-01-07`	3 months	crt.sh
toglooman.com R3	`2021-09-07` - `2021-12-06`	3 months	crt.sh
*.rtmark.net Sectigo RSA Domain Validation Secure Server CA	`2020-10-27` - `2021-11-26`	a year	crt.sh
*.itsguider.com R3	`2021-10-14` - `2022-01-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://stfly.me/e8RxAIfTJ
Frame ID: F1C50310BCCFA4A8A3D8FBEBF99CDA54
Requests: 23 HTTP requests in this frame

Frame: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=b63b5ff832d48e355ffc357b92eb7840&time=1635972283&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9lOFJ4QUlmVEo=&page_title=&meta_description=
Frame ID: F1F203233D4CD94B4C5548CC8B2A5583
Requests: 5 HTTP requests in this frame

Frame: https://itsguider.com/336_2.php
Frame ID: 45405B2B32DC244B84A69BBE9E8123A8
Requests: 28 HTTP requests in this frame

Frame: https://ac5b63de87daa3661bfd32c23184efdf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: 87E01A8EDC34C7BA14BDF768685D9C52
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 73E879483D9243776A6AF219989076E3
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 98D85683A03D37068496C71F1C679DFB
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

61
Requests

98 %
HTTPS

71 %
IPv6

17
Domains

22
Subdomains

22
IPs

4
Countries

763 kB
Transfer

2180 kB
Size

19
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 59

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

61 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request e8RxAIfTJ Show response
stfly.me/ 2 KB
2 KB 246ms
216ms Document
text/html 2606:4700:e0::ac40:6b08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/e8RxAIfTJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6b08 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aad4bdb9fe5ad4f61077ee431661272720c8644e3794c4a3ba0f8efd909ec06e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 03 Nov 2021 20:44:42 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dg7CzdUM%2BniMeLX1X3ZLDRj0WVXStXltnxsxtZfArsXJb5ZwUMdLEpJ3UQYqrMD40V5XjBb%2BmowuZznsWx2Lq4NYbaayGnrJt4%2BkDWMYsglicv2JDRsHpZt6WJ2KS9%2BqkkMqYTTMsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6a88712dbe3f4e20-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 13 KB
2 KB 44ms
17ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Requested by

Host: stfly.me
URL: https://stfly.me/e8RxAIfTJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

66219bc99ac30a346552ced8a3a2739c915b441219cfd9cf3dbef943cf7ca7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 19:00:41 GMT
server: ESF
date: Wed, 03 Nov 2021 20:44:42 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Wed, 03 Nov 2021 20:44:42 GMT

GET
H2 200 bootstrap.min.css
stfly.me/customfiles/ 108 KB
18 KB 25ms
23ms Stylesheet
text/css 2606:4700:e0::ac40:6b08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/bootstrap.min.css

Requested by

Host: stfly.me
URL: https://stfly.me/e8RxAIfTJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6b08 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83521aad7c96625246ef4168f1d84d12b0652e8eb61ad0875066fee1fa797daf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/e8RxAIfTJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1216090
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1ae1b-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YPqSFQ9FAJl%2FDmAR1euuByt9yUnZjfMui2XTJ9s%2FSxHhC%2BN097P1LALTJy3cB%2Bev%2B32SRlvwvFNKggyx6Xsleka6Z51fkssIfhpzRX9PiyeuIw1GapAJ3b9IYl8BjaCM5UBkxDNnNA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6a88712f699c4e20-FRA
expires: Fri, 19 Nov 2021 18:56:32 GMT

GET
H2 200 main.css
stfly.me/customfiles/ 24 KB
6 KB 22ms
20ms Stylesheet
text/css 2606:4700:e0::ac40:6b08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/main.css

Requested by

Host: stfly.me
URL: https://stfly.me/e8RxAIfTJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6b08 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89e38ae45e4ab6870530ad77bc793c32dcb03a600156b9930ffe3104f6702b25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/e8RxAIfTJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1216090
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"61d1-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X6D0b%2BHvl4p6Jqe%2B0WmvasZKAHabdIhE%2BSh4Y%2F47hcr3nzx8UplN%2Bo%2Bx45%2BsueZRfsVrtl9GDLMkrRlI3jen%2Fvvb%2BR8EJB2RdxE%2B2HdsFi1WX1KDIIMqiHkzpfLdUdiUrEvW1fLHaw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6a88712f699d4e20-FRA
expires: Fri, 19 Nov 2021 18:56:32 GMT

GET
H2 200 custom.css
stfly.me/customfiles/ 47 KB
19 KB 22ms
21ms Stylesheet
text/css 2606:4700:e0::ac40:6b08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/custom.css

Requested by

Host: stfly.me
URL: https://stfly.me/e8RxAIfTJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6b08 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b62d3ff7ec9f5543b6d6a2429170ed375b550d869b90d9886464143cd89b83ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/e8RxAIfTJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1216090
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"bddd-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T4Z70bHZsOmgzCxHPiVkso9UWgsaUZqItSxr4LwRg%2F1G%2F0p2k%2FZ96c%2Br2i7Vy5adG7Vu7ICm8VTGu3zu1bGKd%2FfGv217ao6dBU9iwESuIWN5eoglZLU3%2BhQ%2BUJRAXjPOSmsbNxGUZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6a88712f699f4e20-FRA
expires: Fri, 19 Nov 2021 18:56:32 GMT

GET
H2 200 invisible.js Show response
stfly.me/cdn-cgi/challenge-platform/h/b/scripts/ 39 KB
15 KB 114ms
111ms Script
text/javascript 2606:4700:e0::ac40:6b08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stfly.me/cdn-cgi/challenge-platform/h/b/scripts/invisible.js
Requested by: Host: stfly.me
URL: https://stfly.me/e8RxAIfTJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6b08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d12c2fbc3da764603fd7bd8999f19193cac6eca9aa9dd8a0e3430e6c77dd7b5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/e8RxAIfTJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:42 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3rttV%2BuGZquvLp8SYEA6PCcucBq7wZqhtaAWSYOJxBCVhW4zeFlg9liwKTHpLfF9eFtEcb%2Ffi%2F8paabdU%2FKFxRGfPtZzQbeI1i8KsJ606ljw%2FA9e%2BAHrEw1bYUfraHtrj9R8GSY68w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6a88712f69a24e20-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 items.php Show response
account.adstripe.net/display/ 62 KB
12 KB 276ms
239ms Script
application/javascript 2606:4700:3033::ac43:9993
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/display/items.php?21&1&336&280&1&0&0
Requested by: Host: stfly.me
URL: https://stfly.me/e8RxAIfTJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:9993 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad5db13ec7a29ca11ac97f89764ee279178a31d7da4718c314f46d5f0b9489a7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
pragma: no-cache
last-modified: Wed, 03 Nov 2021 20:44:43 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2cDY9Yy9ShLot%2FUZQIPCti5ZmU0WLjSh4M5XMrooC%2FbUvsKmo9hHWAE5mGL9RtFdkJ5vtNenm6yk11DC5MYFYSWqNxayuUhyK5KUYwQ8iKeJVQ8zV0mvGDDomXiQ9jEQASoNQJx0S87vS73NoJlbNljfAg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 6a88712fab41d721-FRA
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 apu.php Show response
omchanseyr.com/ 55 KB
22 KB 68ms
25ms Script
application/javascript 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://omchanseyr.com/apu.php?zoneid=3381289

Requested by

Host: stfly.me
URL: https://stfly.me/e8RxAIfTJ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e7aac291a5a3bb5d10f5054ec669d3df209fa697748fd432d5f6b59df63af7d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-max-age: 86400
x-trace-id: caa2372931471d392eb12bbfb2aa863f
pragma: no-cache
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://lukomol.com>; rel="preconnect dns-prefetch"
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H/1.1 200
OK 30732 Show response
gimpybedderump.com/1clkn/ 0
1 KB 84ms
23ms Script
application/javascript 142.91.159.136
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://gimpybedderump.com/1clkn/30732

Requested by

Host: stfly.me
URL: https://stfly.me/e8RxAIfTJ

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

142.91.159.136 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Wed, 03 Nov 2021 20:44:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=1
Keep-Alive: timeout=20

GET
H2 200 rocket-loader.min.js Show response
stfly.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 26ms
23ms Script
application/javascript 2606:4700:e0::ac40:6b08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: stfly.me
URL: https://stfly.me/e8RxAIfTJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6b08 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/e8RxAIfTJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 11:22:36 GMT
server: cloudflare
etag: W/"61811f7c-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8OwQyyKRi5%2F%2BGE342A7RKgr%2B0FzRwjQJdgvNrpo86pkqad35MkTLY4P9gbVImLVcPyU2UNoRyBSQYNrE3S8LiF62i50byNPffzFxslQzmFOh%2ByMV6UREo4SFE6KWg6njTzEiAmlUVw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a88712f69a34e20-FRA
vary: Accept-Encoding
expires: Fri, 05 Nov 2021 20:44:42 GMT

GET
H2 200 modernizr.min.js Show response
stfly.me/customfiles/ 1 KB
1 KB 15ms
13ms Script
application/javascript 2606:4700:e0::ac40:6b08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/modernizr.min.js

Requested by

Host: stfly.me
URL: https://stfly.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6b08 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

147b08aa6afaa0b704ebedb56d0b146a7e33600a971e5d20773b3371db70be11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/e8RxAIfTJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 764744
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5f6-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CNKhod0U4w8Imm6wymcL1BiFxfltSsbIfrIQJlbdcCF%2B3QoeI5UpTQopckGcD4snSkJWLixbs9dMpLdDyTvw5l2qdPu1tIThGhq81lbv9FNXA%2BJpBLFwW6FhdzBnDLoKe7PT%2F8srZw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2592000
cf-ray: 6a88712fba134e20-FRA
expires: Thu, 25 Nov 2021 00:18:58 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 44 KB
44 KB 28ms
6ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://stfly.me
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 16:21:35 GMT
x-content-type-options: nosniff
age: 534187
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:30:43 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 28 Oct 2022 16:21:35 GMT

GET
H2 200 4495548 Show response
dozubatan.com/400/ 65 KB
25 KB 59ms
25ms Script
application/javascript 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://dozubatan.com/400/4495548

Requested by

Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

9290e88ca56b0dd834f1792cd09802c69166658412ee53910f47271df02c5f20

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-trace-id: 736401b2f76491147a6ceea1fbabf7aa
pragma: no-cache
date: Wed, 03 Nov 2021 20:44:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Origin
content-type: application/javascript
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
strict-transport-security: max-age=1
timing-allow-origin: *
expires: Wed, 31 Dec 1969 19:00:00 EST

GET
H2 200 1 Show response
toglooman.com/ 6 KB
4 KB 47ms
12ms Script
text/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/1?z=3968308
Requested by: Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 2d350c47e40996136f421dc97bbb0a64e4c8242c0fe14d6e30584c33f694d87a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Nov 2021 20:44:42 GMT
content-encoding: gzip
x-sc: OMPKI_zP7DRGg734CbniUyH_ScEKWyJBHNzOkBq9I5BVOIoPy4WUuDUbAj2kCsQVRWfOyimgvS3kWCKPFHAIVZIEABc=
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/javascript
access-control-allow-origin
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
539 B 49ms
13ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?userId=ebb0f70223134573a35eeb72fea88dd8

Requested by

Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d868f45fe97419a33225aa4036a3021bdadb37da51eee95c3ee9ef0449ccb436

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:42 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://stfly.me
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 pica.js
stfly.me/cdn-cgi/challenge-platform/h/b/scripts/ 25 KB
9 KB 16ms
16ms Other
text/javascript 2606:4700:e0::ac40:6b08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stfly.me/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Requested by: Host: stfly.me
URL: https://stfly.me/e8RxAIfTJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6b08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f38563d0ebe6ee8f3062ec5e8b75ea5cc6beb839951701ef2690268bcbaea8a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/e8RxAIfTJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:42 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1JEM6cdOvKBj0m6i4JCj6BXlBunEse2X8IaNRSDpmZrKT1rMaggaT2UNzXcj5uWrLVC%2BFPXI2D1hv52p52H2j5aDZ32XbsLDQczDa0RQDiE2eSb65FT8Legh4FaGkK9B522X%2Bm%2B9wA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6a8871302af34e20-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 f42d5f543e173540f12b4b2a0915dcdc Show response
toglooman.com/27/ 372 KB
122 KB 14ms
14ms Script
application/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://toglooman.com/27/f42d5f543e173540f12b4b2a0915dcdc

Requested by

Host: toglooman.com
URL: https://toglooman.com/1?z=3968308

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

fdf4726321914d65ac988b2a5c33e048421c8369fa40d987321c1a602f798b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 03 Nov 2021 06:47:50 GMT
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin
cache-control: max-age:290304000, public
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Wed, 03 Dec 2081 06:47:50 GMT

GET
H2 200 38 Show response
toglooman.com/42/ 0
495 B 37ms
37ms Script
text/plain 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/42/38?z=3968308
Requested by: Host: toglooman.com
URL: https://toglooman.com/1?z=3968308
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Nov 2021 20:44:42 GMT
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
content-length: 0
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 / Show response
omchanseyr.com/ 2 KB
2 KB 15ms
15ms Fetch
application/json 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://omchanseyr.com/?rb=5zrZYZfx0gWDjRHQm9h4B0WGB6vuEKl2CaqLM834k1XpP3i7nLohHQy1JR2KqHhuG9nCFsKXT7a_qvEf5fp8cUIEr7E1x8J6etnnETvSS4-VM5E5vg674qP0XN6lgOGeCq7hqSaJkuVNi_7-hcsaZwd3dh-xW-8DyUtZj1w2TF6ankbvNmArnkroE-07kkgRTPf2ArPQm1dT3FzbIWE3ZvqZ2VUD65TJofLFx67U0NfM7Fy7iLRre2mC7ELYcLVFb3nYAM4G4ef0LgWE&zoneid=3381289&request_ab2=0&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=0&pl=https%3A%2F%2Fstfly.me%2Fe8RxAIfTJ&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=2&bs=5ae55222-ad72-4e24-bffc-a4e5c8d8a22e&userId=ebb0f70223134573a35eeb72fea88dd8&m=link

Requested by

Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

cecee6511546cf1231b8527d71c1f44a1ab6d599527389a50eb68cdf562f188c

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-max-age: 86400
x-trace-id: d649b3d1c932d494252ab87d0df8e429
pragma: no-cache
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://stfly.me
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST
H2 200 9 Show response
toglooman.com/ 7 B
541 B 14ms
14ms XHR
application/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/9?z=3968308&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=https%3A%2F%2Fstfly.me%2Fe8RxAIfTJ&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=0&sah=1200&drf=&hil=1&ist=0
Requested by: Host: toglooman.com
URL: https://toglooman.com/27/f42d5f543e173540f12b4b2a0915dcdc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Request headers

Referer: https://stfly.me/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Wed, 03 Nov 2021 20:44:43 GMT
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin: https://stfly.me
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
content-length: 7
expires: Mon, 26 Jul 1997 05:00:00 GMT

OPTIONS
H2 204 9
toglooman.com/ Frame 0
0 38ms
12ms Preflight 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/9?z=3968308&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=https%3A%2F%2Fstfly.me%2Fe8RxAIfTJ&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=0&sah=1200&drf=&hil=1&ist=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://stfly.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Wed, 03 Nov 2021 20:44:43 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://stfly.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 index.php Show response
account.adstripe.net/display/ Frame F1F2 7 KB
2 KB 218ms
218ms Document
text/html 2606:4700:3033::ac43:9993
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=b63b5ff832d48e355ffc357b92eb7840&time=1635972283&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9lOFJ4QUlmVEo=&page_title=&meta_description=
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/items.php?21&1&336&280&1&0&0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:9993 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba6d411ac427d578cae82c2a6628aa73aa9fa40f35dc06ef13d084b98b1d0e42

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/

Response headers

date: Wed, 03 Nov 2021 20:44:43 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MZxe%2Bk%2Bk6jFCRbo5ovr7UpOIdAIxwEvtQbN8ykBREbn7%2BWBNf5yftFLf9NYJB2yEgs%2F504U%2BKSXno4nDBQPfdpkC63X2Tqs5jHkt%2BB%2BFQ5aoNd9A3nYqwbvtrGw4ZOnE5j8%2F9RFkjOveBqbEsuLmcr9iCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6a8871313dd8d721-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
539 B 14ms
14ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: dozubatan.com
URL: https://dozubatan.com/400/4495548

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d868f45fe97419a33225aa4036a3021bdadb37da51eee95c3ee9ef0449ccb436

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:43 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://stfly.me
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 204 4495548 Show response
dozubatan.com/500/ 0
439 B 30ms
30ms XHR
text/plain 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://dozubatan.com/500/4495548?excludes=&oaid=ebb0f70223134573a35eeb72fea88dd8&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=1&pl=https%3A%2F%2Fstfly.me%2Fe8RxAIfTJ&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

Requested by

Host: dozubatan.com
URL: https://dozubatan.com/400/4495548

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://stfly.me/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: dce14061b11beb242df32c8dd8d4f93d
pragma: no-cache
date: Wed, 03 Nov 2021 20:44:43 GMT
x-content-type-options: nosniff
server: nginx
vary: Origin
access-control-allow-origin: https://stfly.me
access-control-expose-headers: Link
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=1
timing-allow-origin: *
expires: Wed, 31 Dec 1969 19:00:00 EST

OPTIONS
H2 200 4495548
dozubatan.com/500/ Frame 0
0 39ms
13ms Preflight 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://stfly.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Wed, 03 Nov 2021 20:44:43 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET
access-control-allow-origin: https://stfly.me
access-control-max-age: 300
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *

GET
H2 200 jquery.min.js Show response
account.adstripe.net/display/js/ Frame F1F2 243 KB
74 KB 30ms
30ms Script
application/javascript 2606:4700:3033::ac43:9993
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/display/js/jquery.min.js
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=b63b5ff832d48e355ffc357b92eb7840&time=1635972283&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9lOFJ4QUlmVEo=&page_title=&meta_description=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:9993 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0047f2b4e58d50cd286045db5a9a694d843c551e96e92f7bcd10bf2e111149f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=b63b5ff832d48e355ffc357b92eb7840&time=1635972283&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9lOFJ4QUlmVEo=&page_title=&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 17 Apr 2021 10:55:55 GMT
server: cloudflare
age: 4192
etag: W/"3cd47-5c028f0d0e4c0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SD%2FUYU3NzqdIUHduEszHlhqx8VnypoWxXL9pQQ4kTyumpCLbZEvoJkKtActRauFCwpg2NCu5iZi%2FjoC3JS8rGwMjeXIq4eADmLrFtGm9UzT17piG4Xo%2B1bpRI6ryXW1dVZsqD2JZvQ1GwU25%2BdurRvrFvg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6a887132c82ed721-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 data.png
account.adstripe.net/images/ Frame F1F2 931 B
1 KB 15ms
15ms Image
image/png 2606:4700:3033::ac43:9993
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://account.adstripe.net/images/data.png
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=b63b5ff832d48e355ffc357b92eb7840&time=1635972283&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9lOFJ4QUlmVEo=&page_title=&meta_description=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:9993 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f65dd0ed5ab0097e2cb276b346ccfaddb2a9134c9278af39c6a24cd821fce06f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=b63b5ff832d48e355ffc357b92eb7840&time=1635972283&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9lOFJ4QUlmVEo=&page_title=&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5161
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 931
last-modified: Sat, 17 Apr 2021 10:55:55 GMT
server: cloudflare
etag: "3a3-5c028f0d0e4c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7uA3tRGdA%2BsiNZATg%2BisvE2YIwDuduqdnDnsMo1duRqSyIVitrhIUTmI2DTpfMPgERKMwYQP38o59YS1t%2B7npy0EQAIU8ZDUS5%2BwzUd9DIu%2BpMrRJEMilIhE%2F%2BmTIMUaCBO%2B%2Bic17t7ruiUcTjAU7sznFA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6a887132c82fd721-FRA

GET
H2 200 1-icon-1635666360.png
account.adstripe.net/upload/credit/ Frame F1F2 546 B
886 B 19ms
19ms Image
image/png 2606:4700:3033::ac43:9993
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://account.adstripe.net/upload/credit/1-icon-1635666360.png
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=b63b5ff832d48e355ffc357b92eb7840&time=1635972283&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9lOFJ4QUlmVEo=&page_title=&meta_description=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:9993 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85821da273b7d5dc51f8c9ff01bb46fa3461f36aef2977a6c74aa66cc2bd503e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=b63b5ff832d48e355ffc357b92eb7840&time=1635972283&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9lOFJ4QUlmVEo=&page_title=&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2933
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 546
last-modified: Sun, 31 Oct 2021 07:46:00 GMT
server: cloudflare
etag: "222-5cfa1406a0ef7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4zqquV62XPVLY0yE7iY4h4yTfokwS3wK0kTw4rxVed0qn%2Fh%2FDksX3xCLoDTWWnOTFDXdQ2wdbdW72OgxjdNyFYIc45vk6BPYkCfw7YaRrMBCBQgNBuyZQ%2B9s3grOSU20rZ9NPUhLS0NkfBGMMrgwkQA3DA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6a887132d84ed721-FRA

GET
H2 200 336_2.php Show response
itsguider.com/ Frame 4540 14 KB
6 KB 375ms
347ms Document
text/html 2606:4700:3034::6815:5a0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/336_2.php
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=b63b5ff832d48e355ffc357b92eb7840&time=1635972283&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9lOFJ4QUlmVEo=&page_title=&meta_description=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5a0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ad3035e95eba16d51915ff02a80dd5233d8a3ec5f756446bc48df87fd26ff63

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/

Response headers

date: Wed, 03 Nov 2021 20:44:43 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate, no-cache, no-store
display: orig_site_sol
expires: Tue, 02 Nov 2021 20:44:43 GMT
pagespeed: off
response: 200
vary: Accept-Encoding Accept-Encoding,User-Agent
x-ezoic-cdn: Miss
x-middleton-display: orig_site_sol
x-middleton-response: 200
x-origin-cache-control: max-age=0
x-sol: orig
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8NOXudoWTcXU%2BZ15Dl5qJZq8nHnUHR8sr9ytew0q9vwIYjY%2F5VsNDsLwmU06YTvqMy9sTGdO%2BWS23B3j5YPdcmYL2tYHum2VgFrgXQqBEj90Ix1taqmIGMScrh1pFs0qqdDwhhQUXxF7Q%2BNN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6a8871334cdd6963-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 index.php Show response
account.adstripe.net/track/ Frame F1F2 131 B
396 B 203ms
202ms Script
application/javascript 2606:4700:3033::ac43:9993
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/track/index.php?page=click/data/0|2|2|1|21|1|2|2|0|2|0.00055|0.00055|0|0/6986cdb27ae181a573df376141040c86/1635972293/DE/
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=b63b5ff832d48e355ffc357b92eb7840&time=1635972283&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9lOFJ4QUlmVEo=&page_title=&meta_description=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:9993 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df13b2bb492cfe24e54a5fbdda0b434e5071be93b12683ab32ddc4318bc44a63

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=b63b5ff832d48e355ffc357b92eb7840&time=1635972283&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9lOFJ4QUlmVEo=&page_title=&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ABHUDEjqYblKx3DDHHqOjWZe7vSq9eiiAlOLvSUupguRSxcbrzmjeWtNGKsLNJ0XjRK6aeNca5avizUvJ2PG9WVdlmE9kD4I8788BYVEGCOK8gQLrj4qSSRKHxePjIyQH040jQDLNqnWd4g9GWYWu0l9xg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 6a88713328d8d721-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 4540 80 KB
27 KB 43ms
20ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: itsguider.com
URL: https://itsguider.com/336_2.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

f4e33fc97b4ed0d5d6503c6beb43addf217106051a2c192d4c6f15a4d1da5915

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1033 / 43 of 1000 / last-modified: 1635937517"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27301
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 03 Nov 2021 20:44:43 GMT

GET
H2 200 cmbv2.js Show response
itsguider.com/detroitchicago/ Frame 4540 67 KB
20 KB 17ms
16ms Script
application/javascript 2606:4700:3034::6815:5a0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx51&abt=AIPlaceholderDesktop
Requested by: Host: itsguider.com
URL: https://itsguider.com/336_2.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5a0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ca15f168e388dc627f6d9bb84db4bc565ddfca407b4fb24031d887d956ea37b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/336_2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1742084
cf-polished: origSize=68973
cf-ray: 6a887135eb396963-FRA
x-middleton-display: sol-js
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 14 Oct 2021 16:49:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fvjYhbAsJZJhPFyf%2FL4HChqSn3tlkBukk3yQnJ4n0bDYFWsxcR4q9%2BZlZ94vqoOpG0fmbOCjxIkXaDo4ks1ihtXn1iojyVk5IDGd0TF7IAy24i9YKAT%2Bjp2IvtzpoqIwlDYFw%2F3RuhfG1w%2BB"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-bgj: minify

GET
H2 200 imp.gif Show response
itsguider.com/detroitchicago/ Frame 4540 43 B
411 B 26ms
26ms XHR
image/gif 2606:4700:3034::6815:5a0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A0%2C%22ad_lazyload_version%22%3A0%2C%22ad_load_version%22%3A0%2C%22city%22%3A%22%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22domain_id%22%3A297268%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A7%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A0%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22metro_code%22%3A0%2C%22page_ad_positions%22%3A%22%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%22929378e5-c559-411d-70d5-86f5c60b56e0%22%2C%22position_selection_id%22%3A0%2C%22postal_code%22%3A%22%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A670%2C%22response_time_orig%22%3A276%2C%22serverid%22%3A%2218.185.172.66%3A14701%22%2C%22state%22%3A%22%22%2C%22t_epoch%22%3A1635972283%2C%22template_id%22%3A120%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fitsguider.com%2F336_2.php%22%2C%22user_id%22%3A0%2C%22weather_precipitation%22%3A0%2C%22weather_summary%22%3A%22%22%2C%22weather_temperature%22%3A0%2C%22word_count%22%3A0%2C%22worst_bad_word_level%22%3A0%7D&ez_orig=1
Requested by: Host: itsguider.com
URL: https://itsguider.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx51&abt=AIPlaceholderDesktop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5a0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/336_2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:43 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PHDEdmqqyX0YgLApwr12U57T56rcSpH4%2FrDEBV2tzTQnLet3SyTate5oBtzaKVgabQbdZ%2BvKE%2FpSTjRzHKCOUe3cp%2BQk2vFGaG6gcqdKYXEJpHz59UJ2iIJH7hvOpLSrm3LKYKrEssqoUuo9"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-middleton-display: imp_sol
cache-control: no-cache, no-store, must-revalidate, max-age=0
accept-ranges: bytes
cf-ray: 6a8871361b9f6963-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43

GET
H2 200 quant.js Show response
secure.quantserve.com/ Frame 4540 24 KB
10 KB 51ms
12ms Script
application/javascript 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: itsguider.com
URL: https://itsguider.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx51&abt=AIPlaceholderDesktop
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 1e823139c936c952f54399a49096579a951e55baab2d0949e2f307163aac68a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:43 GMT
content-encoding: gzip
etag: "A9gdT3Vacr8A76JEThCwlA=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Wed, 10 Nov 2021 20:44:43 GMT

GET
H2 200 cmbdv2.js Show response
itsguider.com/detroitchicago/ Frame 4540 44 KB
11 KB 19ms
19ms Script
application/javascript 2606:4700:3034::6815:5a0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/detroitchicago/cmbdv2.js?gcb=195-0&cb=03-5y0c-5y18-4&cmbcb=20&sj=x03x0cx18&abt=AIPlaceholderDesktop
Requested by: Host: itsguider.com
URL: https://itsguider.com/336_2.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5a0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7cfd2088a61598a1c9d6e718acbdfd95ee7fe3d8dbb9a90bdc28fc69441662c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/336_2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1742084
cf-polished: origSize=44604
cf-ray: 6a8871361ba16963-FRA
x-middleton-display: sol-js
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 14 Oct 2021 16:49:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xw3JF8EFLCIDx3or%2FPuF9DbVvcEX3NXjHApejnyLb%2FUnG5b%2Faz%2FoY%2BKjcU3cHCrepezwaoFLjge27%2BZcdahQGuMgb2xqb8ZkCqQFSTpfbTyr%2Bq1BiLjTDtiBGdkjiOEi5xL0tRkVuyKpRHzg"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-bgj: minify

GET
H2 200 pubads_impl_2021102801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 4540 350 KB
118 KB 17ms
16ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

d5b83174b14c8fb07a6cfc17abbc860e726a23b84f724c468049c73e1e8d7cba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120786
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 08:34:36 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 03 Nov 2021 20:44:43 GMT

GET
H2 200 rules-p-31iz6hfFutd16.js Show response
rules.quantcount.com/ Frame 4540 3 B
428 B 46ms
7ms Script
application/javascript 2600:9000:211e:7200:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:7200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 02:37:58 GMT
via: 1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
age: 65206
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 19:50:24 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA56-C2
accept-ranges: bytes
x-amz-cf-id: nxnLjBZWPToBy2hO7LE2LTfnCSsmlnPCR91QsAV6P0L30gtdYbtiMg==

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 4540 107 B
792 B 81ms
19ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=itsguider.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Nov 2021 20:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 4540 107 B
549 B 51ms
16ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=itsguider.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Nov 2021 20:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4540 49 KB
11 KB 348ms
347ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1477775049134826&correlator=1484469933779386&output=ldjh&impl=fifs&eid=31063213%2C31063334%2C31063223%2C31063138%2C31063183%2C31063247&vrg=2021102801&ptt=17&sc=1&sfv=1-0-38&ecs=20211103&iu_parts=360613911%2Citsguider.com_RedMas2021&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&cdm=itsguider.com&bc=31&abxe=1&lmt=1635972283&dt=1635972283901&dlt=1635972283749&idt=129&ea=0&frm=8&biw=-12245933&bih=-12245933&isw=336&ish=280&oid=2&adxs=0&adys=0&adks=1993164460&ucis=wvmojo3yzypq&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=https%3A%2F%2Fitsguider.com%2F336_2.php&ref=https%3A%2F%2Faccount.adstripe.net%2F&top=https%3A%2F%2Faccount.adstripe.net%2F&vis=1&dmc=8&scr_x=-12245933&scr_y=-12245933&psz=336x280&msz=336x280&ga_vid=1554229469.1635972284&ga_sid=1635972284&ga_hid=673470680&ga_fc=false&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

b184ada6d4a55ff1a9f59bc27aed02f171a0091bad8e228b6831bdb32320e086

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11496
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://itsguider.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
ac5b63de87daa3661bfd32c23184efdf.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 87E0 6 KB
4 KB 76ms
14ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ac5b63de87daa3661bfd32c23184efdf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 03 Nov 2021 20:44:44 GMT
expires: Thu, 03 Nov 2022 20:44:44 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pixel;r=1834782935;labels=Domain.itsguider_com%2CDomainId.297268;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fitsguider.com%2F336_2.php;ref=https%3A%2F%2Faccount.adstripe.net%2F;uht=2;fpan=1;fpa=P0-209...
pixel.quantserve.com/ Frame 4540 35 B
371 B 21ms
12ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1834782935;labels=Domain.itsguider_com%2CDomainId.297268;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fitsguider.com%2F336_2.php;ref=https%3A%2F%2Faccount.adstripe.net%2F;uht=2;fpan=1;fpa=P0-2099677565-1635972283919;pbc=;ns=1;ce=1;qjs=1;qv=849e8a8d-20211101195550;cm=;gdpr=0;d=itsguider.com;je=0;sr=1600x1200x24;dst=0;et=1635972283919;tzo=0;ogl=

Requested by

Host: itsguider.com
URL: https://itsguider.com/336_2.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Nov 2021 20:44:44 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4540 12 KB
10 KB 44ms
22ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021102801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0a9e4c5ffd0a2de17af61efc1538b690d1c566de4f4d8a70379060164b71be28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Nov 2021 20:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9320
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4540 17 KB
7 KB 55ms
19ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 20:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 03 Nov 2021 20:44:44 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 73E8 0
0 308ms
6ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Wed, 03 Nov 2021 19:22:05 GMT
expires: Thu, 03 Nov 2022 19:22:05 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4959
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 98D8 783 B
1 KB 41ms
18ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f7a7cfd640102650b8cf74cc4a24fb5d318c987cdf4bd690708dcd08c2e2d435

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5rUiMKfNf6Z3OP5M2dnFwQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 03 Nov 2021 20:44:44 GMT
date: Wed, 03 Nov 2021 20:44:44 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-5rUiMKfNf6Z3OP5M2dnFwQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 98D8 0
0 67ms
47ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021102801&jk=1477775049134826&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

POST
H2 200 result Show response
stfly.me/cdn-cgi/challenge-platform/h/b/cv/ 2 B
553 B 238ms
238ms XHR
text/plain 2606:4700:e0::ac40:6b08
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stfly.me/cdn-cgi/challenge-platform/h/b/cv/result?req_id=6a88712dbe3f4e20
Requested by: Host: stfly.me
URL: https://stfly.me/cdn-cgi/challenge-platform/h/b/scripts/invisible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6b08 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://stfly.me/e8RxAIfTJ
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 03 Nov 2021 20:44:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GNXaQ4AM0KIT%2FLYoHaoVexSB0mvkvfY8XOhsofJDbwGX7tPzcEVO4TC0qHzCy1H6sxC1kh0PF%2Bet368xRriI4Ha%2Fhtm4ryHTCak6OrB%2F0caTE%2B9Tlmmqzgkz7lMWo1JVns2IO1sTRA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain;charset=UTF-8
cf-ray: 6a88713aea964e20-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012110042008000/ Frame 4540 190 KB
55 KB 63ms
9ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012110042008000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be32eb2045a4d0a5eeb1fbe7a87ec822ba313b1f8c5f3faf2f31ee8235dd3486

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 171166
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55667
x-xss-protection: 0
server: sffe
date: Mon, 01 Nov 2021 21:11:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "11904075b70ba1a0"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 01 Nov 2022 21:11:58 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012110042008000/v0/ Frame 4540 13 KB
5 KB 73ms
19ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012110042008000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddd0010a6f9f8edd8b545aa47b63a3ace7f81621e62c8b2b9e5453e326946576

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 22524
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4996
x-xss-protection: 0
server: sffe
date: Wed, 03 Nov 2021 14:29:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "01e91d40c144b6bf"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 03 Nov 2022 14:29:20 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012110042008000/v0/ Frame 4540 89 KB
28 KB 74ms
21ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012110042008000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

77c0d53ad7a44dadf518e9960ec49dd00fa3859ecbaf646bb215d33e0b5f4658

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 22524
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28494
x-xss-protection: 0
server: sffe
date: Wed, 03 Nov 2021 14:29:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a5e24beaf7c9a504"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 03 Nov 2022 14:29:20 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012110042008000/v0/ Frame 4540 4 KB
2 KB 73ms
20ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012110042008000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b18e90729452c8796f604d2f022f8b1e259a28e648c8ce9b7e06dbab25ad3eb8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 22524
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1635
x-xss-protection: 0
server: sffe
date: Wed, 03 Nov 2021 14:29:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "dff2522b082c9ee5"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 03 Nov 2022 14:29:20 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012110042008000/v0/ Frame 4540 40 KB
13 KB 70ms
18ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012110042008000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06c0b9cd46f53c57c3ebc3531be56f50ca25c2bd7bb672eaa8b033c134957c6e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 22524
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12816
x-xss-protection: 0
server: sffe
date: Wed, 03 Nov 2021 14:29:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6a05f1a8ea5ea134"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 03 Nov 2022 14:29:20 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 4540 3 KB
676 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 19:14:18 GMT
server: ESF
date: Wed, 03 Nov 2021 20:44:44 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Wed, 03 Nov 2021 20:44:44 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 4540 2 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: itsguider.com
URL: https://itsguider.com/336_2.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Nov 2021 05:32:00 GMT
x-content-type-options: nosniff
server: cafe
age: 54764
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 04 Nov 2021 05:32:00 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 4540 295 B
537 B 6ms
6ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: itsguider.com
URL: https://itsguider.com/336_2.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 02 Nov 2021 23:42:59 GMT
x-content-type-options: nosniff
server: cafe
age: 75705
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 03 Nov 2021 23:42:59 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4540 0
0 51ms
50ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CBhc0vPSCYe84momAB8a9qfgL_u32nGWdydyhoA7wleClugIQASCIsZEfYJWCgIDAB6AB_9n5wwHIAQHgAgCoAwHIAwqqBNgBT9CWVrbDZUKFUEwUElZCvc_-GNMFb5oOWWTF5XaWjvt7fUFDgGNGEH-rss6kTGc6zXPSvcQFYfjBewoQiMVNDKMUxRU-75jlxv2xexfOf3uTjP22WdyAwRnqdMGBfUuPS7LDHTnpnPqWfe1gYwJ3vI6CFVei5UINL-ZCF0luRoV4j3BI0wAr77lbnRLw26nOVc-DmJW4C-vpwHvmbpvP4XyMdl7RjY15TUExKw-MinFdDZ4JJ4BXsNEp2SulqMECKkzCszzj8G0P34QK3PzUBR9xSr7nZS5DwAScuLWW2QPgBAGSBQQIBBgBkgUECAUYBIAH6aWGvAKoB_DZG6gH8tkbqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQsrsd0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi02MDUyMjQ4NTE4ODQ3NDQwgAoDyAsB2BMCiBQC0BUBmBYBgBcBshceChwIABIUcHViLTczNjM4MDkyMTkyNDQxMjIYv-If&sigh=j5GgTAUVNFc&uach_m=[UACH]&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by: Host: itsguider.com
URL: https://itsguider.com/336_2.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s07-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 4540 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7d6048dd804a6fe3845d0510cd8bb69e64009720cb95f8d940751cce31ccd5e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 4540 21 KB
21 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://itsguider.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 22:45:31 GMT
x-content-type-options: nosniff
age: 511153
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 28 Oct 2022 22:45:31 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 4540 21 KB
21 KB 10ms
9ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://itsguider.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 22:11:08 GMT
x-content-type-options: nosniff
age: 513216
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 28 Oct 2022 22:11:08 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 4540
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

107ms
59ms

Image
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: itsguider.com
URL: https://itsguider.com/336_2.php
Protocol: H2
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Redirect headers

date: Wed, 03 Nov 2021 20:44:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 4540 42 B
176 B 43ms
43ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst0wNtalFnom_bol1XlcTHjKGNL1n_3alJnlHb5MlrsOc2v1vPg7k8VoGAZiWAmJAk-aehoXwK-69pkDgIGD1UrUWltVcFjBR6bpXjObdZh3XM4uT1JuA&sai=AMfl-YQrTdwmAV278pyLpYTG5Bgn5cWMUnwGmQ9H9oDH6_h77q9NBQOGaVvGSHGnhNCbq2s2eXHQGK5MvYHW&sig=Cg0ArKJSzP3r2A_3yChUEAE&id=ampim&o=0,281&d=336,280&ss=1600,1200&bs=336,280&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=78&tls=1078&g=100&h=100&tt=1078&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=1993164460

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Nov 2021 20:44:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

63 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
toglooman.com/42	1970-01-20 07:11:48	Name: OAID Value: 092cf59dc0cd4dbca779f838122791c6
toglooman.com/42	1970-01-20 07:11:48	Name: oaidts Value: 1635972282
omchanseyr.com/	1970-01-20 07:11:48	Name: OAID Value: ebb0f70223134573a35eeb72fea88dd8
omchanseyr.com/	1970-01-20 07:11:48	Name: oaidts Value: 1635972282
gimpybedderump.com/	1970-01-19 22:27:38	Name: GL_UI4 Value: eJw9jVtOwzAURPMOVUnESFkAS0jBrcgnYhF8Rtf2JTVN7Moxjdg9FhJ8zdE8NEmSZF2L9FblyL%2FoiMdBMUslSL88kyQpB6FF%2FzRIoRUJPp2wM%2BsYSM4cCtxPbNkbNSqnucFDjP6ci3WbLVBKT1Y3KJfYmBvU0rttZd%2FlKCwtjOrt7F3UcqFP55ENx4jGRkx7ZG7t8naH%2Bt1YHXftHtmhb5sqwf46U%2FhwfhmNrlKUkyfNSF9xpyjw5Pw3as3rJbgr4GY9%2Fvd%2Fb%2FPt0KPSfDMqfrtwZv8Da3NLtQ%3D%3D
gimpybedderump.com/	1970-01-19 22:27:38	Name: GL_GI10 Value: eJw9jN0KgkAQhf0JS0pjqAfwCQQzwq4r7K5HWExHWciZZd0iffqyoqtzzsfHsSzLWYfgSAVhku7izTaNk30WZym4DTI4xxMsSr6T0b2gokWY5qjbgnrwNDaSKYD5t4iSK7T%2Ba5QDmJTS9AH4Y%2FwEV3YKVmc0A6GOLnSThFHeXs%2FgExrRKcQK%2FANrxbowCOGffg48F2ayE0rzs%2FdsWBrZ4sCEguu6Q%2FNG9sNzXoXUQBc%3D
toglooman.com/	1970-01-20 07:11:48	Name: scm Value: 1
toglooman.com/	1970-01-20 07:11:48	Name: OAID Value: 092cf59dc0cd4dbca779f838122791c6
toglooman.com/	1970-01-20 07:11:48	Name: oaidts Value: 1635972282
my.rtmark.net/	1970-01-20 07:11:48	Name: ID Value: ebb0f70223134573a35eeb72fea88dd8
stfly.me/	1970-01-19 22:26:12	Name: prefetchAd_3381289 Value: true
omchanseyr.com/	1970-01-19 22:36:17	Name: syncedCookie Value: true
dozubatan.com/	1970-01-20 07:11:48	Name: OAID Value: ebb0f70223134573a35eeb72fea88dd8
stfly.me/	1970-01-19 22:26:15	Name: _data_html Value: 2-1
.itsguider.com/	1970-01-20 07:11:48	Name: ezosuigeneris-0 Value: d3aa26606515ff3990360d5119b50e13
.quantserve.com/	1970-01-20 07:56:26	Name: mc Value: 6182f4bc-010bb-3ee60-dcabf
.doubleclick.net/	1970-01-20 07:47:48	Name: IDE Value: AHWqTUnmDyYv3J1fG5oS-pGs83cvij8K-aAIzD9ZGevT3mmhvxWDcAe_rcrg6tXKOlo
.stfly.me/	1970-01-19 22:26:14	Name: __cf_bm Value: 2lqFJrFB1bEAVnadSPpklg4QSXqgycNL7ea0d31cvZI-1635972284-0-AfRW7r8iVOWvT2WM0A9JTtLYRfDkHULuvW0NqxUJF1OZ6EzrZkZuLEQ9UNh3XPVY3KLKmIaUzAAaVGIvsreYd7XUUC6wOf4wp0pCqR5lChove3BtvE1qhrE8uumwDuHXJg==
.doubleclick.net/	1970-01-19 22:26:15	Name: DSID Value: NO_DATA

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
deprecation	warning	URL: https://stfly.me/cdn-cgi/challenge-platform/h/b/scripts/invisible.js Message: 'window.webkitStorageInfo' is deprecated. Please use 'navigator.webkitTemporaryStorage' or 'navigator.webkitPersistentStorage' instead.
other	warning	URL: https://cdn.ampproject.org/rtv/012110042008000/v0/amp-ad-exit-0.1.mjs(Line 2) Message: Unrecognized feature: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ac5b63de87daa3661bfd32c23184efdf.safeframe.googlesyndication.com
account.adstripe.net
adservice.google.com
adservice.google.de
cdn.ampproject.org
dozubatan.com
fonts.googleapis.com
fonts.gstatic.com
gimpybedderump.com
googleads.g.doubleclick.net
itsguider.com
my.rtmark.net
omchanseyr.com
pagead2.googlesyndication.com
pixel.quantserve.com
rules.quantcount.com
secure.quantserve.com
securepubads.g.doubleclick.net
stfly.me
toglooman.com
tpc.googlesyndication.com
www.google.com
139.45.195.8
139.45.197.237
139.45.197.238
139.45.197.239
142.250.186.130
142.91.159.136
2600:9000:211e:7200:6:44e3:f8c0:93a1
2606:4700:3033::ac43:9993
2606:4700:3034::6815:5a0
2606:4700:e0::ac40:6b08
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1450:4001:801::2001
2a00:1450:4001:803::2002
2a00:1450:4001:80e::2001
2a00:1450:4001:80f::2002
2a00:1450:4001:812::200a
2a00:1450:4001:813::2003
2a00:1450:4001:827::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2004
2a00:1450:4001:831::2001
0047f2b4e58d50cd286045db5a9a694d843c551e96e92f7bcd10bf2e111149f2
06c0b9cd46f53c57c3ebc3531be56f50ca25c2bd7bb672eaa8b033c134957c6e
0a9e4c5ffd0a2de17af61efc1538b690d1c566de4f4d8a70379060164b71be28
147b08aa6afaa0b704ebedb56d0b146a7e33600a971e5d20773b3371db70be11
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
1ca15f168e388dc627f6d9bb84db4bc565ddfca407b4fb24031d887d956ea37b
1e823139c936c952f54399a49096579a951e55baab2d0949e2f307163aac68a0
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2d350c47e40996136f421dc97bbb0a64e4c8242c0fe14d6e30584c33f694d87a
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3d12c2fbc3da764603fd7bd8999f19193cac6eca9aa9dd8a0e3430e6c77dd7b5
5ad3035e95eba16d51915ff02a80dd5233d8a3ec5f756446bc48df87fd26ff63
66219bc99ac30a346552ced8a3a2739c915b441219cfd9cf3dbef943cf7ca7bf
77c0d53ad7a44dadf518e9960ec49dd00fa3859ecbaf646bb215d33e0b5f4658
7d6048dd804a6fe3845d0510cd8bb69e64009720cb95f8d940751cce31ccd5e9
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
83521aad7c96625246ef4168f1d84d12b0652e8eb61ad0875066fee1fa797daf
85821da273b7d5dc51f8c9ff01bb46fa3461f36aef2977a6c74aa66cc2bd503e
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
89e38ae45e4ab6870530ad77bc793c32dcb03a600156b9930ffe3104f6702b25
8f38563d0ebe6ee8f3062ec5e8b75ea5cc6beb839951701ef2690268bcbaea8a
9290e88ca56b0dd834f1792cd09802c69166658412ee53910f47271df02c5f20
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aad4bdb9fe5ad4f61077ee431661272720c8644e3794c4a3ba0f8efd909ec06e
ad5db13ec7a29ca11ac97f89764ee279178a31d7da4718c314f46d5f0b9489a7
b184ada6d4a55ff1a9f59bc27aed02f171a0091bad8e228b6831bdb32320e086
b18e90729452c8796f604d2f022f8b1e259a28e648c8ce9b7e06dbab25ad3eb8
b62d3ff7ec9f5543b6d6a2429170ed375b550d869b90d9886464143cd89b83ef
b7cfd2088a61598a1c9d6e718acbdfd95ee7fe3d8dbb9a90bdc28fc69441662c
ba6d411ac427d578cae82c2a6628aa73aa9fa40f35dc06ef13d084b98b1d0e42
be32eb2045a4d0a5eeb1fbe7a87ec822ba313b1f8c5f3faf2f31ee8235dd3486
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cecee6511546cf1231b8527d71c1f44a1ab6d599527389a50eb68cdf562f188c
d5b83174b14c8fb07a6cfc17abbc860e726a23b84f724c468049c73e1e8d7cba
d868f45fe97419a33225aa4036a3021bdadb37da51eee95c3ee9ef0449ccb436
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
ddd0010a6f9f8edd8b545aa47b63a3ace7f81621e62c8b2b9e5453e326946576
df13b2bb492cfe24e54a5fbdda0b434e5071be93b12683ab32ddc4318bc44a63
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7aac291a5a3bb5d10f5054ec669d3df209fa697748fd432d5f6b59df63af7d1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4e33fc97b4ed0d5d6503c6beb43addf217106051a2c192d4c6f15a4d1da5915
f65dd0ed5ab0097e2cb276b346ccfaddb2a9134c9278af39c6a24cd821fce06f
f7a7cfd640102650b8cf74cc4a24fb5d318c987cdf4bd690708dcd08c2e2d435
fdf4726321914d65ac988b2a5c33e048421c8369fa40d987321c1a602f798b39

stfly.me Open in urlscan Pro 2606:4700:e0::ac40:6b08 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

61 Requests

98 %HTTPS

71 %IPv6

17 Domains

22 Subdomains

22 IPs

4 Countries

763 kBTransfer

2180 kBSize

19 Cookies

0 Outgoing links

Redirected requests

61 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

stfly.me Open in urlscan Pro
2606:4700:e0::ac40:6b08 Public Scan

Screenshot
Live screenshot

Full Image

61
Requests

98 %
HTTPS

71 %
IPv6

17
Domains

22
Subdomains

22
IPs

4
Countries

763 kB
Transfer

2180 kB
Size

19
Cookies

61 HTTP transactions
1 data transactions