www.fadeliry.pro Open in urlscan Pro
2606:4700:3035::6815:5f95 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.fadeliry.pro/
Submission: On November 13 via api (November 13th 2022, 9:46:14 am UTC) from US — Scanned from DE

Summary HTTP 163 Redirects Behaviour Indicators

Summary

This website contacted 33 IPs in 9 countries across 27 domains to perform 163 HTTP transactions. The main IP is 2606:4700:3035::6815:5f95, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.fadeliry.pro.
TLS certificate: Issued by E1 on November 12th 2022. Valid for: 3 months.

This is the only time www.fadeliry.pro was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	2606:4700:303... 2606:4700:3035::6815:5f95	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	65.9.66.103 65.9.66.103	16509 (AMAZON-02) (AMAZON-02)
6	52.214.5.219 52.214.5.219	16509 (AMAZON-02) (AMAZON-02)
2 2	3.225.125.24 3.225.125.24	14618 (AMAZON-AES) (AMAZON-AES)
2	2600:9000:206... 2600:9000:206f:3e00:d:addc:2400:93a1	16509 (AMAZON-02) (AMAZON-02)
9	23.11.206.9 23.11.206.9	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	34.242.111.67 34.242.111.67	16509 (AMAZON-02) (AMAZON-02)
2	2.16.186.185 2.16.186.185	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	34.249.11.23 34.249.11.23	16509 (AMAZON-02) (AMAZON-02)
1	15.236.176.210 15.236.176.210	16509 (AMAZON-02) (AMAZON-02)
2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2 3	37.252.172.123 37.252.172.123	29990 (ASN-APPNEX) (ASN-APPNEX)
4	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
10	104.17.208.240 104.17.208.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.74.33.199 3.74.33.199	16509 (AMAZON-02) (AMAZON-02)
17	91.235.133.67 91.235.133.67	30286 (THM) (THM)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2 3	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
1 4	91.235.132.130 91.235.132.130	30286 (THM) (THM)
1	91.235.134.131 91.235.134.131	30286 (THM) (THM)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
2	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
9 10	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
1 1	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
49	104.17.209.240 104.17.209.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
1	88.221.169.119 88.221.169.119	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
163	33

12 2606:4700:3035::6815:5f95 (United States)

ASN13335 (CLOUDFLARENET, US)

www.fadeliry.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cfa.fadeliry.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.103 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-103.fra56.r.cloudfront.net

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.214.5.219 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-5-219.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.225.125.24 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-125-24.compute-1.amazonaws.com

www.glancecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:206f:3e00:d:addc:2400:93a1 (United States)

ASN16509 (AMAZON-02, US)

storage.glancecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.11.206.9 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-11-206-9.deploy.static.akamaitechnologies.com

dmt.fidelity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.242.111.67 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-242-111-67.eu-west-1.compute.amazonaws.com

fidelity.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.186.185 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-185.deploy.static.akamaitechnologies.com

sitecatalyst.fidelity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.249.11.23 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-11-23.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.236.176.210 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

fmrcorp.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.123 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.17.208.240 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

zncvgjh8lmjxbkyln-fmrpi.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.74.33.199 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-74-33-199.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 91.235.133.67 (United States)

ASN30286 (THM, US)

cfa.fidelity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.16.194 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 91.235.132.130 (United States) 1 redirects

ASN30286 (THM, US)
PTR: h.online-metrix.net

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.235.134.131 (United States)

ASN30286 (THM, US)

5h8i3ud8x7awtta6xkedajahyjeih4covmvv62r64ce9fcc6358593f3am1.e.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 151.101.2.49 (United States) 9 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtd-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

rtd.tubemogul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 104.17.209.240 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 1 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.221.169.119 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a88-221-169-119.deploy.static.akamaitechnologies.com

sjc1.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.126 (Amsterdam, Netherlands) 1 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
60	qualtrics.com zncvgjh8lmjxbkyln-fmrpi.siteintercept.qualtrics.com — Cisco Umbrella Rank: 23884 siteintercept.qualtrics.com — Cisco Umbrella Rank: 981 sjc1.qualtrics.com — Cisco Umbrella Rank: 10488	126 KB
28	fidelity.com dmt.fidelity.com — Cisco Umbrella Rank: 16817 sitecatalyst.fidelity.com — Cisco Umbrella Rank: 14724 cfa.fidelity.com — Cisco Umbrella Rank: 17919	220 KB
12	fadeliry.pro www.fadeliry.pro personal.fadeliry.pro Failed cfa.fadeliry.pro	145 KB
11	everesttech.net 10 redirects cm.everesttech.net — Cisco Umbrella Rank: 1007 sync-tm.everesttech.net — Cisco Umbrella Rank: 533 rtd-tm.everesttech.net — Cisco Umbrella Rank: 2617	2 KB
7	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 197 fidelity.demdex.net — Cisco Umbrella Rank: 24189	10 KB
5	online-metrix.net 1 redirects h.online-metrix.net — Cisco Umbrella Rank: 3149 5h8i3ud8x7awtta6xkedajahyjeih4covmvv62r64ce9fcc6358593f3am1.e.aa.online-metrix.net	17 KB
5	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 41 cm.g.doubleclick.net — Cisco Umbrella Rank: 203 stats.g.doubleclick.net — Cisco Umbrella Rank: 78	3 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 53	197 KB
4	glancecdn.net 2 redirects www.glancecdn.net — Cisco Umbrella Rank: 4024 storage.glancecdn.net — Cisco Umbrella Rank: 5178	13 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 209	3 KB
2	spotxchange.com 1 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 557	1 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 512	1 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36	20 KB
2	google.de www.google.de — Cisco Umbrella Rank: 5922	611 B
2	google.com www.google.com — Cisco Umbrella Rank: 2	611 B
2	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 321	107 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 106	554 B
1	pubmatic.com image2.pubmatic.com — Cisco Umbrella Rank: 882	451 B
1	openx.net us-u.openx.net — Cisco Umbrella Rank: 407	273 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 307	239 B
1	tubemogul.com 1 redirects rtd.tubemogul.com — Cisco Umbrella Rank: 7229	199 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 241	539 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 528	394 B
1	agkn.com d.agkn.com — Cisco Umbrella Rank: 621	595 B
1	omtrdc.net fmrcorp.tt.omtrdc.net — Cisco Umbrella Rank: 22041	393 B
1	ensighten.com nexus.ensighten.com — Cisco Umbrella Rank: 2726	270 KB
0	fmr.com Failed clixqa4.fmr.com Failed
163	27

	Domain	Requested by
58	siteintercept.qualtrics.com	nexus.ensighten.com
17	cfa.fidelity.com	cfa.fadeliry.pro nexus.ensighten.com cfa.fidelity.com
11	www.fadeliry.pro	www.fadeliry.pro nexus.ensighten.com
9	sync-tm.everesttech.net	9 redirects
9	dmt.fidelity.com	nexus.ensighten.com www.fadeliry.pro
6	dpm.demdex.net	nexus.ensighten.com www.fadeliry.pro
4	h.online-metrix.net	1 redirects cfa.fidelity.com
4	www.googletagmanager.com	nexus.ensighten.com
3	cm.g.doubleclick.net	2 redirects
3	ib.adnxs.com	2 redirects
2	sync.search.spotxchange.com	1 redirects
2	dsum-sec.casalemedia.com	1 redirects
2	www.google-analytics.com	nexus.ensighten.com
2	www.google.de
2	www.google.com
2	idsync.rlcdn.com	www.fadeliry.pro
2	sitecatalyst.fidelity.com	nexus.ensighten.com
2	storage.glancecdn.net	www.fadeliry.pro
2	www.glancecdn.net	2 redirects
1	www.facebook.com
1	image2.pubmatic.com
1	us-u.openx.net
1	sjc1.qualtrics.com
1	pixel.rubiconproject.com
1	rtd-tm.everesttech.net
1	rtd.tubemogul.com	1 redirects
1	stats.g.doubleclick.net	nexus.ensighten.com
1	c.bing.com	1 redirects
1	analytics.twitter.com
1	5h8i3ud8x7awtta6xkedajahyjeih4covmvv62r64ce9fcc6358593f3am1.e.aa.online-metrix.net
1	googleads.g.doubleclick.net	nexus.ensighten.com
1	d.agkn.com
1	zncvgjh8lmjxbkyln-fmrpi.siteintercept.qualtrics.com	nexus.ensighten.com
1	fmrcorp.tt.omtrdc.net	nexus.ensighten.com
1	cm.everesttech.net	1 redirects
1	fidelity.demdex.net	nexus.ensighten.com
1	cfa.fadeliry.pro	www.fadeliry.pro
1	nexus.ensighten.com	www.fadeliry.pro
0	clixqa4.fmr.com Failed	nexus.ensighten.com
0	personal.fadeliry.pro Failed	www.fadeliry.pro
163	40

This site contains no links.

Subject Issuer	Validity	Valid
*.fadeliry.pro E1	`2022-11-12` - `2023-02-10`	3 months	crt.sh
nexus.ensighten.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-07` - `2023-10-14`	a year	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
dmt.fidelity.com Entrust Certification Authority - L1M	`2022-10-03` - `2023-10-03`	a year	crt.sh
akamai.piprod4.fidelity.com Entrust Certification Authority - L1M	`2022-09-30` - `2023-09-30`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2022-08-01` - `2023-09-01`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh
*.qualtrics.com DigiCert TLS RSA SHA256 2020 CA1	`2022-05-04` - `2023-05-04`	a year	crt.sh
*.agkn.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-09-06` - `2023-09-21`	a year	crt.sh
CFA.febtest.com Entrust Certification Authority - L1K	`2022-07-12` - `2023-08-11`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh
h.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2021-12-28` - `2023-01-23`	a year	crt.sh
*.e.aa.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2022-06-08` - `2023-07-10`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://www.fadeliry.pro/
Frame ID: 1896223B86089917E7BA6A0E061C66FA
Requests: 104 HTTP requests in this frame

Frame: https://fidelity.demdex.net/dest5.html?d_nsid=0
Frame ID: A2D3E550C247D5CA5DC0AB57146C267F
Requests: 17 HTTP requests in this frame

Frame: https://cfa.fidelity.com/fp/check.js;CIS3SID=A184A18956AE9E04320EC20D7FA60507?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&jb=353926266a716f753d556b6c646d75732e6a716f3f55616e666d777b2730303330266a7362773d4368706d6f652468736a3d4168706d6565273030393235
Frame ID: EF8BC20BA5FB2AE5F9ECCB969302E7E4
Requests: 34 HTTP requests in this frame

Frame: https://cfa.fidelity.com/fp/HP?session_id=e0e04bd0acfce6cd9a2abf853fe827ef&org_id=5h8i3ud8&nonce=4ce9fcc6358593f3&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Frame ID: 8DF07B0D2B2BE332586D521741D96572
Requests: 3 HTTP requests in this frame

Frame: https://cfa.fidelity.com/fp/ls_fp.html;CIS3SID=936AB9E6402B47F6F9C8A283012B0B56?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3
Frame ID: DF8E51EBF95CDBEDD326B8A3B46661C0
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=936AB9E6402B47F6F9C8A283012B0B56?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3
Frame ID: 39E42DCE8B3F7FD111614BAC87716693
Requests: 2 HTTP requests in this frame

Frame: https://cfa.fidelity.com/fp/top_fp.html;CIS3SID=936AB9E6402B47F6F9C8A283012B0B56?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3
Frame ID: D4EAC71CB1346B55CA965DD74A427E7A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Fidelity International Usage Agreement

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

163
Requests

75 %
HTTPS

28 %
IPv6

27
Domains

40
Subdomains

33
IPs

9
Countries

1025 kB
Transfer

3974 kB
Size

40
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://www.glancecdn.net/cobrowse/CobrowseJS.ashx?group=19772&site=production HTTP 302
https://storage.glancecdn.net/cobrowse/js/GlanceCobrowseLoader_5.6.3M.js

Request Chain 17

https://cm.everesttech.net/cm/dd?d_uuid=77224329503074743510773209141841049493 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y3C83wAAAD3sxwOV

Request Chain 21

https://www.glancecdn.net/cobrowse/js/GlancePresenceVisitor_5.6.3M.js HTTP 301
https://storage.glancecdn.net/cobrowse/js/GlancePresenceVisitor_5.6.3M.js

Request Chain 24

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP 302
https://dpm.demdex.net/ibs:dpid=358&dpuuid=2721345729940198821

Request Chain 37

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NzcyMjQzMjk1MDMwNzQ3NDM1MTA3NzMyMDkxNDE4NDEwNDk0OTM= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NzcyMjQzMjk1MDMwNzQ3NDM1MTA3NzMyMDkxNDE4NDEwNDk0OTM=&google_tc= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEDMkLfsLlDdVLZNQfyEYmf0&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 41

https://h.online-metrix.net/fp/clear.png?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&gttl=155520000 HTTP 302
https://h.online-metrix.net/fp/clear.png?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&k=2

Request Chain 78

https://c.bing.com/c.gif?uid=77224329503074743510773209141841049493&Red3=MSAdobe_pd&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=1957&dpuuid=1F6DBE91190A651A18BCACCA18616435

Request Chain 82

https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D HTTP 302
https://dpm.demdex.net/ibs:dpid=782&dpuuid=Y3C83wAAAD3sxwOV

Request Chain 84

https://rtd.tubemogul.com/migrate_et3/ HTTP 302
https://rtd-tm.everesttech.net/migrate_et3/

Request Chain 89

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTNDODN3QUFBRDNzeHdPVg==

Request Chain 145

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y3C83wAAAD3sxwOV&expires=90

Request Chain 149

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y3C83wAAAD3sxwOV HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y3C83wAAAD3sxwOV&C=1

Request Chain 152

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D HTTP 302
https://ib.adnxs.com/setuid?entity=158&code=Y3C83wAAAD3sxwOV

Request Chain 153

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y3C83wAAAD3sxwOV

Request Chain 155

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y3C83wAAAD3sxwOV

Request Chain 156

https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y3C83wAAAD3sxwOV&img=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y3C83wAAAD3sxwOV&img=1&__user_check__=1&sync_id=00edf426-6338-11ed-a2ff-1860f0710306

Request Chain 157

https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 HTTP 302
https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y3C83wAAAD3sxwOV&t=2592000&o=0

163 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.fadeliry.pro/ 10 KB
5 KB 822ms
742ms Document
text/html 2606:4700:3035::6815:5f95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fadeliry.pro/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:5f95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4307168d52618587c52e25c713e7303523cc2731fae952adec27cba3cbeafeb5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 769694051fe49956-FRA
content-encoding: br
content-type: text/html
date: Sun, 13 Nov 2022 09:46:05 GMT
expires: Sun, 13 Nov 2022 09:46:05 GMT
last-modified: Thu, 02 Jun 2022 20:18:31 GMT
link: <https://login.fidelity.com>;rel="preconnect",<https://cdnssl.clicktale.net>;rel="preconnect",<https://www.glancecdn.net>;rel="preconnect" <https://dmt.fidelity.com>;rel="preconnect",<https://assets.fidelity.com>;rel="preconnect",<https://fidelity.demdex.net>;rel="preconnect"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z48cNoVx8xWu%2F28ZZgbbjNqm7GQDVz1SxnHPh07vFkoGIFKvjFFgd%2BlDkGOL5CCQm%2FU9xz27BA5VKI9%2BwIRXbDNyBwqIBRKkilln%2FJCqj0jRvpZbIH8srx2Dd5MgbYwqdrMV0r6JKYdqJD%2FF%2FC91"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-akamai-transformed: 9 9814 0 pmb=mTOE,2
x-amz-id-2: stI22o5Ls2k5HlEOHIfci/XSh37nSgwhEexZ0k6RuHPNk60FnoDJCc3w5TvuC9QILYTyM/YW1mk=
x-amz-replication-status: COMPLETED
x-amz-request-id: 1B7AV5RH4MV0R7RR
x-amz-server-side-encryption: AES256
x-amz-version-id: 0V2srAUHTJdIhPg1.NRlWqrSioXuB2cV

GET
H2 200 inter-accounts.css
www.fadeliry.pro/intlacct/css/ 24 KB
6 KB 938ms
933ms Stylesheet
text/css 2606:4700:3035::6815:5f95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fadeliry.pro/intlacct/css/inter-accounts.css
Requested by: Host: www.fadeliry.pro
URL: https://www.fadeliry.pro/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:5f95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f6b68da41024eaa3e62963ca740ffc101c6d18e0dcef244de384a4a0a38dc68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:06 GMT
x-amz-version-id: JWgb3XpsYTY0UEUYN91WDI7F5KpQBR_6
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 7DKAWMZKTTH8Y5S5
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: tAJHz2o810wdVVfdSYCn3DidgtuzMzbeMWvIEWv4cdtINaF6DHTLVARLDzwORJt06mnWsomhZBo=
pragma: no-cache
last-modified: Thu, 24 Feb 2022 00:01:45 GMT
server: cloudflare
etag: W/"a5d5fa14ae95a400ee05cfd69535f6e8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=60SElgL%2FQqiHh%2BGLLhB0wOpJTctHTuB5f48ZpAja6XZhS%2FfVfzKRdR%2FpKMsGdPq%2BI9veCv7WJpJtnczyX6Z1OmIVOeaYX6G36LLczLd1oe6TgY8VTKNB4du%2B%2BBBkZ4d2pIGTnPTEI%2B4SiVV0M84G"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
cf-ray: 76969409db799956-FRA
expires: Sun, 13 Nov 2022 09:46:06 GMT

GET
H2 200 jquery-1.7.2.js Show response
www.fadeliry.pro/intlacct/js/ 247 KB
75 KB 1396ms
1394ms Script
application/javascript 2606:4700:3035::6815:5f95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fadeliry.pro/intlacct/js/jquery-1.7.2.js
Requested by: Host: www.fadeliry.pro
URL: https://www.fadeliry.pro/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:5f95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1717ea1fde8ceb7584341a24efc85c853083c660a1185968fbf94520f7193de2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:07 GMT
x-amz-version-id: 5PwOdVoCpjcwvLHeSPewROIQecnmHPhx
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: G8AYMNESWJZ6X1FE
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: TORWnJVHyJ8FLkxdMS4V2zCP4M/tiluByTfsr+PC+t7TbTVP6FdIET+6/Cg5tc4TP9tcqg7MB+M=
pragma: no-cache
last-modified: Thu, 24 Feb 2022 00:01:45 GMT
server: cloudflare
etag: W/"af693f9aea7dae36fb3bef4c9b6e56fb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5huWnnMvYKnpoaT5joL6Nu1G69veciPs8fYR%2BpInTd8VavXGV3OtJGZ2giThHhNKxCIDwGLmbkUp0B575j9G%2FqMGc02QXLRRDylSpVrpd%2FxdZdIvecvk3SZTh1vkcf2PUE0hp08y7A6kegSkHVAB"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
cf-ray: 76969409db7c9956-FRA
expires: Sun, 13 Nov 2022 09:46:05 GMT

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/fidelity/prod/ 1 MB
270 KB 98ms
20ms Script
application/javascript 65.9.66.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js
Requested by: Host: www.fadeliry.pro
URL: https://www.fadeliry.pro/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-103.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 990d8853e6e6da4362a6c80a544f0c37b3d9fc53f5eaeaa590c6dd8427bfaf67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 10 Nov 2022 06:49:56 GMT
x-amz-version-id: 1nRpbSZPptUu.CEnOdw_kdBu4TzDxkEH
content-encoding: br
via: 1.1 a618edcb8ddcdae59a3a61a6c82ff54c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 269770
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 10 Nov 2022 06:49:10 GMT
server: AmazonS3
etag: W/"709b044454eb116b7b2d88319a590685"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=300
x-amz-cf-id: inVc_HqCrqDJZguNGGy_DetFsCrENruXKlMnzMpOkjDoAeh96LT25Q==

GET
H3 200 fidelity_com_logo.gif
www.fadeliry.pro/intlacct/images/ 809 B
1 KB 336ms
335ms Image
image/png 2606:4700:3035::6815:5f95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.fadeliry.pro/intlacct/images/fidelity_com_logo.gif
Requested by: Host: www.fadeliry.pro
URL: https://www.fadeliry.pro/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:5f95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f9dc30aa8e6d84f42f064d60c3aee3ca89337a6f38001b98561f836a52a6b68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:07 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 809
last-modified: Tue, 31 May 2022 16:54:07 GMT
server: cloudflare
etag: "353-4d8ed98212380"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2Fj760oFTBEcIjbwdJCdeIhJT6zIiGgifzEO7jzyc0Gjg73RNyQEne3c%2FbzokMxdScfEBklCRAOsuteYtYVMfvtPRs7oEc9WffvPBgYHZJyl3%2Bbj2JWWQrf%2FA1YwpSbf%2BbFLn3szB7ndGPPDU1vY"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: private, no-transform, max-age=30769
accept-ranges: bytes
cf-ray: 769694135c035c80-FRA
expires: Sun, 13 Nov 2022 18:18:56 GMT

GET
H3 200 fidelityweblogo.gif
www.fadeliry.pro/intlacct/images/ 2 KB
2 KB 699ms
698ms Image
image/webp 2606:4700:3035::6815:5f95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.fadeliry.pro/intlacct/images/fidelityweblogo.gif
Requested by: Host: www.fadeliry.pro
URL: https://www.fadeliry.pro/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:5f95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8149fdf3316c443ca4d5f707e6e25cda46e16b9d8b82651f1199f2af97070b7f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:07 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1882
last-modified: Mon, 06 Jun 2022 11:54:20 GMT
server: cloudflare
etag: "acb3d0c6afa206fa09fda1948c0e1d26"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BGRM3VVtqgroyMysRdGNVJohMNY0r97aNYaPb5%2FHN7v8qfWNShG4AixC7JjkqY33hxO9CIlI5rvKt2j0Qd0PJaC7GhxoabtbhXCmQOWzxkwzSyM1NqkXNTyWFshQu6lHyFcoJXp1R%2F39Hu8Kgtlm"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: private, no-transform, max-age=21644
accept-ranges: bytes
cf-ray: 769694135c045c80-FRA
expires: Sun, 13 Nov 2022 15:46:51 GMT

GET Footer_Logo.png
personal.fadeliry.pro/include/footer/images/ 0
0

GET
H3 200 inter-accounts.js Show response
www.fadeliry.pro/intlacct/js/ 54 KB
15 KB 1350ms
1349ms Script
application/javascript 2606:4700:3035::6815:5f95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fadeliry.pro/intlacct/js/inter-accounts.js
Requested by: Host: www.fadeliry.pro
URL: https://www.fadeliry.pro/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:5f95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38310b4f61a09ec38b8e4303fa2eb4b9c7b804adfcaf0bff455152a12e9efc0c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:08 GMT
x-amz-version-id: WIM3HB3Hs8iszn8Yt6aA7oCcd8MFm2j5
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 7DK1FWAH8FK9TYV0
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Ik2y0e1+XUPLGT9vBwjk+j4xxewTJCbroiE7HpmJwGNr1DCoS6Hmxg7Em8SPDU0EIHzUZcmeHA0=
pragma: no-cache
last-modified: Thu, 24 Feb 2022 00:01:45 GMT
server: cloudflare
etag: W/"b228805e74db45e84a88d605d00fcf47"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0jKB234Qo9aXtiVY71HxqmAUvgBveO0webmHeV75bklJoPnBqd%2F7m2X6wk8iqjCHCHl2F2LjDqlvZ7v%2FsTQEU7G5ZnehemXMcPvOc8DaGV0YGViFW0w9jPYalobK0os1CwkX%2F7gXfP0vNFdHkwN%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
cf-ray: 7696940fcb265c80-FRA
expires: Sun, 13 Nov 2022 09:46:07 GMT

GET
H2 200 tags.js Show response
cfa.fadeliry.pro/fp/ 93 KB
13 KB 1288ms
1272ms Script
text/javascript 2606:4700:3035::6815:5f95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cfa.fadeliry.pro/fp/tags.js?org_id=5h8i3ud8&session_id=E0E04BD0ACFCE6CD9A2ABF853FE827EF
Requested by: Host: www.fadeliry.pro
URL: https://www.fadeliry.pro/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:5f95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fac706f55a5bd3496b91099f0d5993416d3d549074a830f26c12c07030bcded6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Nov 2022 09:46:08 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dF9V0jy0ZHN1N6xQSdiWGpZigpz%2F2X7gZ6hUFoTqCPRyTxHef6rJnOHarYU%2FpC1XulTf9rox7%2FdtWLuccotLcxqOmCypeBN0MZoBLxBbugnA71O66DjNV5m2mmLHIVhzzPQ5SQ3z3nWFTqIVLBLl"}],"group":"cf-nel","max_age":604800}
p3p: CP=IVAa PSAa
access-control-allow-origin: *
content-type: text/javascript;charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
cf-ray: 76969412d9ad9956-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 PWkATmYB Show response
www.fadeliry.pro/oIMv7K/FjrZ6/PB88e/rQ/m5OEJ0DhYb/L0MmXABYBA/aCZh/ 84 KB
22 KB 800ms
799ms Script
application/javascript 2606:4700:3035::6815:5f95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fadeliry.pro/oIMv7K/FjrZ6/PB88e/rQ/m5OEJ0DhYb/L0MmXABYBA/aCZh/PWkATmYB
Requested by: Host: www.fadeliry.pro
URL: https://www.fadeliry.pro/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:5f95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa43fd4073d3976c0bc94de0d58e6f81290443515528b60e80aa889fa38f80c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

unused62: 8096267
date: Sun, 13 Nov 2022 09:46:08 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: no-cache
last-modified: Mon, 28 Feb 2022 19:29:24 GMT
server: cloudflare
etag: W/"a7a61709860c0c57ec0c92584ae4f1bc214dfc71043ea43843572e55d14841f6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aDDrAOudbOs7EsVj%2FI4VEhUnOYWwvDrh8m2rBo6q%2FDxQlyx9ygZZzg%2F4UUxUDHi3IatNgAw452f0GpTrPjq21%2F%2BXstjuH1A73VlM5MtZXI21CIMuZdKWNF84onUVo7VsKWW%2FHOLiyPMwVS4%2FKf4f"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=21600
cf-ray: 769694135bfe5c80-FRA
expires: Sun, 13 Nov 2022 09:46:07 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 4 KB
2 KB 614ms
162ms XHR
application/json 52.214.5.219
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=EDCF01AC512D2B770A490D4C%40AdobeOrg&d_nsid=0&ts=1668332767219

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.214.5.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-214-5-219.eu-west-1.compute.amazonaws.com

Software

Resource Hash

4e8ecd6626e17c5f65b21bbdc7e5c33ddf3c57811eb8862fe7501c3362da6fba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fadeliry.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v045-07bcfe959.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: odgaPOEQRPI=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.fadeliry.pro
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1199
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

GlanceCobrowseLoader_5.6.3M.js Show response
storage.glancecdn.net/cobrowse/js/
Redirect Chain

https://www.glancecdn.net/cobrowse/CobrowseJS.ashx?group=19772&site=production
https://storage.glancecdn.net/cobrowse/js/GlanceCobrowseLoader_5.6.3M.js

11 KB
5 KB

93ms
15ms

Script
application/javascript

2600:9000:206f:3e00:d:addc:2400:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.glancecdn.net/cobrowse/js/GlanceCobrowseLoader_5.6.3M.js
Requested by: Host: www.fadeliry.pro
URL: https://www.fadeliry.pro/
Protocol: H2
Server: 2600:9000:206f:3e00:d:addc:2400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1e37b248a85a3ba711b5dfe3d3c0b9efd2f361d41a28601acda628013c6a20d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 21 Oct 2022 02:08:21 GMT
x-amz-version-id: gAyaMY01Hz5bW8oLzBQITq.h0cdYQqlQ
content-encoding: gzip
via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 2014667
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 26 Jul 2022 12:23:55 GMT
server: AmazonS3
etag: W/"acaf6762074b827a84400164fee8fbd2"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31556926
x-amz-cf-id: V5K0VkImkG-7HRX9o6oc_HbamxKXpWRi-6clBn9L_Tp0hYc0ZWL0Kg==

Redirect headers

date: Sun, 13 Nov 2022 09:46:07 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html; charset=utf-8
location: https://storage.glancecdn.net/cobrowse/js/GlanceCobrowseLoader_5.6.3M.js
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 189

GET
H3 200 nav-gradient.png
www.fadeliry.pro/intlacct/images/ 423 B
1 KB 1060ms
1060ms Image
image/png 2606:4700:3035::6815:5f95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.fadeliry.pro/intlacct/images/nav-gradient.png
Requested by: Host: www.fadeliry.pro
URL: https://www.fadeliry.pro/intlacct/css/inter-accounts.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:5f95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c0320ec20695d44f0fc3f0e3585aa6c6b7049384bcc668de7d4c0ce6bf00139b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/intlacct/css/inter-accounts.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:08 GMT
x-amz-version-id: aenx2DWwDd3dJBexejVEiEmYZUyey7O9
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: V32REZHKWS9G2P2P
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 423
x-amz-id-2: cIPnsZ3IyXbkt2hhn90fCoqW6KfcWT4xcBVdLbhtR1rRSZM938uJIQbppNU0TL69x0pPPEQ6KQw=
pragma: no-cache
last-modified: Thu, 24 Feb 2022 00:01:45 GMT
server: cloudflare
etag: "2b19aa4483c04ab7dbbc73f335b672e9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OV1tBoYjj1sq5Yf5fOwB2qDiXv%2Fvsvr7PegWwmDF1oIH%2BysKycdemaNlZIksDM21NKUEPf6B2RFufB6aTHFyimqzNuBSQ7lanb8qLa2iM2v0zU%2BNXmoCXttuy1ksSmz77yRnCCmyoZdh%2BS348kks"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 769694135c0c5c80-FRA
expires: Sun, 13 Nov 2022 09:46:08 GMT

GET
H3 200 sb_bg.png
www.fadeliry.pro/intlacct/images/ 700 B
2 KB 526ms
526ms Image
image/png 2606:4700:3035::6815:5f95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.fadeliry.pro/intlacct/images/sb_bg.png
Requested by: Host: www.fadeliry.pro
URL: https://www.fadeliry.pro/intlacct/css/inter-accounts.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:5f95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b5ced1410bcd204e17bd6f80d05d7c6ee8f6317bc7275a4aabaab629402f0c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/intlacct/css/inter-accounts.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:07 GMT
x-amz-version-id: 8IKLocj5IAKqLsbwaHifs2jYofPoCqV5
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: V32HSNMPX20BXGG8
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 700
x-amz-id-2: +nTTNECfbNAlM6lBpQ8G8a+Cm5Fi8w/FLmg2SygFZwVyqC8BusWWSCM2sDCCNk6DjdSTlYnb8HQ=
pragma: no-cache
last-modified: Thu, 24 Feb 2022 00:01:45 GMT
server: cloudflare
etag: "facd1a69f5fb9db15f3c71c2d86217be"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w63uaggnIZRQWq5JNpSWIai6achTv%2FftnZW6ulZTCle0X6ZK9V%2BVfUYwP8y0jOEP849STY7vNqGd4R6HXbmueSNz9mNLnyaq68M%2BAcxD%2FfEIWpnlQArHRK34HTwLzYWJOcz62%2FRpzjVH1KEgsOFa"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 769694135c0e5c80-FRA
expires: Sun, 13 Nov 2022 09:46:07 GMT

GET
H2 200 serverComponent.php Show response
dmt.fidelity.com/fidelity/prod/ 295 B
1 KB 222ms
64ms Script
text/javascript 23.11.206.9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://dmt.fidelity.com/fidelity/prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=dmt.fidelity.com/fidelity/prod/code/&publishedOn=Thu%20Nov%2010%2006:49:03%20GMT%202022&ClientID=65&PageID=https%3A%2F%2Fwww.fadeliry.pro%2F
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.11.206.9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-11-206-9.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 571e59607940fc3b89c6f087eab2341f8fb2d9254d1bcff54d36856778384db1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:07 GMT
server: nginx
x-amz-cf-pop: LHR50-C1
content-type: text/javascript
cache-control: no-cache, no-store
content-length: 295
x-amz-cf-id: t7k48mtfuAa-mnmj2_VLFPa06ZubzZKzW8A-KV119SC5_bE2gjXbLA==
expires: Sun, 13 Nov 2022 09:46:06 GMT

GET
H2 200 2271f85a69bba4a44068f3f407d3712a.js Show response
dmt.fidelity.com/fidelity/prod/code/ 194 KB
52 KB 41ms
40ms Script
application/javascript 23.11.206.9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://dmt.fidelity.com/fidelity/prod/code/2271f85a69bba4a44068f3f407d3712a.js?conditionId0=46215&conditionId1=422684
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.11.206.9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-11-206-9.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: daf07b1bdd569e5f245e99c5ea956ec01dc98f4caaff58115ed3794ef91c0eb9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-amz-version-id: NCA4EQxJeecf0lqwvrt0yDiHSDvYrvMm
content-encoding: gzip
date: Sun, 13 Nov 2022 09:46:07 GMT
last-modified: Thu, 10 Nov 2022 06:49:10 GMT
server: AmazonS3
x-amz-cf-pop: CDG50-C2
etag: W/"b037a5698f3903d0d4311962fa70627c"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-replication-status: PENDING
x-amz-cf-id: fX6S3BpDC18uD6CrATUznhjKdPfQiwVS5vxHKbUWcFh8IPqId3M4og==
content-length: 52939

GET
H/1.1 200
OK dest5.html Show response
fidelity.demdex.net/ Frame A2D3 7 KB
3 KB 597ms
127ms Document
text/html 34.242.111.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://fidelity.demdex.net/dest5.html?d_nsid=0

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.242.111.67 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-242-111-67.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fadeliry.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-2-v045-0cfa310b8.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: XoIjrS1hREo=
content-encoding: gzip
date: Sun, 13 Nov 2022 09:46:08 GMT
last-modified: Fri, 28 Oct 2022 11:26:52 GMT
vary: accept-encoding

GET
H/1.1 200
OK id Show response
sitecatalyst.fidelity.com/ 2 B
1 KB 228ms
79ms XHR
application/x-javascript 2.16.186.185
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sitecatalyst.fidelity.com/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=EDCF01AC512D2B770A490D4C%40AdobeOrg&mid=71669356577683261300209268151634948040&ts=1668332767858

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.185 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-185.deploy.static.akamaitechnologies.com

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fadeliry.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Sun, 13 Nov 2022 09:46:08 GMT
x-content-type-options: nosniff
Server: jag
Vary: Origin
Content-Type: application/x-javascript;charset=utf-8
Access-Control-Allow-Origin: https://www.fadeliry.pro
p3p: CP="This is not a P3P policy"
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 2
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=Y3C83wAAAD3sxwOV
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=77224329503074743510773209141841049493
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y3C83wAAAD3sxwOV

42 B
942 B

132ms
132ms

Image
image/gif

52.214.5.219
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y3C83wAAAD3sxwOV

Requested by

Host: www.fadeliry.pro
URL: https://www.fadeliry.pro/

Protocol

HTTP/1.1

Server

52.214.5.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-214-5-219.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0449b668e.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: P+a5O4x/RO4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y3C83wAAAD3sxwOV
Date: Sun, 13 Nov 2022 09:46:07 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 403 delivery Show response
fmrcorp.tt.omtrdc.net/rest/v1/ 49 B
393 B 704ms
243ms XHR
application/json 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://fmrcorp.tt.omtrdc.net/rest/v1/delivery?client=fmrcorp&sessionId=fa942c8906fa4113986234d0f0204b52&version=2.3.0

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

70ac34d176f59098e867cd1008c65de5e945ae2ee702444a4e6e9ee10ae314dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fadeliry.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 13 Nov 2022 09:46:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
server: jag
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.fadeliry.pro
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
x-xss-protection: 1; mode=block

POST
H3 201 PWkATmYB Show response
www.fadeliry.pro/oIMv7K/FjrZ6/PB88e/rQ/m5OEJ0DhYb/L0MmXABYBA/aCZh/ 18 B
1 KB 491ms
490ms XHR
application/json 2606:4700:3035::6815:5f95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fadeliry.pro/oIMv7K/FjrZ6/PB88e/rQ/m5OEJ0DhYb/L0MmXABYBA/aCZh/PWkATmYB
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:5f95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6

Request headers

Referer: https://www.fadeliry.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 13 Nov 2022 09:46:08 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: https://www.fadeliry.pro
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RDyGtkyuqZOArXiwyrvPhQCGkpYylHrrT47zgIobYWUa7vvqCfpRAg%2BKyulAWrRe4eQICTWSfzs6VGZXObiWRfr0sIgz5B808zs7FMM1l8xnBTvF8oAb86m9hiZV7Kk9luZOZkozTWkKLpCc5pIS"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true, true
x_req_id: 12eeb404-b3dd-439c-8fce-de0f9d1fc1cf
cf-ray: 7696941b4f4b5c80-FRA
access-control-allow-headers: Content-Type
content-length: 18
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 204 r.rnc
dmt.fidelity.com/privacy/v1/b/ 0
1 KB 56ms
56ms Image
text/plain 23.11.206.9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmt.fidelity.com/privacy/v1/b/r.rnc?n=0&c=65&i=8t9bbs&p=prod&s=332&d=8BV7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNTcUAPAcY2xpZW50SWQiOjY1LCJwdWJsaXNoUGF0aCI6InByb2QiLCJpbnN0YW5jZSUA8lgiOHQ5YmJzIiwicGFja2V0IjowLCJtb2RlIjoib2JzZXJ2ZSIsImNvb2tpZXMiOnt9LCJlbnZpcm9ubWVudCI6IkFsbG93ZWQgRG9tYWluIiwicmVxdWVzdHMiOlt7ImRlc3RpbmF0uABgIiwidHlwWwDwD2JpbGxpbmciLCJzdGFydCI6MTY2ODMzMjc2ODUwOGQAwGQiOi0xLCJzb3VyYzIAAisAYXR1cyI6ImYAQGFzb25lANRdLCJkYXRhUGF0dGVyEgDCbGlzdCI6W10sImlkXQDAMzMyNzY4NTA4fV19
Requested by: Host: www.fadeliry.pro
URL: https://www.fadeliry.pro/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.11.206.9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-11-206-9.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:08 GMT
cache-control: no-cache, no-store
server: nginx
x-amz-cf-pop: LHR50-C1
x-amz-cf-id: cLsx4qLQWGRVH9iX4CSV32VlB4ZZrgQvvwRWBtGemxgXd3Oc4L7C4w==
expires: Sun, 13 Nov 2022 09:46:07 GMT

GET
H2

200

GlancePresenceVisitor_5.6.3M.js Show response
storage.glancecdn.net/cobrowse/js/
Redirect Chain

https://www.glancecdn.net/cobrowse/js/GlancePresenceVisitor_5.6.3M.js
https://storage.glancecdn.net/cobrowse/js/GlancePresenceVisitor_5.6.3M.js

18 KB
7 KB

17ms
16ms

Script
application/javascript

2600:9000:206f:3e00:d:addc:2400:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.glancecdn.net/cobrowse/js/GlancePresenceVisitor_5.6.3M.js
Requested by: Host: www.fadeliry.pro
URL: https://www.fadeliry.pro/
Protocol: H2
Server: 2600:9000:206f:3e00:d:addc:2400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 61fbcc82f876d63e9d0ddd1251d638646510ae157cd8ccc839144773ec53982c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 21 Oct 2022 02:08:22 GMT
x-amz-version-id: pjNZSME4V0jyETPyEufm22uG0D7KL3oW
content-encoding: gzip
via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 2014667
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 26 Jul 2022 12:23:56 GMT
server: AmazonS3
etag: W/"f3a346a8f3f38ba1e5097562b5dcc59f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31556926
x-amz-cf-id: e8sMmDEMf_gRIN3StumOxTPv0jIG_vf78X5PB2TS_dVjtE7Wo78Riw==

Redirect headers

location: https://storage.glancecdn.net/cobrowse/js/GlancePresenceVisitor_5.6.3M.js
access-control-allow-origin: *
date: Sun, 13 Nov 2022 09:46:08 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-length: 196
content-type: text/html; charset=UTF-8

GET
H2 451 365868.gif
idsync.rlcdn.com/ Frame A2D3 0
98 B 89ms
35ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/365868.gif?partner_uid=77224329503074743510773209141841049493
Requested by: Host: www.fadeliry.pro
URL: https://www.fadeliry.pro/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fidelity.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:08 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 200
OK s53587237357489 Show response
sitecatalyst.fidelity.com/b/ss/fidelitycom/10/JS-2.9.0/ 4 KB
3 KB 109ms
109ms Script
application/x-javascript 2.16.186.185
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sitecatalyst.fidelity.com/b/ss/fidelitycom/10/JS-2.9.0/s53587237357489?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=13%2F10%2F2022%209%3A46%3A8%200%200&d.&nsid=0&jsonv=1&.d&sdid=275147D5E6B74346-42EAC04ECAAEB9FE&ts=1668332767&mid=71669356577683261300209268151634948040&aamlh=6&ce=UTF-8&ns=fidelity&pageName=Fid.com%20web%7CInternational%7CInternational%20Usage%20Agreement&g=https%3A%2F%2Fwww.fadeliry.pro%2F&c.&bot=0&mcvisid=71669356577683261300209268151634948040&ptst=0&tms=3&VSCHANNEL=Fid.com%20web&VSPAGE=International%20Usage%20Agreement&VSPURP=Customer%20Service&VSSECSUB=%2FInternational&ens_loc=head&d80=0&d83=0&dateDetail=45%7C0%7C9%3A30%7C46&lilo=Lo&mboxVersion=2.3.0&p9=No%20NavBar%20Interaction&rmdata=rNA%7Cg00%7Cei0%7CciNA&subdomain=www&VSSOURCE=Fidelity&SEC=International&channelManager=Typed%2FBookmarked&channelManagerDetail=tb%7CFid.com%20web%7CInternational%7CInternational%20Usage%20Agreement&channelManagerKeyword=n%2Fa&channelManagerStacking=Typed%2FBookmarked&p8=%7C%7C&VSFORMAT=1600%7CLarge%7CNo%20App%20Format&sourceEnv=prod&ecidMIDDebug=71669356577683261300209268151634948040&csEnabled=0&.c&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v16=D%3Dc11&v18=D%3Dc16&v21=First%20Visit&v75=2022-11-10%7CS.2.9.0%7CTMS&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=EDCF01AC512D2B770A490D4C%40AdobeOrg&AQE=1

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.185 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-185.deploy.static.akamaitechnologies.com

Software

jag /

Resource Hash

2161468d3f649e8a99e59001323594264e28836181194356e5858bf0cf37a6ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-aam-tid: vXNlP4o7Qxc=
Date: Sun, 13 Nov 2022 09:46:08 GMT
Content-Encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy"
Connection: keep-alive
Content-Length: 1130
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-1-v045-028e6f909.edge-irl1.demdex.com 4 ms
Pragma: no-cache
Last-Modified: Mon, 14 Nov 2022 09:46:08 GMT
Server: jag
ETag: 3582717340488957952-4619735704601115136
Vary: *, Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Expires: Sat, 12 Nov 2022 09:46:08 GMT

GET
H/1.1

200
OK

ibs:dpid=358&dpuuid=2721345729940198821
dpm.demdex.net/ Frame A2D3
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID
https://dpm.demdex.net/ibs:dpid=358&dpuuid=2721345729940198821

42 B
942 B

138ms
137ms

Image
image/gif

52.214.5.219
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=358&dpuuid=2721345729940198821

Protocol

HTTP/1.1

Server

52.214.5.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-214-5-219.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fidelity.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0ced04f65.edge-irl1.demdex.com 5 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 4oHx0mg6T3s=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Date: Sun, 13 Nov 2022 09:46:08 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.64.151.29; 217.64.151.29; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 9c2fcb28-9b1d-4b2c-b0f2-3a4d662fd296
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://dpm.demdex.net/ibs:dpid=358&dpuuid=2721345729940198821
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST clix
clixqa4.fmr.com/ 0
0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 188 KB
68 KB 70ms
30ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1053708818

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

349adc0aa0b4d8a01d6333028da5edef079e75310696eeefdebc90a5bf64834f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69193
x-xss-protection: 0
last-modified: Sun, 13 Nov 2022 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 13 Nov 2022 09:46:08 GMT

GET
H2 200 / Show response
zncvgjh8lmjxbkyln-fmrpi.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 7 KB
4 KB 121ms
59ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zncvgjh8lmjxbkyln-fmrpi.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_cvGJH8lmjxbKyln&Q_LOC=https%3A%2F%2Fwww.fadeliry.pro%2F&t=1668332768673

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

163a0c97d1e6ecb76f27c79bf784c1d21ea923cc6f3cb33c4a276d185039584a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 203915
cf-polished: origSize=8487
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"2127-RPRWY2UCvxR8roNqSrDClImEHR8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696941cb843bbf2-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H/1.1 200
OK /
d.agkn.com/pixel/12113/ 43 B
595 B 85ms
17ms Image
image/gif 3.74.33.199
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.agkn.com/pixel/12113/?che=1668332768672&mcvisid=71669356577683261300209268151634948040
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.74.33.199 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-74-33-199.eu-central-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Nov 2022 09:46:08 GMT
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK check.js;CIS3SID=A184A18956AE9E04320EC20D7FA60507 Show response
cfa.fidelity.com/fp/ Frame EF8B 477 KB
87 KB 116ms
32ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/check.js;CIS3SID=A184A18956AE9E04320EC20D7FA60507?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&jb=353926266a716f753d556b6c646d75732e6a716f3f55616e666d777b2730303330266a7362773d4368706d6f652468736a3d4168706d6565273030393235

Requested by

Host: cfa.fadeliry.pro
URL: https://cfa.fadeliry.pro/fp/tags.js?org_id=5h8i3ud8&session_id=E0E04BD0ACFCE6CD9A2ABF853FE827EF

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

5ff7b7fac25aa853e6041e6b12bfc361f97bf195872f166ff4684b1cca2c00ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Sun, 13 Nov 2022 09:46:08 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: CP=IVAa PSAa
tmx-nonce: 4ce9fcc6358593f3
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
cfa.fidelity.com/fp/ Frame EF8B 81 B
475 B 106ms
22ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfa.fidelity.com/fp/clear.png?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&ck=0&m=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Nov 2022 09:46:08 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
cfa.fidelity.com/fp/ Frame EF8B 81 B
475 B 106ms
22ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfa.fidelity.com/fp/clear.png?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&ck=0&m=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Nov 2022 09:46:08 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 451 365868.gif
idsync.rlcdn.com/ Frame A2D3 0
9 B 56ms
24ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/365868.gif?partner_uid=77224329503074743510773209141841049493
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fidelity.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:08 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 109 KB
43 KB 76ms
41ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-84221228-1&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ce5f87e0347813b71f6a3d7db10145ac286ba42e856f38ab778178319f3627a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43643
x-xss-protection: 0
last-modified: Sun, 13 Nov 2022 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 13 Nov 2022 09:46:08 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1053708818/ 2 KB
1 KB 100ms
61ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1053708818/?random=1668332768803&cv=11&fst=1668332768803&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.fadeliry.pro%2F&tiba=Fidelity%20International%20Usage%20Agreement&auid=1787369893.1668332769&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f0425893c03f4b8a6d59be0c17802a6e4dcde9132d1be5f9f606c4f7455a1267

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Nov 2022 09:46:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 885
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 45ms
25ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-2579983&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d1f87eff1637d3287467600a212f06458eff3c31c6012998b170789ffa4cfa5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44245
x-xss-protection: 0
last-modified: Sun, 13 Nov 2022 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 13 Nov 2022 09:46:08 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 47ms
28ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-3824016&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f11cfac021e776d1cb5df281531986bf3cceb1bdffb50da0c4f2ff59903f6434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44240
x-xss-protection: 0
last-modified: Sun, 13 Nov 2022 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 13 Nov 2022 09:46:08 GMT

GET
H/1.1

200
OK

ibs:dpid=771&dpuuid=CAESEDMkLfsLlDdVLZNQfyEYmf0&google_cver=1
dpm.demdex.net/ Frame A2D3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NzcyMjQzMjk1MDMwNzQ3NDM1MTA3NzMyMDkxNDE4NDEwNDk0OTM=
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NzcyMjQzMjk1MDMwNzQ3NDM1MTA3NzMyMDkxNDE4NDEwNDk0OTM=&google_tc=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEDMkLfsLlDdVLZNQfyEYmf0&google_cver=1?gdpr=0&gdpr_consent=

42 B
942 B

132ms
132ms

Image
image/gif

52.214.5.219
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEDMkLfsLlDdVLZNQfyEYmf0&google_cver=1?gdpr=0&gdpr_consent=

Protocol

HTTP/1.1

Server

52.214.5.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-214-5-219.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fidelity.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0be46a66e.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 7fAnYKEdScc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Sun, 13 Nov 2022 09:46:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEDMkLfsLlDdVLZNQfyEYmf0&google_cver=1?gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 11.6d6c5ef8794769da04fd.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 61 KB
19 KB 52ms
51ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/11.6d6c5ef8794769da04fd.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=www.fadeliry.pro

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8bbd322d5b22764f29e7ff91003f0a7a25af17af76cbee3ff46e95a3d4d80b4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 460833
cf-polished: origSize=63601
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
cf-bgj: minify
server: cloudflare
etag: W/"f871-1845383cf10"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696941d4967bbf2-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H/1.1 200
OK HP Show response
cfa.fidelity.com/fp/ Frame 8DF0 19 KB
6 KB 23ms
23ms Document
text/html 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/HP?session_id=e0e04bd0acfce6cd9a2abf853fe827ef&org_id=5h8i3ud8&nonce=4ce9fcc6358593f3&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

04c38ec86f7c7da00e13e1d44550b2cd0de84a1480e52056a8ef1005fe2f89f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fadeliry.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Language: de-DE
Content-Length: 5790
Content-Type: text/html;charset=UTF-8
Date: Sun, 13 Nov 2022 09:46:08 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=99
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=Edge
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK clear.png Show response
cfa.fidelity.com/fp/ Frame EF8B 81 B
532 B 66ms
21ms XHR
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/clear.png

Requested by

Host: cfa.fidelity.com
URL: https://cfa.fidelity.com/fp/check.js;CIS3SID=A184A18956AE9E04320EC20D7FA60507?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&jb=353926266a716f753d556b6c646d75732e6a716f3f55616e666d777b2730303330266a7362773d4368706d6f652468736a3d4168706d6565273030393235

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*, 5h8i3ud8/4ce9fcc6358593f3e0e04bd0acfce6cd9a2abf853fe827ef
Referer: https://www.fadeliry.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Sun, 13 Nov 2022 09:46:08 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Sun, 13 Nov 2022 09:46:08 GMT
Server: Apache
Etag: 7405b9f5a374437f820435d400c147fc
Content-Type: image/png
Access-Control-Allow-Origin: https://www.fadeliry.pro
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
Expires: Fri, 12 Nov 2027 09:46:08 GMT

GET
H/1.1

204
No Content

clear.png Show response
h.online-metrix.net/fp/ Frame EF8B
Redirect Chain

https://h.online-metrix.net/fp/clear.png?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&gttl=155520000
https://h.online-metrix.net/fp/clear.png?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&k=2

0
387 B

22ms
22ms

Script
text/javascript

91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/clear.png?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&k=2

Protocol

HTTP/1.1

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Nov 2022 09:46:09 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Sun, 13 Nov 2022 09:46:08 GMT
Strict-Transport-Security: max-age=31536000
Server: Apache
P3P: CP=IVAa PSAa
Location: https://h.online-metrix.net/fp/clear.png?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&k=2
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 0

GET
H/1.1 200
OK ls_fp.html;CIS3SID=936AB9E6402B47F6F9C8A283012B0B56 Show response
cfa.fidelity.com/fp/ Frame DF8E 90 KB
14 KB 25ms
25ms Document
text/html 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/ls_fp.html;CIS3SID=936AB9E6402B47F6F9C8A283012B0B56?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

dc67469f764740248afbb4352bd76c513c6c5799c219fe4ca0f1c9d306a91e05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fadeliry.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Sun, 13 Nov 2022 09:46:08 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=99
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H/1.1 204
No Content clear.png Show response
cfa.fidelity.com/fp/ Frame EF8B 0
387 B 22ms
21ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/clear.png?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&jb=3336266c73633d3434336337373661666a30333437606b383633646e333b313a37393733346030

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Nov 2022 09:46:08 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sid_fp.html;CIS3SID=936AB9E6402B47F6F9C8A283012B0B56 Show response
h.online-metrix.net/fp/ Frame 39E4 104 KB
15 KB 83ms
25ms Document
text/html 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=936AB9E6402B47F6F9C8A283012B0B56?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

f9d0a29020e337a1751b317be738734ed9ac6132c10492d16a774ab57247e6ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fadeliry.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Sun, 13 Nov 2022 09:46:08 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H/1.1 204
No Content clear.png Show response
cfa.fidelity.com/fp/ Frame EF8B 0
387 B 22ms
22ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/clear.png?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&jd=353526266a646e3d33246864683f3b393e31353164606e393531376d31343760613735346260333962613630633a246a6e746c3d323830363831

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Nov 2022 09:46:09 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK top_fp.html;CIS3SID=936AB9E6402B47F6F9C8A283012B0B56 Show response
cfa.fidelity.com/fp/ Frame D4EA 90 KB
14 KB 25ms
25ms Document
text/html 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/top_fp.html;CIS3SID=936AB9E6402B47F6F9C8A283012B0B56?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

c7630c8e5671cf2acbb8c0ec86338d1e4ee16db8d592090a112a1a3c496add08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fadeliry.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Sun, 13 Nov 2022 09:46:09 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=97
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H/1.1 204
204 clear.png Show response
cfa.fidelity.com/fp/ Frame EF8B 0
218 B 23ms
23ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/clear.png?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&ja=313739362624633d3024783f3024643d393632307a333a303224616e3f3336323078313230322673787b3f327832246478723f312e333e30322e313a32322c333630302c313030302c333432302e333238302e313432382c333030382e322c32266d743d613a383261606166633535646c6666663b6769383633313c3532366039613761266f6e3d34247161643f30342e6c6a3d6a767c70712733492730462732467777772c666164676e6b727b2c707a6f273244246c723f6a747c72712531412532462530467777752c646166676c61727b2e72706725304426786e3f332470683d3738643238616334606364606539313162353130376367306c3160646032643426686a3d36323a3730383263636e64346366333c63643a62383334663162363761666161266a716d3f576b6c6467777125303239302468736a3f4168706f6d652532323130372468716f773f57616e666f75712e6a71607535416a726d6d65266e68613d34266c666f3d3a246e6574723d32247c7a663f457c61273244556e6b6e6f756e266d63766a723f36303833663161306a656132326d34616337363030383263643135373632316466343d383a3136336c366763613a3666633b34616662643532333131333b3663247035706e75656b665f646e617b6a27354766616c736523706c75656b6c5f756b6e6c6f75735d6f6d646b635f786e6379677225354566636c736523726e75656b6e5761666f6067576161706f6a637625374566616c736721706c77656b6e5d7375616369746b6f6d25374766696e716523706c7567696c5f73686d6169776374652d354766636e7b6523726c7d656b6e5d7265616c706e6179657027374564636c7b6523706e776f696c5d7664615d706e6179657225374566616e716721726e756f696c5f66677e616e74722d374766636c736521706e7567696c5d7176655d766165756570273d4564636c7b6723706e7567696e5f6861766127374766636e736d26656c5d61357767606764556762454c253230312c302532322a4d70676c474425303047512d3232302e382730304168726f6d69776d29576760454c2730304f4c514c2730384551273238332c30273230284f70676e474c2730324551273238474e534e273a304751253a32332e322532304368706f6d69776f2b5767604b61745565604961742730305f6760474e414e474c455d696e7376636c6367665f697270617b712d3340273238475a545d626c656e645d6d696e6f637a253140253a304758565d6b6f6e6d72576077666465725f68616e665f666e6d63742731422d3232455a5657666e6d617c5d606c676e64253342273230455a565d6670636757646770766a2d3340273238475a545d7368616465705f74657a767772675d6c6764273340273a30475a5457766778767572655f636d6d7072677171696d6c5f6a70766327314a2530324550565d746778747572655d636f6d72706773716b6f665f706776612d3340273238475a545d746578747570655f666b6e7665705d616669716f767067706b61253b402732324558545f735047422531402732324d455b5f676c676f6d6e765d69666667785d75696e742531422532324d47535d6462675f70656c666d725d6f69786f63702733422532304d45535f7176636e6663726c5f6665706b7e61766b766d712733402532304f45515f74657a767772675d66646f637427314a2530324f4d515d746778747572655d666c6f63765d6c6b6c656972273340273a304d475357766778767572655f68636c665f646e6d617627334a2530304d475b5f7667787c7770655d68616c665f646c6f61765d6e696c67617a2531422730384f47515f7e67707467785f61727263795f6f606867637627334a25303055474a474e5d63676e6d725d6275666665705f666c6d6376253140253a3055454045445f616d6d787067737165645f74657a747572675d63737661253b42273232554d42454e5f6b6d6f707065737365645d746578767770655d67746b25314227303857474047445d616f6f707265737367645f74677a767570675f6d74613127314a253032574d40454c5d636f6d707267737365665d76657a76757a655d7331766b253140253a32554540474c5f636f6f707265717167645d766570747772675d7b3376615f7b706562273342253230554542474e5d66656077675772676e66677a65705d6966646d253142253230574742474c5d666770766a5f7c657a7477706d253140253a32554540474c5f647263775f62776464657071253b42273232554d42454e5f646d71655d636f6e74657a742533402730305547424f4c5d6d776e7c695d66726975333624676c5f683d31666635666464343536306c64613432356d3630606538673534663235353436333034643630373924756764763f496c766d6c273030416c612e2477676c723d4b6e74656e2730304b70697b2530304d726d6e454e253a32476e65696e65266361643d32&jb=313535266c733d4d6f786b6e6c6327324e352c3027303828556b6e6c6d75732732304e5425303031302c32273340273238576b6e34362d33402732387a34342b2532304170726c6557676049697627324e3531372c313e25303228434a564d4e2532432532326c696b67273030456763636f2b2530324b68706d6d6d2730463330372e302e373330342c3333302730305b616461706b2d324437333f2c3136

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Sun, 13 Nov 2022 09:46:09 GMT
Strict-Transport-Security: max-age=31536000
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK clear.png
5h8i3ud8x7awtta6xkedajahyjeih4covmvv62r64ce9fcc6358593f3am1.e.aa.online-metrix.net/fp/ Frame EF8B 81 B
438 B 211ms
22ms Image
image/png 91.235.134.131
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://5h8i3ud8x7awtta6xkedajahyjeih4covmvv62r64ce9fcc6358593f3am1.e.aa.online-metrix.net/fp/clear.png?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&di=yes

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.131 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Nov 2022 09:46:09 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
BLOB 200
OK 672a8f0e-bfcf-495c-9bd8-f2225f9511b9
https://www.fadeliry.pro/ Frame EF8B 0
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/672a8f0e-bfcf-495c-9bd8-f2225f9511b9
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 0
Content-Type: application/javascript

GET
BLOB 200
OK 339813fb-4dcb-48b9-a2ed-de635ed24321
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/339813fb-4dcb-48b9-a2ed-de635ed24321
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK 216df142-6976-4a89-949e-99b1c54d4509
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/216df142-6976-4a89-949e-99b1c54d4509
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK 55e52ab6-5628-40ac-828c-323f598a0fd4
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/55e52ab6-5628-40ac-828c-323f598a0fd4
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK 4ed18dea-a6a2-4bad-a019-12c6ae6521bc
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/4ed18dea-a6a2-4bad-a019-12c6ae6521bc
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK 39c6d1b0-58f2-4323-8001-0e019f8d23c9
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/39c6d1b0-58f2-4323-8001-0e019f8d23c9
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK ee271019-9b2e-4c8c-803c-372cbb918bfa
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/ee271019-9b2e-4c8c-803c-372cbb918bfa
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK d4a91a4f-a77f-4b74-85e0-9fd06b27d831
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/d4a91a4f-a77f-4b74-85e0-9fd06b27d831
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK 68dea5a8-fa06-4639-9752-4c903de75420
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/68dea5a8-fa06-4639-9752-4c903de75420
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK 7be16d20-b564-44e7-bc90-7fb9ab40ace4
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/7be16d20-b564-44e7-bc90-7fb9ab40ace4
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK 0f8c4c2f-5839-4fe8-b14b-6f5b608d3cd8
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/0f8c4c2f-5839-4fe8-b14b-6f5b608d3cd8
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK 849ec3e7-b790-4288-b775-410c627b6936
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/849ec3e7-b790-4288-b775-410c627b6936
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK e6c44cc9-da8f-49c6-9bf3-8cbd39c6c531
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/e6c44cc9-da8f-49c6-9bf3-8cbd39c6c531
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK ad9ee12f-664f-4a69-afb4-f6d5f60c86b5
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/ad9ee12f-664f-4a69-afb4-f6d5f60c86b5
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK 72d2e0ee-46ba-4f28-8995-337412b498c9
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/72d2e0ee-46ba-4f28-8995-337412b498c9
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK a2254e76-36f3-43bf-b707-6b83f04240ef
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/a2254e76-36f3-43bf-b707-6b83f04240ef
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK 139db1ea-df65-4880-ae9c-30435700c70b
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/139db1ea-df65-4880-ae9c-30435700c70b
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK 192ff551-e0f5-4988-8dc0-1575777ea4dd
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/192ff551-e0f5-4988-8dc0-1575777ea4dd
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK 8ce5126f-33f7-41ca-93c5-109643dc9a6c
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/8ce5126f-33f7-41ca-93c5-109643dc9a6c
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK e107935c-5ff3-4cb2-967b-b36cce1f9e5b
https://www.fadeliry.pro/ Frame EF8B 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/e107935c-5ff3-4cb2-967b-b36cce1f9e5b
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1720
Content-Type: application/javascript

GET
BLOB 200
OK 347ec182-1b09-4307-b803-a26348c933dd
https://www.fadeliry.pro/ Frame EF8B 1 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.fadeliry.pro/347ec182-1b09-4307-b803-a26348c933dd
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f1bb3c416bfa02d4195f58d02e84e137811c28280d3d73d7d5d29bfb161fa572

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Length: 1357
Content-Type: application/javascript

GET
H2 200 adsct
analytics.twitter.com/i/ Frame A2D3 43 B
394 B 292ms
127ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?p_user_id=77224329503074743510773209141841049493&p_id=38594

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fidelity.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-response-time: 111
date: Sun, 13 Nov 2022 09:46:08 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 5e16c031a3da1582
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: a8e4e030058082ac17356d3a67839d21a71475927d4129c40e6402320023bd40
content-length: 43

POST
H3 201 PWkATmYB Show response
www.fadeliry.pro/oIMv7K/FjrZ6/PB88e/rQ/m5OEJ0DhYb/L0MmXABYBA/aCZh/ 18 B
1 KB 442ms
442ms XHR
application/json 2606:4700:3035::6815:5f95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fadeliry.pro/oIMv7K/FjrZ6/PB88e/rQ/m5OEJ0DhYb/L0MmXABYBA/aCZh/PWkATmYB
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:5f95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6

Request headers

Referer: https://www.fadeliry.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 13 Nov 2022 09:46:09 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: https://www.fadeliry.pro
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UihvhELJYmLOclN5kJY2D06JP1wNgJje9HRUUMv3Nbptxbtk1%2BLOGYHufaVU7UOcfejN%2BIi5AOTbPY1PxmPove8HilECouHXXniDg6xX0%2BgtPS67iLG2rXCp1O0GpjgK7huoRdlzNG5vJCfi0%2FqB"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true, true
x_req_id: b72bdf94-4de5-48d6-8a8f-21aa8ca62383
cf-ray: 7696941edf0a5c80-FRA
access-control-allow-headers: Content-Type
content-length: 18
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK check.js Show response
cfa.fidelity.com/fp/ Frame 8DF0 209 KB
29 KB 29ms
28ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/check.js?&pageid=99998&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&org_id=5h8i3ud8&nonce=4ce9fcc6358593f3

Requested by

Host: cfa.fidelity.com
URL: https://cfa.fidelity.com/fp/HP?session_id=e0e04bd0acfce6cd9a2abf853fe827ef&org_id=5h8i3ud8&nonce=4ce9fcc6358593f3&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

5fe7e6539ff5f1743439d2a6036982aaaa431e7b919b22874fb546c083fff9f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cfa.fidelity.com/fp/HP?session_id=e0e04bd0acfce6cd9a2abf853fe827ef&org_id=5h8i3ud8&nonce=4ce9fcc6358593f3&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Nov 2022 09:46:09 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
tmx-nonce: 4ce9fcc6358593f3
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=96
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
cfa.fidelity.com/fp/ Frame DF8E 0
387 B 22ms
22ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/clear.png?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&jf=3336266c73603d6231603b3b383063633a62313460323a386764613e6635323461646666306363

Requested by

Host: cfa.fidelity.com
URL: https://cfa.fidelity.com/fp/ls_fp.html;CIS3SID=936AB9E6402B47F6F9C8A283012B0B56?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cfa.fidelity.com/fp/ls_fp.html;CIS3SID=936AB9E6402B47F6F9C8A283012B0B56?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Nov 2022 09:46:09 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=95
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 120 KB
8 KB 245ms
245ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_cvGJH8lmjxbKyln&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff02be69d7fe3d2e304f1d7f1e896093141acc5dc382e8b664c062376f51106d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fadeliry.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.fadeliry.pro
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
trace-id: ae150f996f924b83
cf-ray: 7696941f8eb1bbf2-FRA
timing-allow-origin: *

GET
H2 200 /
www.google.com/pagead/1p-user-list/1053708818/ 42 B
548 B 78ms
30ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1053708818/?random=1668332768803&cv=11&fst=1668330000000&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.fadeliry.pro%2F&tiba=Fidelity%20International%20Usage%20Agreement&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=755366451&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Nov 2022 09:46:09 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1053708818/ 42 B
548 B 79ms
31ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1053708818/?random=1668332768803&cv=11&fst=1668330000000&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.fadeliry.pro%2F&tiba=Fidelity%20International%20Usage%20Agreement&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=755366451&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Nov 2022 09:46:09 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 56ms
17ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 13 Nov 2022 09:24:49 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 1280
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Sun, 13 Nov 2022 11:24:49 GMT

GET
H/1.1

200
OK

ibs:dpid=1957&dpuuid=1F6DBE91190A651A18BCACCA18616435
dpm.demdex.net/ Frame A2D3
Redirect Chain

https://c.bing.com/c.gif?uid=77224329503074743510773209141841049493&Red3=MSAdobe_pd&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=1957&dpuuid=1F6DBE91190A651A18BCACCA18616435

42 B
942 B

145ms
124ms

Image
image/gif

52.214.5.219
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=1957&dpuuid=1F6DBE91190A651A18BCACCA18616435

Protocol

HTTP/1.1

Server

52.214.5.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-214-5-219.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fidelity.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0f7e0a58c.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: Of1Jye14Qt8=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Sun, 13 Nov 2022 09:46:09 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F1B17023E27D4C74AE560BB69C3346FB Ref B: FRAEDGE1517 Ref C: 2022-11-13T09:46:09Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://dpm.demdex.net/ibs:dpid=1957&dpuuid=1F6DBE91190A651A18BCACCA18616435
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H/1.1 204
204 clear1.png;CIS3SID=936AB9E6402B47F6F9C8A283012B0B56
cfa.fidelity.com/fp/ Frame EF8B 0
400 B 25ms
25ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfa.fidelity.com/fp/clear1.png;CIS3SID=936AB9E6402B47F6F9C8A283012B0B56?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&jf=34313426736b645f726c663f7466705f506650566d3a4f646d41655c616c5249267369645f666174653f3334363a31333a373439247161645d767978673f7767623a656364716126736b665d6b677b3d3b303739313239333234303f30633834343863653366303230333234303a30613036363861673b643231303932353031343230303036376566636367376067363c32306534356b386735343f63673932636539316137386234343a67613466363b62306233633936663162316333313b363361303261306433643b37613b30363c33313630613a66313432303064353262666530353a313037636633653760656a63356261356b653032336e31363563323661316333267369665d7169653f3338343630303038356461313037306566353937366431613366663737633b30343a313232613b31356760613a373533633333623865673436353b6037383b35356e633a37326631303030303c3460323a386437363763366563636635613b3b36306537353a3331653a606331643a3330626461333035356135673667363360393c34646633326a376164652e716b66703d30

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Nov 2022 09:46:09 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=94
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 clear1.png;CIS3SID=6DDAC40D6B6D2411DA201BDD5BFBF4F9
h.online-metrix.net/fp/ Frame 39E4 0
400 B 33ms
31ms Image
image/png 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/fp/clear1.png;CIS3SID=6DDAC40D6B6D2411DA201BDD5BFBF4F9?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&jf=34313626736b645f726c663f7466705f3f635248517763544f75734f32604474267369645f666174653f3334363a31333a373439247161645d767978673f7767623a656364716126736b665d6b677b3d3b303739313239333234303f30633834343863653366303230333234303a30613036363861673b643231303932353031343230303036393566313435303a30626934336366323c616364343163316636303132656166336136313236346467626e61673733673f353237633d606366313863313263676661333136376637633169306638606330633264386c373a6332346664646461363130306766623230353b663131333738323130396b63303261643265643264267369665d7169653f3338343730303038353035346d3731353a666236323530396339363b67653a34646e633631333a39653233363c606438356539633933666631363a6763326632336e36343731633830303031383267333733343534323061383334326330673b313d323332303330353b303969353b353a65623535313137366334673a623531383e36673237356a353a67393a3324736b66723d31

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=936AB9E6402B47F6F9C8A283012B0B56?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Nov 2022 09:46:09 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 55ms
22ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&aip=1&a=1653847039&t=pageview&_s=1&dl=https%3A%2F%2Fwww.fadeliry.pro%2F&dp=%2F&ul=en-us&de=windows-1252&dt=International%20Usage%20Agreement&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACACI~&jid=729684582&gjid=306052279&cid=1878180480.1668332769&tid=UA-84221228-1&_gid=1922922188.1668332769&_r=1&gtm=2oub90&cd1=Fid.com%20web&cd2=%2FInternational&cd4=Customer%20Service&cd8=&cd11=S3-false&cd68=0&z=1433202683

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fadeliry.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 13 Nov 2022 09:46:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.fadeliry.pro
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=782&dpuuid=Y3C83wAAAD3sxwOV
dpm.demdex.net/ Frame A2D3
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D
https://dpm.demdex.net/ibs:dpid=782&dpuuid=Y3C83wAAAD3sxwOV

42 B
942 B

214ms
139ms

Image
image/gif

52.214.5.219
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=782&dpuuid=Y3C83wAAAD3sxwOV

Protocol

HTTP/1.1

Server

52.214.5.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-214-5-219.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fidelity.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0f822ad5b.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: nEZDxL0GSLA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

x-served-by: cache-hhn4073-HHN
pragma: no-cache
date: Sun, 13 Nov 2022 09:46:09 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1668332769.389739,VS0,VE0
x-cache: HIT
location: https://dpm.demdex.net/ibs:dpid=782&dpuuid=Y3C83wAAAD3sxwOV
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
443 B 88ms
31ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-84221228-1&cid=1878180480.1668332769&jid=729684582&gjid=306052279&_gid=1922922188.1668332769&_u=YEBAAUAAAAAAACACI~&z=1164028920

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fadeliry.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 13 Nov 2022 09:46:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.fadeliry.pro
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
rtd-tm.everesttech.net/migrate_et3/ Frame A2D3
Redirect Chain

https://rtd.tubemogul.com/migrate_et3/
https://rtd-tm.everesttech.net/migrate_et3/

0
220 B

156ms
107ms

Image
text/plain

151.101.2.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtd-tm.everesttech.net/migrate_et3/
Protocol: H2
Server: 151.101.2.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fidelity.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-served-by: cache-hhn4073-HHN
pragma: no-cache
date: Sun, 13 Nov 2022 09:46:09 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1668332770.558662,VS0,VE90
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

Redirect headers

x-served-by: cache-hhn4077-HHN
pragma: no-cache
date: Sun, 13 Nov 2022 09:46:09 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1668332769.490956,VS0,VE0
x-cache: HIT
location: https://rtd-tm.everesttech.net/migrate_et3/
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1 200
OK ARF;CIS3SID=87C846774CDDB418DA51D8521EDB2E60 Show response
cfa.fidelity.com/fp/ Frame 8DF0 35 B
557 B 27ms
26ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/ARF;CIS3SID=87C846774CDDB418DA51D8521EDB2E60?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&pageid=99998&sera_parametere=UhNYW1QAAg8GUAFXAFJXUQFQUFsFAlAHC1YPAggFAlIGWlMIAAcFDwtUXRNKQFtaWhMQTRVGUHIWAnoQDndDAQQJFlwKBg5TXUFLEAp3QwR2U0AOIkZRBltaS0FKFlV3EVQnHFEnRVJaCFkHW1ECB1YFUwxSAgIPAFFbVFoCUFcGUFBcUVJbD1YACANYV1AFAAVDVwkNAFMOAVtQAFUFUAJQUAFTWlBQABNSRgQDHgcGVVddUQIAVwEFCVYPUQQDVgdUDQdVVFJXVl5UCQEDVQNaVg4FVQEQUlwFBAkAUgASCgwES1JFRloIAQwACl4VXAhYHwReIF5BWlVQH1EQDgVTUh8EDBALZFxWUVZEFRVXAVhNAhk8VVJZVFdYUA0VURdYD1Y%3D&count=0&max=0

Requested by

Host: cfa.fidelity.com
URL: https://cfa.fidelity.com/fp/check.js?&pageid=99998&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&org_id=5h8i3ud8&nonce=4ce9fcc6358593f3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

34af42731cb2370ecef58756d13601e471cba541918aedfee81c5131c15e3afa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cfa.fidelity.com/fp/HP?session_id=e0e04bd0acfce6cd9a2abf853fe827ef&org_id=5h8i3ud8&nonce=4ce9fcc6358593f3&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Nov 2022 09:46:09 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=93
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 CoreModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 102 KB
32 KB 70ms
70ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=fmrpi

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20ee45b17985faa6172dc3930d47bb56303e3e9f4452e72e2c0feb9d562a081d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 460834
cf-polished: origSize=105331
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
cf-bgj: minify
server: cloudflare
etag: W/"19b73-1845383cf10"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 769694216b8fbbf2-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 82ms
43ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-84221228-1&cid=1878180480.1668332769&jid=729684582&_u=YEBAAUAAAAAAACACI~&z=800634353

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Nov 2022 09:46:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 81ms
42ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-84221228-1&cid=1878180480.1668332769&jid=729684582&_u=YEBAAUAAAAAAACACI~&z=800634353

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Nov 2022 09:46:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A2D3
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTNDODN3QUFBRDNzeHdPVg==

170 B
188 B

29ms
28ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTNDODN3QUFBRDNzeHdPVg==

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fidelity.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Nov 2022 09:46:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-hhn4073-HHN
pragma: no-cache
date: Sun, 13 Nov 2022 09:46:09 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1668332770.534349,VS0,VE0
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTNDODN3QUFBRDNzeHdPVg==
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1 204
No Content clear.png Show response
cfa.fidelity.com/fp/ Frame EF8B 0
387 B 24ms
23ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/clear.png?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&jac=1&je=3138342626726d3d6e6d2460617671743525354227303a6c67746564273032273341312e3032253243273030737663747d73273230273b412730326b6a637265696e67253230253744246377646a3f636937603967346d363a33636b6361366432613763313b323933343136366037633b31353934603c643a66643c3a34303233386665346430336661663a34373b266d78313d603539303660313a3b31383b643437363331636334373433383467333a66676334606e393633376d

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Nov 2022 09:46:09 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=92
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 4.a5c0de52a5fc4b1cbc4b.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 2 KB
915 B 43ms
43ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/4.a5c0de52a5fc4b1cbc4b.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=fmrpi

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

656b507a55c361579615069ae025d160099bac360642eaba44bd2331f7fad4c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 460834
cf-polished: origSize=2539
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
cf-bgj: minify
server: cloudflare
etag: W/"9eb-1845383cf10"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 769694222dcbbbf2-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 1.8ce69394dfc154e65174.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 28 KB
7 KB 50ms
50ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/1.8ce69394dfc154e65174.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=fmrpi

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90ca1ec69de35eb28fcd7f3dfe0215a56127cacf6b15b24780bb8b2478578d33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 460834
cf-polished: origSize=29568
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
cf-bgj: minify
server: cloudflare
etag: W/"7380-1845383cf10"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 769694222dcebbf2-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 FeedbackLinkModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 3 KB
1 KB 43ms
43ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/FeedbackLinkModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=fmrpi

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90c8c49df9363f906709ff1407e338b965b70a1eed9f3e573a4306fd267f1c0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 458975
cf-polished: origSize=3552
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
cf-bgj: minify
server: cloudflare
etag: W/"de0-1845383cf10"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 769694222dd1bbf2-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 PopUpModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 4 KB
2 KB 57ms
57ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/PopUpModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=fmrpi

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ff88b1e9e5b074a18cb830a6eee6e1713df09d4f3e8b8514cbd2a9f42925578

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 451369
cf-polished: origSize=4746
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
cf-bgj: minify
server: cloudflare
etag: W/"128a-1845383cf10"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 769694222dd5bbf2-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 EmbeddedTargetModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 7 KB
3 KB 58ms
58ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/EmbeddedTargetModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=fmrpi

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a68d55d5edf25c0baea3cd150e155c1c64eadbdc52a44ec5f239b8f27e250c8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 460731
cf-polished: origSize=8462
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
cf-bgj: minify
server: cloudflare
etag: W/"210e-1845383cf10"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 769694222dd7bbf2-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 PopOverModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 9 KB
3 KB 47ms
47ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/PopOverModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=fmrpi

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d67fb1e900ac570b160aaf2200d35ab1d41f00d0979ade72034289e9d3ab262

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 460781
cf-polished: origSize=10440
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
cf-bgj: minify
server: cloudflare
etag: W/"28c8-1845383cf10"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 769694222ddabbf2-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 5 KB
2 KB 124ms
86ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0AsPpi6JZXIjgMZ&Version=65&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

600d7ca8124e15df776c701868b82a0282b14f3ca64ffac4152b8c419f203b1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 769694226856910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 328 B
302 B 102ms
64ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_0ia68TaWR1dbtn7&Version=4&Q_InterceptID=SI_0AsPpi6JZXIjgMZ&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1953b94ba034ab9ad857a51e0b28bb70b57a73a7fe51753d05df1cbdf0fb775b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 769694226858910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 143ms
105ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_9Abf3gre87Bgb4i&Version=4&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

61a7adddba7d096b4fa5ea4ef4e774c372f4169f870b0533e3cc4b708d43ba95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288a5910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 289 B
271 B 144ms
106ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_eFBXElNuwIHb8W2&Version=1&Q_InterceptID=SI_9Abf3gre87Bgb4i&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b42c3e71681366cd6ec743a3bcc6d8f739f09415dc72875e539d98ff05cb35c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288a6910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 6 KB
1 KB 138ms
101ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_38gbTVRzn9rMkaq&Version=3&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

01b456b63ccf637be190ab22598ded353dfe8a2f49d4b589450d5f4e44d53c85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288a8910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 289 B
269 B 157ms
120ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_eFBXElNuwIHb8W2&Version=1&Q_InterceptID=SI_38gbTVRzn9rMkaq&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b42c3e71681366cd6ec743a3bcc6d8f739f09415dc72875e539d98ff05cb35c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288a9910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 5 KB
2 KB 117ms
80ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_bmvqwK4G0RfqFHn&Version=6&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a169cc782012d9a5ece8cf798f618fdb59bcbd85da9576b80fd419399c1c225

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288ab910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 290 B
269 B 137ms
100ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_er32JI1gjlcuQRf&Version=3&Q_InterceptID=SI_bmvqwK4G0RfqFHn&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288ad910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 5 KB
2 KB 124ms
88ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_6tg8PWOi1frIFut&Version=3&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

053f6f7de2dc83b0efa801d03de4f0f1b15cc6c43146f2f97484ee7384e05f21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288b2910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 290 B
271 B 106ms
70ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_er32JI1gjlcuQRf&Version=3&Q_InterceptID=SI_6tg8PWOi1frIFut&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288b1910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 5 KB
2 KB 140ms
104ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_aWusZd3gjeTf5gq&Version=4&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d62ca817b668e2e7fe40448059352566ecf10985548312f7a24a9c8b83fa3813

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288b3910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 289 B
269 B 150ms
114ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_eFBXElNuwIHb8W2&Version=1&Q_InterceptID=SI_aWusZd3gjeTf5gq&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b42c3e71681366cd6ec743a3bcc6d8f739f09415dc72875e539d98ff05cb35c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 76969422685a910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 5 KB
2 KB 149ms
114ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_aYqf0yaiHxFK3tQ&Version=4&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84694d83725e88328f1e12e509d9fd4244bbf60162859af52dee3e89917a5dd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288b5910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 289 B
271 B 116ms
80ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_eFBXElNuwIHb8W2&Version=1&Q_InterceptID=SI_aYqf0yaiHxFK3tQ&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b42c3e71681366cd6ec743a3bcc6d8f739f09415dc72875e539d98ff05cb35c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288b8910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 5 KB
2 KB 138ms
102ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_8lgMP25Ikgjv0we&Version=4&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc8721a1adc4924783894d6a7ffc53ec2b6a9f1d434f6105fe0bfe632de8eb2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288ba910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 289 B
269 B 134ms
99ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_eFBXElNuwIHb8W2&Version=1&Q_InterceptID=SI_8lgMP25Ikgjv0we&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b42c3e71681366cd6ec743a3bcc6d8f739f09415dc72875e539d98ff05cb35c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288be910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 156ms
121ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_dgsx9hrWB3K6913&Version=2&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b376e7247f7b6432d3bd4f87c3598250819e31dfac7b17fa11f14ad568c35be1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288c1910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 298 B
277 B 140ms
105ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_bOXDLte5ExB3fcV&Version=1&Q_InterceptID=SI_dgsx9hrWB3K6913&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d17ea77190820fb8045de841be49d7ca27100343608eddfc073513d676d932b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288c0910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 155ms
121ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_6JrOieTJRaQjNt3&Version=2&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80215e4d119951a2bdbb49d39524be4f7c8af7daeb0cd692ab70a90c9691889a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288c2910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 295 B
274 B 159ms
125ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_9tyxYsdHImRttqd&Version=1&Q_InterceptID=SI_6JrOieTJRaQjNt3&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33f544d59c46dc9e521b38e634b51cbdfc4c010e92aa2bb00a75b31681859873

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288c4910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 150ms
116ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_aavOQmPi2QSZKE5&Version=3&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c057703e7565118ba2084013ce7b26196eb48eb1103925bc9f703b2b251fbbb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288c5910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 304 B
280 B 139ms
106ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_9zBaZSEe4Cd5tiJ&Version=1&Q_InterceptID=SI_aavOQmPi2QSZKE5&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a8c79033d6f51d9221602443e34d42e174fd3d9fedd49be51747a5217ac01d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288c7910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 153ms
119ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_9slyRRmuwUZ9tfT&Version=2&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb55d122ba0e3370c1d5c52c60f16db655f997c045402c2e52187615ce580477

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288c6910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 290 B
269 B 141ms
108ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_er32JI1gjlcuQRf&Version=3&Q_InterceptID=SI_9slyRRmuwUZ9tfT&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288c9910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
919 B 152ms
119ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_9NSjltynMtHhMFf&Version=1&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6b4a6124675203780f1883d16d012e98448f6dceec35da99e980c073fcf1e71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288cf910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
990 B 136ms
103ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_cRTya5i3wiaWo4Z&Version=6&Q_InterceptID=SI_9NSjltynMtHhMFf&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

916f83f2e81b458e401fc26b0733372778fa05289ef0aec0cafab025ab47b23f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288d3910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 140ms
108ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_6KILeGGAuPslJ7n&Version=2&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e07bd958925ada74f41859021ac752ddc2c7da287a426e8e5ebf8ae3d3073abe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288d0910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 290 B
280 B 132ms
99ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_er32JI1gjlcuQRf&Version=3&Q_InterceptID=SI_6KILeGGAuPslJ7n&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288d5910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 136ms
103ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_20upoDg7GIYGuyh&Version=3&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

459da4c8a9f2a70da8e894d10a363dea41b4d4cdb435af95186da4031da26464

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 76969422685d910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 290 B
711 B 80ms
48ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_er32JI1gjlcuQRf&Version=3&Q_InterceptID=SI_20upoDg7GIYGuyh&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 769694226866910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 149ms
118ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_aYq2S2L9WYVHefz&Version=2&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06938dd593b945d6da6fe382a54eb2f8798be00d2f67281c8c16529a35bf9193

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 769694226862910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 290 B
271 B 102ms
71ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_er32JI1gjlcuQRf&Version=3&Q_InterceptID=SI_aYq2S2L9WYVHefz&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 769694226868910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 133ms
102ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_9YUbswnCF6g4k05&Version=2&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2451f78cdf73cb2817ec2a124bc1a77b9c7100f5c30bdb521b824a83677c83a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 76969422686d910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 290 B
269 B 118ms
87ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_er32JI1gjlcuQRf&Version=3&Q_InterceptID=SI_9YUbswnCF6g4k05&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 76969422888a910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 95ms
64ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0qryPRAlBXczdTD&Version=6&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b2502073850d32d0771c4f2c5c405d7855e61fad3719bd4efc12687523e3402

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 76969422888e910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 290 B
269 B 94ms
63ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_er32JI1gjlcuQRf&Version=3&Q_InterceptID=SI_0qryPRAlBXczdTD&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 76969422888b910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 148ms
117ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0vaYdwthIHVvh6R&Version=11&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ef8b37a63474996a7a2a5f1b20464bdcfda70740b292737fd1369a4c814b155

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 769694228890910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
990 B 148ms
118ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_cRTya5i3wiaWo4Z&Version=6&Q_InterceptID=SI_0vaYdwthIHVvh6R&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

916f83f2e81b458e401fc26b0733372778fa05289ef0aec0cafab025ab47b23f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 769694228893910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 137ms
107ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_5ndFaivuSQRQAmh&Version=6&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8596f3beb992852b9e2f1bf8bb2460a8b416637203316575786f7efbf9894829

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 769694228891910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 290 B
269 B 99ms
69ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_er32JI1gjlcuQRf&Version=3&Q_InterceptID=SI_5ndFaivuSQRQAmh&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 769694228896910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 134ms
104ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_2oDT1dKLOgeFIGN&Version=2&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0efcff5e42f48dc59be55debd3f3debb3258a7c37b7d71bb22adb50ab10b450

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288bd910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
990 B 136ms
107ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_cRTya5i3wiaWo4Z&Version=6&Q_InterceptID=SI_2oDT1dKLOgeFIGN&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

916f83f2e81b458e401fc26b0733372778fa05289ef0aec0cafab025ab47b23f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 769694228899910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 154ms
125ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_bw1hblXpnxk5GYZ&Version=9&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e72d30c589782e1029538ee2906d6c5f28f30f877e49e617002a16a434a7d6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 76969422889a910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
990 B 144ms
115ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_cRTya5i3wiaWo4Z&Version=6&Q_InterceptID=SI_bw1hblXpnxk5GYZ&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

916f83f2e81b458e401fc26b0733372778fa05289ef0aec0cafab025ab47b23f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 76969422889d910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 146ms
117ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_eUPgeLMEq5Uop2B&Version=7&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fac61e050d5eb05f5b913840d0d65423757b34191c2dd41f434f4256dc54aa86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 76969422889b910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
990 B 144ms
116ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_cRTya5i3wiaWo4Z&Version=6&Q_InterceptID=SI_eUPgeLMEq5Uop2B&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

916f83f2e81b458e401fc26b0733372778fa05289ef0aec0cafab025ab47b23f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 76969422889e910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 147ms
119ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_bgaRAZcFBOJ6zwV&Version=9&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75130c88fd45f06e63bc933339fde630f4d3aa270150e5f07ebc0934f1c98295

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288a0910a-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
992 B 129ms
101ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_cRTya5i3wiaWo4Z&Version=6&Q_InterceptID=SI_bgaRAZcFBOJ6zwV&Q_ORIGIN=https://www.fadeliry.pro&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

916f83f2e81b458e401fc26b0733372778fa05289ef0aec0cafab025ab47b23f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires: Wed, 10 Nov 2032 09:45:11 GMT
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 58
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Nov 2022 09:45:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7696942288a1910a-FRA
servershortname

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame A2D3
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y3C83wAAAD3sxwOV&expires=90

0
239 B

113ms
31ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y3C83wAAAD3sxwOV&expires=90
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fidelity.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

x-served-by: cache-hhn4073-HHN
pragma: no-cache
date: Sun, 13 Nov 2022 09:46:09 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1668332770.648825,VS0,VE0
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y3C83wAAAD3sxwOV&expires=90
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 204 r.rnc
dmt.fidelity.com/privacy/v1/b/ 0
1 KB 127ms
126ms Image
text/plain 23.11.206.9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmt.fidelity.com/privacy/v1/b/r.rnc?n=1&c=65&i=8t9bbs&p=prod&s=12734&d=8BV7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNTcUAPAcY2xpZW50SWQiOjY1LCJwdWJsaXNoUGF0aCI6InByb2QiLCJpbnN0YW5jZSUA8lgiOHQ5YmJzIiwicGFja2V0IjoxLCJtb2RlIjoib2JzZXJ2ZSIsImNvb2tpZXMiOnt9LCJlbnZpcm9ubWVudCI6IkFsbG93ZWQgRG9tYWluIiwicmVxdWVzdHMiOlt7ImRlc3RpbmF0uADxOmh0dHBzOi8vZHBtLmRlbWRleC5uZXQvaWQ_ZF92aXNpZF92ZXI9My4xLjImZF9maWVsZGdyb3VwPU1DJmRfcnRiZD1qc29uJmQoAAAkAPA6b3JnaWQ9RURDRjAxQUM1MTJEMkI3NzBBNDkwRDRDJTQwQWRvYmVPcmcmZF9uc2lkPTAmdHM9MTY2ODMzMjc2NzIxOSIsInR5cPAAoHhociIsInN0YXIHAQgkAAD1ADlkIjo4AHAsInNvdXJjOQCyWEhSX01BTkFHRVJBAIF0dXMiOiJhbBsBARQBQGFzb24TAdRdLCJkYXRhUGF0dGVyEgCybGlzdCI6W10sImlmAM83Nzk4OTI4NTIxfSxFAbQuMjBFAQAUAA9FAVAfMkUBA_EhOi8vcGVyc29uYWwuZmFkZWxpcnkucHJvL2luY2x1ZGUvZm9vdGVyL2ltYWdlcy9GDgCWX0xvZ28ucG5nNwIgaW0NAA43Ai40NPIAJzU5NwIxbXV0GgMST2gDOHJDTD4CQGVycm-QAi9yZTwCHJ84MjIyMzA0MjT3AGQfNfcAax819wADAXgEUG10LmZp6gF0dHkuY29tLw0AEC8aBREv7gTwGHJDb21wb25lbnQucGhwP25hbWVzcGFjZT1Cb290c3RyYXBwZXImc7oBMGNKc1kFLz1kVwALY2NvZGUvJooF8h5lZE9uPVRodSUyME5vdiUyMDEwJTIwMDY6NDk6MDMlMjBHTVQlMjAyMDIyJkPLBcFEPTY1JlBhZ2VJRD1CBcklM0ElMkYlMkZ3d3e6AjYlMkaXAmJzY3JpcHRSAgvRBC01NqMBPzQ4MZoCFjBsb2FHBg-ZAh2fOTgyNzA1MzUzkAMED6IBEAFLAfcoMjI3MWY4NWE2OWJiYTRhNDQwNjhmM2Y0MDdkMzcxMmEuanM_Y29uZGl0aW9uSWQwPTQ2MjE1JhMAjzE9NDIyNjg0LQERLjQ4uQQ3NTczLQGwaW5zZXJ0QmVmb3IsBwAbAgH_BQ8nASSvNzMxODQ2MDU2M8kCJg8nAWIdMVQCCicBD-4ECw8tAS0P7QQEAFQCDCYDlC9pbnRsYWNjdNoFBAYEYF9jb21fbOAFNmdpZhwCD-AFBh4z8gAPRgNPnzc3ODgxMzI4MBsICA_yAEYO2wUfNfIAWA8RAwgA8gAgZ2zVCjFjZG5VCqNjb2Jyb3dzZS9DCQCCSlMuYXNoeD9SCrAxOTc3MiZzaXRlPfwFIHVjLQQG9AEPPQUIHjQQBDc3MDgQBAAiBmBuZENoaWwmBQ8PBC6PNTE2NTU2MjnwAQwP_gBVDucDD_4AUg80BggP_AFZHTLzAwr-AA_lBEMEAwIPAQMIAMoCe2NhdGFseXPkCB9pXg0OT0EmbWNJDRf7Gm1pZD03MTY2OTM1NjU3NzY4MzI2MTMwMDIwOTI2ODE1MTYzNDk0ODA0aw02ODU4YAMPaw0EPTg1OGEBARQADyYMSn8wMDg1MTc4bwcHD10B_0sAvwMLfw0PnwcDP3dlYp0HGA59DRA5kQ0FSQIPqgNCrzkzNTkwNjgyMTdNAgcP8ABEDpsHD_AAWQ89AwgP8AAHIGpziwnQZXItYWNjb3VudHMuaokSEnSOEQ-DBwkN3QFHODA0NoMHD90BQp84NTY2OTIzODbdASIP7QAnDdoBD-0AWg_aAQjxAmZtcmNvcnAudHQub210cmRjeQmAcmVzdC92MS9nD1J2ZXJ5P5IUEz0uAEAmc2VzxxTzFUlkPWZhOTQyYzg5MDZmYTQxMTM5ODYyMzRkMGYwMjA0YjUyJvIUED3eFADcFAMaAg89BgM9ODExPQYCFAAF9AMPqBM-nzkxMTY5NTE1NXUQCAP4AA8mAXccOWMHODgxMZcSDyYBRx82FgUHOWNmYcsQcC9mcC90YWcTBPQBP29yZ19pZD01aDhpM3VkOEICABQA_xBFMEUwNEJEMEFDRkNFNkNEOUEyQUJGODUzRkU4MjdFDxERTTgwNDcSAT80NjdPBE9_MDA2NTA5OTwCCA08Bf8qb0lNdjdLL0Zqclo2L1BCODhlL3JRL201T0VKMERoWWIvTDBNbVhBQllCQS9hQ1poL1BXa0FUbVlCewkNPTg1MNwKAhQADz4DR583MDE1NzEwMjQCAf9fD1wHBj44NDlvBgEbAgUHAg9cB0IECwIfM28GCQS6FQc7GgBgGnQ1Lmh0bWw_4RkfIyQVGFNpZnJhbbUTCiQVHzgVBAA3NTEyFQQP5w86rzcwMjE2MjYxOTnJEggEqBIIPBsPAQFHAKsYImVukBoCLhsaOAEBDwkCQQMIAQASFw8sBgcAFgUP7xAEQWpzL0cHEv8HUHJlc2VuY2VWaXNpdG9yXzUuNi4zTWEKEz04NTHmEDg4NjX9AQ_8AEMwNDE4lhwfOWEKCLFjbGl4cWE0LmZtcsIYABAAD9wFDi42NvQHARQABdUDD_QHPxA4pxQvNDO3EgkAvAAPzAC1DyMQB0ViL3NzaRoAdRrwTjEwL0pTLTIuOS4wL3M1MzU4NzIzNzM1NzQ4OT9BUUI9MSZuZGg9MSZwZj0xJmNhbGxiYWNrPXNfY19pbFsxXS5kb1Bvc3RiYWNrcyZldD0xJnQ9MTMlMkYxMCUyRjka0CUyMDklM0E0NiUzQTheGgAEAEMmZC4mAh8ARB_5H3Y9MSYuZCZzZGlkPTI3NTE0N0Q1RTZCNzQzNDYtNDJFQUMwNEVDQUFFQjlGRSY0Hx8mAhIY9AVhYW1saD02JmNlPVVURi04Jm5zPccE0CZwYWdlTmFtZT1GaWTNArAlMjB3ZWIlN0NJbh0fARwdLWFsEADwADIwVXNhZ2UlMjBBZ3JlZYggLyZnGhsPwSZjLiZib3Q9MCZtY20gD8YSFTBwdHM2APoAdG1zPTMmVlNDSEFOTkVMtQCKJlZTUEFHRT26AA-qAAH5F1ZTUFVSUD1DdXN0b21lciUyMFNlcnZpY2UmVlNTRUNTVUI9JTJGSADwCCZlbnNfbG9jPWhlYWQmZDgwPTAmZDgzBgDwBGF0ZURldGFpbD00NSU3QzAlN0P7ARAzCQDyATQ2JmxpbG89TG8mbWJveFY_IgJNDWAmcDk9Tm-FHEBhdkJhhgABcgARYQcXMCZybaQgkD1yTkElN0NnME0AIGVpBgCgY2lOQSZzdWJkb-0hQD13d3e2AFBPVVJDRRABmmVsaXR5JlNFQwgB-xMmY2hhbm5lbE1hbmFnZXI9VHlwZWQlMkZCb29rbWFya2VkIgAD0wAQdAwCDxwCLwp-ANtLZXl3b3JkPW4lMkZheACPU3RhY2tpbmeiAAHxBnA4PSU3QyU3QyZWU0ZPUk1BVD0xNhsBgUxhcmdlJTdDUAHSQXBwJTIwRm9ybWF0Jl8FQEVudj1kGN8mZWNpZE1JRERlYnVnfQIVgGNzRW5hYmxluiLyPi5jJmFhbWI9NkcxeW5ZY0xQdWlReFlacnN6X3BrcWZMRzl5TVhCcGIyelg1ZHZKZFlRSnpQWEltZGoweSZ2MTY9RCUzRGMxMSZ2MTg9DADhNiZ2MjE9Rmlyc3QlMjAtB1Amdjc1PUcEUC0xMS0x9gEhUy6tBHAlN0NUTVMmPyPxDjAweDEyMDAmYz0yNCZqPTEuNiZ2PU4maz1ZJmJ3GAFBJmJoPSMAD1sWGVZBUUU9Mc4GD6YKBy01NXwbGjjRBg-VHTuPNzA0MzI1OTOrDAoPAwb______2IO7hUKAwYPpA1EAgkGLjUwoA62YWJvdXQ6YmxhbmvFBg9jEAY_ODY3wgAALzg0YxBFIDY4SCBPMTAwNkogDZJvb2dsZXRhZ22wCQCbC_cJL2d0YWcvanM_aWQ9QVctMTA1MzcwODgx0x0PrgcHLjY3Tw8oODFhFQ9METqvNjcwMDU3MzM3OOkAXw5EFQ_pAFIPHiEND9IBPw1CKBo46QAPfQNBBtkBD0kYCPAJem5jdmdqaDhsbWp4Ymt5bG4tZm1ycGkungkQaVgO4WNlcHQucXVhbHRyaWNz3QJhV1JTaXRlAg0AHgDyB0VuZ2luZS8_UV9aSUQ9Wk5fY3ZHSkhSAK9LeWxuJlFfTE9Dcg4QFnRqLkY4NjczFQQPLAMJDtoKKDgynxkPLAM7ETh0Ej8zODZTAckPrQIACVMBD60CQtA4NDE4MzIzODY5fV19
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.11.206.9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-11-206-9.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:09 GMT
cache-control: no-cache, no-store
server: nginx
x-amz-cf-pop: LHR50-C1
x-amz-cf-id: cJH4fgXVTYbpnmhaDbUyRC0afn_jEUR2XE-86VeKbgMXjYdjnHEKrw==
expires: Sun, 13 Nov 2022 09:46:08 GMT

GET
H2 204 r.rnc
dmt.fidelity.com/privacy/v1/b/ 0
1 KB 73ms
73ms Image
text/plain 23.11.206.9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmt.fidelity.com/privacy/v1/b/r.rnc?n=2&c=65&i=8t9bbs&p=prod&s=19246&d=8BV7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNTcUAPAcY2xpZW50SWQiOjY1LCJwdWJsaXNoUGF0aCI6InByb2QiLCJpbnN0YW5jZSUA8lgiOHQ5YmJzIiwicGFja2V0IjoxLCJtb2RlIjoib2JzZXJ2ZSIsImNvb2tpZXMiOnt9LCJlbnZpcm9ubWVudCI6IkFsbG93ZWQgRG9tYWluIiwicmVxdWVzdHMiOlt7ImRlc3RpbmF0uADwE2h0dHBzOi8vY2ZhLmZpZGVsaXR5LmNvbS9mcC9IUD9zZXPhAPAZX2lkPWUwZTA0YmQwYWNmY2U2Y2Q5YTJhYmY4NTNmZTgyN2VmJm9yZygA8BE1aDhpM3VkOCZub25jZT00Y2U5ZmNjNjM1ODU5M2YzJsoA_yA9MiZocD0uY28tb3BlcmF0aXZlYmFuay5jby51ay9DQklCU1dlYi9sb2dpbi5kbykADlBzdGFydCkAlGRlL3BvcnRhbAcAknguZW50cm9wYdYA8AhiYXNlbWVudS9wcm90L3guZmFjZWJvb3oAQW14Lm4WASFldAEBU3gubmV0lgAkbW0JAEMuYXUvGAAQLxQAAGIBY3gubnBic70A0G5ldG1hc3RlcmdvbGQiANJpbmcveC5ud29sYi540gDzJWFzcHg_cmVmZXJlcmlkZW50eC5yYnNkaWdpdGFsLnhBY2NvdW50U3VtbWFyeXguc21pbGVfABBTDAAJHAEPHgACBREB4HlhbmRleC5ydXgvQ2FwYADwBE9uZV9Db25zdW1lci94L2Vhc3keAWBieS94L3OxAHEucnUveDUzBQEAbgLyAmxldC9lZnNvbmxpbmV4Oi8vCgCgLndlbGxzZmFyZ6ABIG0vGgDQc2VjdXJlLmFzc2lzdEgAAgoAIWlkcAFgZWN0ZWQvMgGSLmRveGFiYmV5cgEjYWzeAPAPRUJBTl9FTlMvQnRvQ2hhbm5lbERyaXZlcnhhbGxpIQNgLWxlaWNlYAEzeGFsZgEBqgACWgHwA3BocHhhbWVyaWNhbmV4cHJlc5gB8AptL215Y2EvaW50bC9hY2N0c3VtbS9lbWVhDgAIawHwAWJhbmNhaW50ZXNhLml0L3gPAUBjYXJkBwEAdwACpwABFwAjb2ZoAAF-AAATAPAMcXVlcG9wdWxhaXJlLmZyL3hibnBwYXJpYmFzSwJxL3hjYWhvb10CInhjjAEzb25lTQED-gICFwAJowH5AFRyYW5zYWN0aW9uc3hjYjAA8AZyYWx1L3JlZ2xtLXdlYi9zZXR1cFOEAUBpdHlR8wPAaW9uUGFnZXhjaWJjqQCmeFByZVNpZ25PbhMABRAAIHRp8AAAtwESeLMEgy51cmFsc2liFwAfeLADErNTcGl4Y29tbWVyY90AAD8AMWluZ4AAMGNvdpED4XlidWlsZGluZ3NvY2llcwTQLnVreGRldXRzY2hlLTMAcC5kZXhkaXMyABByhQEAQAAQLwkA8A5tZW1iZXJzdmNzL3N0cm9uZ2F1dGgvYXBwL3NhX18CEXhOBABzAEJiYXdheQDhZWJjX2ViYzE5NjF4ZWcUAGAvY3VzdG8HA55tb3ZlbW9uZXkbAEJ5b3VyGwAILASoL3hoYWxpZmF4LZABM3hNebwDH3MgAAJPL3gvTTgAAcEvcGVyc29uYWx4aHOoAQAGBTUxLzIYAAC7AlFlcm5ldBkBAVIEAyoAJG14wgUAMwEA8wAycG9ztwQhZGUUAfABZmluYW56c3RhdHVzLmluaSgFIztq2QXAaWR4aWIuZmluZWNv8gIRRgoAAGAE_wBCb25pZmljaVNlcnZsZXQnAAWyanNwL01haW4vSEI8AE8uanNwLQAOo1ByaW5jaXBhbGUvAAD9BUBhbGZhxQAArQRgaW4tYml6kgDwA3hpcGtvLnBseGxpYmVydHlyZY0DAA8Fv20veC9oaXN0b3J5HAACARIET3d3dy4eAAIwQ29yfQAPIAAGEHR3Az9mZXI-AAMA4QLyBW9uc2NyaXB0LmpzbGxveWRzdHNiIQQGuAEFYgTyAF9vdmVydmlldy94bWJuYSgAgHhtZW55YWxh8gABZAIWLq8FARAAAJsGImVywwQA4AIB0wAADQEBHgBBbWFpbDsAQXkuZWLhBgA4AvUKd3MvZUJheUlTQVBJLmRsbD9NeUViYXl4bSYAL20vJAANL2ZyIwAIcmJ1c2luZXMsBgG4BBJ4xwUDOQcwQXBwNQIAMAUSL1wEAwcAslByb2Nlc3MvUmNhGAAWeDgHEnghBwB6CANDAwT_BgYZAEBTdGF0vgcndHMuAAEfBXBmZXJzTGFuUQQB7wRKb2x0eM8IYHgveC9vZvkFQ2FyeS8IABN4vQMLvwEDFwAAjAIAUQNCbWFuZFIDAJ4AAzsAGy-mAEBwYXNzeggHwgFBcGF5cNoGAKkC8gZjZ2ktYmluL3dlYnNjcj9jbWQ9X2HoBx94KQAOAfcBYS1kb25lJgsAADoASGVzcz06AD91cy9kAAEBMAAPOwACQW9zdGVhAyBwc_8IUy5hdC94wAcLEAEPzwIJH3h_CAIADgGAY29kZXh1c2HsAkRtL3h1MAIVbc0EQEJhbmvMBBJSnwqCUm91dGVyP3IOAPEAQ21kSWQ9R3h3YWNob3ZpRgAveHn_BiRxLmFtYXpvbpYHAzMEgC9vcmRlcnMvlAOrLmh0bWx4LmJhbsQHYXhTaG93UFEKALMIFi7SB_AGZm9ydGlzLmJleEhvbWVfTG9nb24u2AkhLmO0BiF1bukHBCcCEC8mAAEgAPEBeC5jbWIuZnJ4YWNjdWVpbAEF8AAuY3JlZGl0LWFncmljb2w_CBB4JwdUZWVCYW2FC2BTQUd4LmwjBQGmACBzdD8FAGgIonJlbGV2ZUNQUC0KAJNfY2NwLmVheC7PAQa2AAGICGFOU0ZSP0FRCAUjADBsY2yUABJBlAAQeI8AIGVtHgKRT25lVG9PbmUvUwdBL2Z1bjkAcHN4bWlqbi4fAzNubC8xAyQueQYLEHhXBQEIATF2ZXK4BxF4bwEKHQEjeEOABwIZAfECc2VhbGluZm8udmVyaXNpZ245APQNc3BsYXNoP2Zvcm1fZmlsZXh2b3MtY29tcHRlczcBcGR1LW5vcmTfAfAEQ0RDX1RhYmxlYXVEZUJvcmRfMF4AED83AAM2AH9lbmxpZ25lSwEAAbcA0HguY2Fpc3NlLWVwYXIoADFmci8DAiBpbEoAEXglACNleIgBAFIBgHhvbmdsZXQufQoMwghiL3hub3Jp_AJIZGUveJ4HIHh0PQsAZwQQLhsAIC54BwAARQQxYWwvjgIba2UKGy93BjIuYm18C4VPTEI_aWQ9eBEAMlJNQxEAQ2NoYXMtBwK-ABYuEgBQanMvUmVwAADHAcJqc3gua29vZG9tb2JvDBRtHgtRL3NlbGZ2BzAveC-4AgAzCxBJbwAwcGF5dA4BMwpgLnNjb3RpFwEATwQUbYENEWmADEBqc3A_JAsiY28jC3ByLmVzL2VtoQsgYXNvAjB2YWxvAgGvBEIyMDA3_A1AU2ljafgLEW-8ALJmaXJzdC1kaXJlY10DBRwIL215lQYAsXNhbnBhb2xvaW1pSgIweHVsOAwAcAFhYW55dGlt0wIA_AASeG4AAWUAcHgiLCJ0eXBtD1BpZnJhbWwPAU4N8AAiOjE2NjgzMzI3Njg4Njl1DxlkFACQNzAsInNvdXJjPADyC0hUTUxJRlJBTUVfU0VUQVRUUklCVVRFIiwiiglRIjoiYWynDwGgD0Bhc29unw_UXSwiZGF0YVBhdHRlchIAsmxpc3QiOltdLCJpcgDPNzE3MzI2NTQwMX0s0Q8FAIIDIGZh0Q_1MnJ5LnByby9vSU12N0svRmpyWjYvUEI4OGUvclEvbTVPRUowRGhZYi9MME1tWEFCWUJBL2FDWmgvUFdrQVRtWUIiEQEyeGhywQAQcpUQBA4BPTkwNw4BAhQABQ4BslhIUl9NQU5BR0VSQQA_dHVzAgErnzAxNTcxMDgyMgIB_wpwc2l0ZWludIoNsnB0LnF1YWx0cmljTwp0V1JTaXRlSR4A0EVuZ2luZS9UYXJnZXQUA_UncGhwP1FfWm9uZUlEPVpOX2N2R0pIOGxtanhiS3lsbiZRX0NMSUVOVFZFUlNJT049MS44MS4wFwCGVFlQRT13ZWJOAw89AgQ8MTg4SwMRORQADz0CR685MDc0NzU1ODU1PQIHDzsB_0X_HWR4anNtb2R1bGUvMTEuNmQ2YzVlZjg3OTQ3NjlkYTA0ZmQuY2h1bmsuanM_YgIUvCZRX0JSQU5ESUQ99AQGfQICqg0CfAQJvQQ-ODgyvQQKgAIxbXV0GBQST3wVMnJDTEgAAsQEMGxvYcEVL3JlwwUcnzkxMTYyOTY3N4QCB_AIZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2tzCHEvcGFnZWFkvgqjdGhyb3VnaGNvbo8W9wUvMTA1MzcwODgxOC8_cmFuZG9tPbwGyzAzJmN2PTExJmZzdBgAQWJnPWYBAPAUJmd1aWQ9T04mYXN5bmM9MSZndG09Mm9hYjkwJnVfdz0xNjAJAJFoPTEyMDAmaG57AQWwAADqDhBjnwnRb20mZnJtPTAmdXJsPakQnCUzQSUyRiUyRqwBQCUyRiaBEiM9RoYWMSUyMJ4EAlwO8QJhbCUyMFVzYWdlJTIwQWdyZQkOICZhpwC1MTc4NzM2OTg5My7nACA5JkgHID1lbhJRJTNEZ3QHEsBuZmlnJnJmbXQ9MyYGAB80IgISLzE0ogQAFzntB6BhcHBlbmRDaGlsCwIF4QcPGwIknzg3OTkzMTEwM58ECAVrAQ8bAv9uHzUbAmMfNjYE_5EfNxsCDA9YBkIFPQQfOCICBwB7BQJBBIN0YWdtYW5hZ6UPACYFMC9qczoO0ERDLTI1Nzk5ODMmbD1LBa9MYXllciZjeD1jNAUTHjb-ACc5NjQFs2luc2VydEJlZm9yYw0PUAcrjzM2NjQ4Mjc4GgMID_gAUg_2AQAJ-AAP9gFCFDf-AA9OCAgP_gAUfzM4MjQwMTb2ASQO_gA3MjAy9gEP_gBCnzk1ODY5MzEyM_wBLN9VQS04NDIyMTIyOC0xAQEjLTAx9wIoMjArCA_3AjyPODkyMzcxMTP7AHAfMfwBAQj7AA_8AUIEAQEfNQkQCA_cIP___________________ysAyCAiZW5qIALwIDg5MjK7Ew_vGDsFzSAPwg____________________9ETjkwNDKGIAnCDw-LH0IDyQ8_NTc0eyQRdC1hbmFseXSPLvAbai9jb2xsZWN0P3Y9MSZfdj1qOTgmYWlwPTEmYT0xNjUzODQ3MDM5JnQ9-ioAtTV_Jl9zPTEmZFgqETBkcD1fKv8NdWw9ZW4tdXMmZGU9d2luZG93cy0xMjUyJmR0PWsqD8FzZD0yNC1iaXQmc3IAKxF4_CondnANAPACamU9MCZfdT1ZRUJBQVVBQkEBAPAGQ0FDSX4mamlkPTcyOTY4NDU4MiZnDwD4CTMwNjA1MjI3OSZjaWQ9MTg3ODE4MDQ4MMYqSnRpZD2YIiBfZy0AmDkyMjkyMjE4OC0AJV9yqisQdaorMGNkMU8rAP4yoCUyMHdlYiZjZDILAQnuAFQmY2Q0PYs1MyUyML059hgmY2Q4PSZjZDExPVMzLWZhbHNlJmNkNjg9MCZ6PTE0MzMyMDI2ODMOJg_hLwQuMjhhLQEUAA_hL0evNjg3OTA0MDM5M4oC__-sBiIFEGoORgOWNg_LMAYROWomDLoVAH4DBWoDD_gFQp85NjI4MDY3NzVzKggAFC8PxzABBvcFQ3Q9ZGPxBVdfcj0zJgcGDgQFDzAFBwBYBQ9nBQYPOwUJBbUFALMFIkFBtQWwej0xMTY0MDI4OTLJRwOCAQ_pBAQuMzQNLigzNDkXDwc3Pp84NjU1MzkzOTB7Ae4ObywPewFVHzlkBgcPRTYJBwo1AItCEU0VNQ_3NCNWZm1ycGmIBw8hBAc9NDkwGQo3NTczoCsP2xk70Dk0NDQ2MzU1NDZ9XX0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.11.206.9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-11-206-9.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:09 GMT
cache-control: no-cache, no-store
server: nginx
x-amz-cf-pop: LHR50-C1
x-amz-cf-id: xW5QWiRLiLqYPgIxStPC559qwY8ZlTAvusKnauiJ3FdU-LZLhTyfDg==
expires: Sun, 13 Nov 2022 09:46:08 GMT

GET
H2 204 r.rnc
dmt.fidelity.com/privacy/v1/b/ 0
1 KB 56ms
56ms Image
text/plain 23.11.206.9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmt.fidelity.com/privacy/v1/b/r.rnc?n=3&c=65&i=8t9bbs&p=prod&s=15615&d=8BV7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNTcUAPAcY2xpZW50SWQiOjY1LCJwdWJsaXNoUGF0aCI6InByb2QiLCJpbnN0YW5jZSUA8lgiOHQ5YmJzIiwicGFja2V0IjoxLCJtb2RlIjoib2JzZXJ2ZSIsImNvb2tpZXMiOnt9LCJlbnZpcm9ubWVudCI6IkFsbG93ZWQgRG9tYWluIiwicmVxdWVzdHMiOlt7ImRlc3RpbmF0uADxJWh0dHBzOi8vc2l0ZWludGVyY2VwdC5xdWFsdHJpY3MuY29tL2R4anNtb2R1bGUvQ29yZU0LAPQMLmpzP1FfQ0xJRU5UVkVSU0lPTj0xLjgxLjAmFwDwD1RZUEU9d2ViJlFfQlJBTkRJRD1mbXJwaSIsInR5cM8A0HNjcmlwdCIsInN0YXLpAMA2NjgzMzI3Njk0OTHXAEVkIjoxFACgNTczLCJzb3VyYzwAMW11dMUAEk8TATJyQ0xIAJB0dXMiOiJsb2FYAWByZWFzb275ANRdLCJkYXRhUGF0dGVyEgCybGlzdCI6W10sImlqAM85NDQ0NjM1NTQ3fSwrASF0V1JTaXRlSUkB8gJFbmdpbmUvQXNzZXQucGhwPzwB8gY9U0lfMEFzUHBpNkpaWElqZ01aJlZLAtQ9NjUmUV9PUklHSU49nQH1AXd3dy5mYWRlbGlyeS5wcm9iAQ95AQwGaQEyeGhyHgEKZgE9NjE5ZgEBFAAFZgGyWEhSX01BTkFHRVJBAAJfASFhbGMCAVwCD2IBHY8wOTM2ODMxNWIB_631A0NSXzBpYTY4VGFXUjFkYnRuN8QCRTQmUV8EAy9JRO8CAQ_kAsqvODU5NjY4NjMxOOQCSg-CAf9w-QNTSV85QWJmM2dyZTg3QmdiNGkEAw_HBcivNzI3ODQ4OTQzNuMCSg9hAf9P9QNDUl9lRkJYRWxOdXdJSGI4VzLCAh4xxgUM7QIPxgXKnzYzMDcwODQ3NQwKSw-CAf9w9QNTSV8zOGdiVFZSem45ck1rYXEEAx8zjQtZLjIwjQsAFAAPjQtHrzY5ODM1NTgzNDPGBU0PYQH_TA9EBBsMjAEPxgVYAM8CImVubA8D6g8QNhQAD-MCSJ84MjkzNDM2ODHjAkoPggH_cPUDU0lfYm12cXdLNEcwUmZxRkhuxgUfNsYFyq83MDA2MzMxNzU1xgVOD2EB_0wARATlcjMySkkxZ2psY3VRUmbCAgCICAtSEQyMAQ_GBcqvOTI0MTg2NDYzMsYFTg-CAf9s-QNTSV82dGc4UFdPaTFmcklGdXQEAw9SEVYeMn8YEDYUAA-pCEefODk0MTI0MDgzNRRLD2EB_08PxgUbDO0CD8YFWQ_jAl6PNjQ2MTM1ODc1FEwPggH_cPYCU0lfYVd1c1pkM2dqZVRmNWdSEQAcGg_GBcivNzIwMjYxODk3NKkISg9hAf9PAEQEDxgXFwztAg_GBcqfOTI5NzY5Mjg4GBd5D4IB_0IAZQTlWXFmMHlhaUh4RkszdFGMCw_GBVsfMhgXABcyCyQPpSI_jzM2NzMwODU3bw5LD2EB_08PxgUcC-0CD8YFWQ_jAl2vNzAyMzAxNjQ0M8YFeg-CAf9B_wNTSV84bGdNUDI1SWtnanYwd2XGBdWfNzk5MjQyMTU3GBdOD2EB_0wPxgUbDIwBD8YFya82Njg4NDk5MDY1bw5LD4IB_3D1A1NJX2Rnc3g5aHJXQjNLNjkxM8YFHzLeHFoPqQhdjzY3Mjc2MTY0NRRND2EB_0_1A0NSX2JPWERMdGU1RXhCM2ZjVsICD2ooAAztAg_GBVkfM28OAAh6Mg9vDj6PODc3NzIwMzf7GUwPggH_cAB9G99Kck9pZVRKUmFRak50xgVlD-MCX38wNzI1MjU1-xlMD2EB_0__A0NSXzl0eXhZc2RISW1SdHRxZMYFCRs27QIPxgXKjzc0MzM4NDkzpCJPD4IB_20AtxXlYXZPUW1QaTJRU1pLRTUEAwCoJQ_eHFcPxgUBHzQYF0nQNzE4NTY1NTExMH1dfQ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.11.206.9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-11-206-9.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:09 GMT
cache-control: no-cache, no-store
server: nginx
x-amz-cf-pop: CDG50-P1
x-amz-cf-id: qUQL7ZFT8Fhoxos-yyXJv28ZiPRm3DYMjg-zXxj2mlpJf8xil-1LzQ==
expires: Sun, 13 Nov 2022 09:46:08 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A2D3
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y3C83wAAAD3sxwOV
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y3C83wAAAD3sxwOV&C=1

43 B
766 B

24ms
24ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y3C83wAAAD3sxwOV&C=1
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fidelity.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Nov 2022 09:46:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Sun, 13 Nov 2022 09:46:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=88&external_user_id=Y3C83wAAAD3sxwOV&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

POST
H2 200 / Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 45 B
207 B 171ms
171ms XHR
text/plain 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_0ia68TaWR1dbtn7&Q_SIID=SI_0AsPpi6JZXIjgMZ&Q_ASID=AS_0AqVa5fIQp7ktXT&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&r=1668332769786

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/fidelity/prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fadeliry.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
content-encoding: br
x-content-type-options: nosniff
server: cloudflare
vary: Accept-Encoding
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.fadeliry.pro
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
trace-id: fafb5b4270c12470
cf-ray: 769694233a1a910a-FRA

GET
H2 200 Graphic.php
sjc1.qualtrics.com/WRQualtricsSiteIntercept/ 2 KB
2 KB 176ms
49ms Image
image/png 88.221.169.119
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sjc1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_3yKp2nFO4GPtXrD

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

88.221.169.119 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a88-221-169-119.deploy.static.akamaitechnologies.com

Software

envoy /

Resource Hash

261810b2a67fd59ab5e89584961e97a6ba419d5db0811ee5baf8b98affb49aa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 168
date: Sun, 13 Nov 2022 09:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-edgeconnect-midmile-rtt: 0
content-security-policy-report-only: report-uri https://sjc1.qualtrics.com/csp-report
x-envoy-upstream-service-time: 22
content-disposition: inline; filename=Feedback+tab+small
content-length: 1595
x-request-id: 5ec699ba-7c37-4713-bfc3-ec721d90b1fd
referrer-policy: strict-origin-when-cross-origin
server: envoy
etag: "a97234fecb8fb711964fd6941188e385"
content-type: image/png
access-control-allow-origin: *
x-transaction-id: 84c54f9d-b0e6-41dc-921c-c21b21ee0baa
cache-control: public, max-age=56
permissions-policy: camera=(), geolocation=(), microphone=()
x-robots-tag: noindex
expires: Sun, 13 Nov 2022 09:47:05 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame A2D3
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D
https://ib.adnxs.com/setuid?entity=158&code=Y3C83wAAAD3sxwOV

43 B
1 KB

21ms
21ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=158&code=Y3C83wAAAD3sxwOV

Protocol

HTTP/1.1

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fidelity.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Nov 2022 09:46:09 GMT
AN-X-Request-Uuid: 583eda88-bfd2-4a67-8d58-17bb4ddca8ec
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.64.151.29; 217.64.151.29; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

x-served-by: cache-hhn4073-HHN
pragma: no-cache
date: Sun, 13 Nov 2022 09:46:09 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1668332770.861668,VS0,VE0
x-cache: HIT
location: https://ib.adnxs.com/setuid?entity=158&code=Y3C83wAAAD3sxwOV
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame A2D3
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y3C83wAAAD3sxwOV

43 B
273 B

73ms
26ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y3C83wAAAD3sxwOV
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fidelity.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Nov 2022 09:46:10 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

x-served-by: cache-hhn4073-HHN
pragma: no-cache
date: Sun, 13 Nov 2022 09:46:09 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1668332770.961038,VS0,VE0
x-cache: HIT
location: https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y3C83wAAAD3sxwOV
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1 204
No Content clear.png Show response
cfa.fidelity.com/fp/ Frame EF8B 0
387 B 23ms
23ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/clear.png?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&jac=1&je=31303226266b6e643d273540253030737d70726f70762d323027334933302530432532327377636365717127323027334934273241273a327067737d6e76732732322533412735426e776e6e2530416e7d6c6e2530412d354027354c27304364616c7365253744253746

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Nov 2022 09:46:10 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=91
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame A2D3
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y3C83wAAAD3sxwOV

1 B
451 B

91ms
24ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y3C83wAAAD3sxwOV
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fidelity.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Sun, 13 Nov 2022 09:46:09 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

x-served-by: cache-hhn4073-HHN
pragma: no-cache
date: Sun, 13 Nov 2022 09:46:10 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1668332770.060368,VS0,VE0
x-cache: HIT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y3C83wAAAD3sxwOV
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame A2D3
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y3C83wAAAD3sxwOV&img=1
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y3C83wAAAD3sxwOV&img=1&__user_check__=1&sync_id=00edf426-6338-11ed-a2ff-1860f0710306

43 B
548 B

40ms
39ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y3C83wAAAD3sxwOV&img=1&__user_check__=1&sync_id=00edf426-6338-11ed-a2ff-1860f0710306
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fidelity.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Sun, 13 Nov 2022 09:46:10 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 22
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Sun, 13 Nov 2022 09:46:10 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=6409&uid=Y3C83wAAAD3sxwOV&img=1&__user_check__=1&sync_id=00edf426-6338-11ed-a2ff-1860f0710306
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 110
Connection: keep-alive
Content-Length: 0

GET
H2

200

b.php
www.facebook.com/fr/ Frame A2D3
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0
https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y3C83wAAAD3sxwOV&t=2592000&o=0

43 B
554 B

72ms
39ms

Image
image/gif

2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y3C83wAAAD3sxwOV&t=2592000&o=0

Protocol

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fidelity.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 01:46:10 PST
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
pragma: public
x-fb-debug: XgmQ3n6seDHQx3NhrO4Wa6HSyhKqMUDQQKD6a/zh9v4QZHSVYT1DSo97WqfDZVxb1ifIEZoao+6rs7bDdaDHPw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: image/gif
cache-control: public, max-age=0
expires: Sun, 13 Nov 2022 01:46:10 PST

Redirect headers

x-served-by: cache-hhn4073-HHN
pragma: no-cache
date: Sun, 13 Nov 2022 09:46:10 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1668332770.261527,VS0,VE0
x-cache: HIT
location: https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y3C83wAAAD3sxwOV&t=2592000&o=0
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1 204
204 clear3.png;CIS3SID=936AB9E6402B47F6F9C8A283012B0B56 Show response
cfa.fidelity.com/fp/ Frame EF8B 0
218 B 24ms
23ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://cfa.fidelity.com/fp/clear3.png;CIS3SID=936AB9E6402B47F6F9C8A283012B0B56?org_id=5h8i3ud8&session_id=e0e04bd0acfce6cd9a2abf853fe827ef&nonce=4ce9fcc6358593f3&je=3139382672663d267266763f363131333b2d3335323224353b323025333730322c353930312f313530322e373932302d393532302e373130312f313d32322c313338392d313730302c373b37302f333538302e353b31392d333730382e373931392d313530322c3630313b2f3137323024353b34362f393532322c3e3236302f313530302c373237392f333730322e373837322d333738302e3b3931312f313730302c373032302d313732322c353230392d33353232243733323025333730322c383030392f31353032

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Sun, 13 Nov 2022 09:46:10 GMT
Strict-Transport-Security: max-age=31536000
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=90
Content-Type: text/javascript;charset=UTF-8

GET
H2 204 r.rnc
dmt.fidelity.com/privacy/v1/b/ 0
1 KB 54ms
52ms Image
text/plain 23.11.206.9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmt.fidelity.com/privacy/v1/b/r.rnc?n=4&c=65&i=8t9bbs&p=prod&s=15702&d=8BV7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNTcUAPAcY2xpZW50SWQiOjY1LCJwdWJsaXNoUGF0aCI6InByb2QiLCJpbnN0YW5jZSUA8lgiOHQ5YmJzIiwicGFja2V0IjoxLCJtb2RlIjoib2JzZXJ2ZSIsImNvb2tpZXMiOnt9LCJlbnZpcm9ubWVudCI6IkFsbG93ZWQgRG9tYWluIiwicmVxdWVzdHMiOlt7ImRlc3RpbmF0uAD0HGh0dHBzOi8vc2l0ZWludGVyY2VwdC5xdWFsdHJpY3MuY29tL1dSU2l0ZUkeAPIdRW5naW5lL0Fzc2V0LnBocD9Nb2R1bGU9U0lfYWF2T1FtUGkyUVNaS0U1JlYgAcQ9MyZRX09SSUdJTj1xAPUYd3d3LmZhZGVsaXJ5LnBybyZRX0NMSUVOVFZFUlNJT049MS44MS4wFwDgVFlQRT13ZWIiLCJ0eXAMAaB4aHIiLCJzdGFyIwHANjY4MzMyNzY5NjI0EQFKZCI6MRQAUHNvdXJjOQCyWEhSX01BTkFHRVJBAIF0dXMiOiJhbDcBATABQGFzb24vAdRdLCJkYXRhUGF0dGVyEgCybGlzdCI6W10sImlmAM83MTg1NjU1MTExfSxhAUj1A0NSXzl6QmFaU0VlNENkNXRpSmEBRTEmUV-hAS9JRIwBAQ-CAcuPMzg1MTc4NjOCAf_O9QNTSV85c2x5UlJtdXdVWjl0ZlQEAx8yZQTMnzcxNjczMDg2OWUESg9hAf9P9QNDUl9lcjMySkkxZ2psY3VRUmbCAgAnBwvGBQztAg_GBcufNTM2NDg2Mjcy4wJKD4IB_3AAZQTWTlNqbHR5bk10SGhNRgQDAMoIDysKyZ82ODEyMTIxNTXjAkoPYQH_T_UDQ1JfY1JUeWE1aTN3aWFXbzRaxgUeNowLGzntAg_GBcqvNjI3OTQ5MjY5N-MCSg-CAf9w9QNTSV82S0lMZUdHQXVQc2xKN24EAw-MC1sfNfEPAD81LCLxD0efODM0MzY3NTMybw5LD2EB_08PCgobDO0CD8YFWQ_jAl-fOTgxNDM2Njc2xgVNDw4NGA-CAf9C9QNTSV8yMHVwb0RnN0dJWUd1eWjGBQCQDg-MC1cP4wJenzY0MjIwODE3NcYFTg9hAf9MD8YFGwyMAQ_GBcpQNjU5NDY4FA-MC04PxgUYD4IB_0IAfRvlWXEyUzJMOVdZVkhlZnrGBQ-MC82fMDE2MDc3NjY0qQhKD2EB_08PxgUbG2HtAg_GBVkfNm8OAB82bw5JrzY4NTEzMDk0MjDjAkoPggH_cAC3FdZZVWJzd25DRjZnNGswQyEPxgVbD-MCXp83NTMxNTcwMDb7GUsPYQH_Tw9EBBsbOe0CD8YFyp84NzM1MzMxMjjBH0sPggH_cPUDU0lfMHFyeVBSQWxCWGN6ZFREjAsAHBoPUhFXD8YFX484Mjc1MDQ1Nm8OSw9hAf9PD0QEGwztAg_GBcqvOTk2NzM4NTkxOIwLeA-CAWkfNw4NAB83Dg1JBYIBD0gHSwBlBOV2YVlkd3RoSUhWdmg2UsYFHzGlIlsPYgFeAMQFXzE1MTgw_BlLD2IB_1APJCEbGzDvAg_IBVkP5AJfnzc3MjA5MjIyM8gFTQ8oJBgPggH_QvYCU0lfNW5kRmFpdnVTUVJRQW3gHA-OC1sP4wJeAC8uTzkyNDiOC08PYQH_TA-OCxsMjAEPxgXLjzYwMzM2NTAwNxRLD4IB_3AApiLlb0RUMWRLTE9nZUZJR06OCw8aF1sPxgVenzcxMjYyMTkxMnEOSw9hAXYfOFAOAB84UA5JBWEBD1AOSw-MCxsbMu0CD8YFWQ-CAV7QNjQzMTY2Mzk1OH1dfQ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.11.206.9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-11-206-9.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:12 GMT
cache-control: no-cache, no-store
server: nginx
x-amz-cf-pop: LHR50-C1
x-amz-cf-id: xvIrsUqE2_XleXkDNXC-PmW2KbZdAaBC-NAKM6bMQ_-tqEpn5_h1yA==
expires: Sun, 13 Nov 2022 09:46:11 GMT

GET
H2 204 r.rnc
dmt.fidelity.com/privacy/v1/b/ 0
1 KB 86ms
85ms Image
text/plain 23.11.206.9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmt.fidelity.com/privacy/v1/b/r.rnc?n=5&c=65&i=8t9bbs&p=prod&s=8069&d=8BV7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNTcUAPAcY2xpZW50SWQiOjY1LCJwdWJsaXNoUGF0aCI6InByb2QiLCJpbnN0YW5jZSUA8lgiOHQ5YmJzIiwicGFja2V0IjoxLCJtb2RlIjoib2JzZXJ2ZSIsImNvb2tpZXMiOnt9LCJlbnZpcm9ubWVudCI6IkFsbG93ZWQgRG9tYWluIiwicmVxdWVzdHMiOlt7ImRlc3RpbmF0uAD0HGh0dHBzOi8vc2l0ZWludGVyY2VwdC5xdWFsdHJpY3MuY29tL1dSU2l0ZUkeAPIdRW5naW5lL0Fzc2V0LnBocD9Nb2R1bGU9Q1JfY1JUeWE1aTN3aWFXbzRaJlYgAVU9NiZRX0AA9BBJRD1TSV8yb0RUMWRLTE9nZUZJR04mUV9PUklHSU49kgD1GHd3dy5mYWRlbGlyeS5wcm8mUV9DTElFTlRWRVJTSU9OPTEuODEuMBcA4FRZUEU9d2ViIiwidHlwLQGgeGhyIiwic3RhckQBwDY2ODMzMjc2OTYyODIBSmQiOjEUAFBzb3VyYzkAslhIUl9NQU5BR0VSQQCBdHVzIjoiYWxYAQFRAUBhc29uUAHUXSwiZGF0YVBhdHRlchIAsmxpc3QiOltdLCJpZgDPNjQzMTY2Mzk1OH0sggFI9gJTSV9idzFoYmxYcG54azVHWYIBHzlhAcuvOTAwMzkxODU3NmEB_6wPRAQbDO0CD0QEy581MTk4NTgwNTTjAkoPggH_cPUDU0lfZVVQZ2VMTUVxNVVvcDJCSAcfN8YFy584ODc4MjA4OTnGBU4PYQH_TA9EBBsMjAEPxgVZHzkKCgA_OSwiCgpHrzk1NDI1MTg2NTPGBXgPggH_QgCMC-VnYVJBWmNGQk9KNnp3VsYFD4wLWw_jAl-fMTkzMzE2NzYx4wJKD2EB_08PxgUbG2LtAg_GBcqvODY3NzE4NDA0N-MCSg-CAf9JUWR4anNtuBL_Ei80LmE1YzBkZTUyYTVmYzRiMWNiYzRiLmNodW5rLmpzP3gSFPYBJlFfQlJBTkRJRD1mbXJwaYgSYnNjcmlwdEoSC4sSLjE2gQgnNjKBCKBhcHBlbmRDaGlsJxQyc3RhixIwbG9hEAAvcmWIEhufNzk5NjgzNjk3mwUkDzYBdR83NgFjHzLuAyMPNgF0LzMwNgEMMW11dBcWEk9lFjJyQ0y0Ag9zAjIvODU9AS7CRmVlZGJhY2tMaW5rdBYPnwNOD2kCW682ODcyNjU0NDg5LAGhD1YXAA_LBEgELAEvOTAsAaAPiwNjAzMBLzUwyAQvf1BvcE92ZXKGA1QPWgIBHzglB0afOTk3NjEyMTMwrRkkB-8FDycBWg9VAgIIJwEP4AVCBC4BHzKIAy__BzEuOGNlNjkzOTRkZmMxNTRlNjUxNzSJCVQP6gUALzcwZAJGnzY5OTAzNzEwM2QCLw82AWkPcwIBCTYBD3MCQtA2OTkwMzcxMDUxfV19
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.11.206.9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-11-206-9.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:12 GMT
cache-control: no-cache, no-store
server: nginx
x-amz-cf-pop: LHR50-C1
x-amz-cf-id: VotL4p86foRi870Xx-kHv06Czbi4dcKv1ZpVnu1CE7jfnYyus1drSw==
expires: Sun, 13 Nov 2022 09:46:11 GMT

GET
H2 204 r.rnc
dmt.fidelity.com/privacy/v1/b/ 0
1 KB 58ms
56ms Image
text/plain 23.11.206.9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmt.fidelity.com/privacy/v1/b/r.rnc?n=6&c=65&i=8t9bbs&p=prod&s=2938&d=8BV7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNTcUAPAcY2xpZW50SWQiOjY1LCJwdWJsaXNoUGF0aCI6InByb2QiLCJpbnN0YW5jZSUA8lgiOHQ5YmJzIiwicGFja2V0Ijo0LCJtb2RlIjoib2JzZXJ2ZSIsImNvb2tpZXMiOnt9LCJlbnZpcm9ubWVudCI6IkFsbG93ZWQgRG9tYWluIiwicmVxdWVzdHMiOlt7ImRlc3RpbmF0uADxJmh0dHBzOi8vc2l0ZWludGVyY2VwdC5xdWFsdHJpY3MuY29tL2R4anNtb2R1bGUvUG9wVXBNDAD0DC5qcz9RX0NMSUVOVFZFUlNJT049MS44MS4wJhcA8A9UWVBFPXdlYiZRX0JSQU5ESUQ9Zm1ycGkiLCJ0eXDQAPAOc2NyaXB0Iiwic3RhcnQiOjE2NjgzMzI3Njk2MTjYABlkFACQNzcsInNvdXJjPACgYXBwZW5kQ2hpbEIBwHN0YXR1cyI6ImxvYRAAYHJlYXNvbvMA1F0sImRhdGFQYXR0ZXISALNsaXN0IjpbXSwiaWMAvzYzMzc4OTM2NX0sJQGXLzMwJQEMMW11dOsBEk85AjJyQ0xtAQ8sATIvNzcsAS7vRW1iZWRkZWRUYXJnZXRaAmgfOFoCRq82MjAwOTgxMzc0LgGiD2MCAgguAQ9jAkIENQEvODY1AQg7amMxqwQ0V1JRuwRUU2l0ZUnSBPYTL0dyYXBoaWMucGhwP0lNPUlNXzN5S3AybkZPNEdQdFhyRJQEMmltZyQDCpEEPTc4NmwDARQABZEE8gdIVE1MSW1hZ2VfU0VUQVRUUklCVVRFTAACcAMhYWyaBQGTBQ-fBB1_Nzc2ODg0NnMDJClXUhAB8ARFbmdpbmUvP1FfSW1wcmVzcz0xtgXwOklEPUNSXzBpYTY4VGFXUjFkYnRuNyZRX1NJSUQ9U0lfMEFzUHBpNkpaWElqZ01aJlFfQVNJRD1BU18wQXFWYTVmSVFwN2t0WFRNAA8aBhImcj3zBTY3ODaGATJ4aHI6AQyGAR83hgEACBcGslhIUl9NQU5BR0VSQQAPewEtrzcyNTM2NjIxMjKLAggPPwcID3sB_04PBgRuKDk2gAIPlwg9D_gDEA8CAVwdOYIDCgIBDxEGQtA4Njc3Njg4NDcwfV19
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.11.206.9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-11-206-9.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fadeliry.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 09:46:12 GMT
cache-control: no-cache, no-store
server: nginx
x-amz-cf-pop: LHR50-C1
x-amz-cf-id: 5Iqo1z_cn8SBqThthJEOcmiN0RpzpL6qpxApF4E2YOiCd9Tv-BQ_mw==
expires: Sun, 13 Nov 2022 09:46:11 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: personal.fadeliry.pro
URL: https://personal.fadeliry.pro/include/footer/images/Footer_Logo.png

Domain: clixqa4.fmr.com
URL: https://clixqa4.fmr.com/clix

Verdicts & Comments Add Verdict or Comment

253 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

40 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.fadeliry.pro/ftgw/Fas/Fidelity	1969-12-31 23:59:59	Name: SESSION_CTX Value: E0E04BD0ACFCE6CD9A2ABF853FE827EF
.fadeliry.pro/	1969-12-31 23:59:59	Name: SESSION_SCTX Value: E0E04BD0ACFCE6CD9A2ABF853FE827EF
.fadeliry.pro/	1970-01-20 07:25:36	Name: AKA_A2 Value: A
www.fadeliry.pro/	1969-12-31 23:59:59	Name: akaas_www_AWS_AS_NL Value: 2147483647~rv=1~id=cb5cb7d3a5bec741735f01941b821891
.fadeliry.pro/	1970-01-20 07:25:47	Name: bm_sz Value: 436D4E48E49231DB9422376192580A94~YAAQD6AkF/13tFOEAQAAc8FhcBHUCtQ/EsDnsoZ5NcM9wPnViniJdrsImwQhwSOndbzxoqqU+4rTwqaQ7rWZVxm29bQ9h2HZaInqj6dThiDsX/ryOlEZwywG3OUUsAtwTuKaWQCcPVROS/bzRlfn28guncC7Vj+yplVwR/WDz3Qo8ARYziZARj+8wJmdmo3p/RbajTVM2BqLGXBdkFFWAJbBpe9Zx//WJOFb5C2Kzp64Dsf2Ll1Hig8zaqOF7Dslz87dUSsuCuXlWWgLQXwF3fW0wJ3fvqnN3YU+kPy7bmxWXAeZhw==~3425333~3491385
.fadeliry.pro/	1970-01-20 07:26:59	Name: prfasessid Value: 1027bd456c23bd5350bb7b21704af6153e1a51c32a7fe66ac6deddfc1fdc038c
www.fadeliry.pro/	1969-12-31 23:59:59	Name: akaalb_www_binpublic_alb Value: ~op=EAST_AWS_WWW:WWW-EAST\|~rv=70~m=WWW-EAST:0\|~os=f1162b9d355bd32846e2d2dc4b3e9a05~id=7ab5c64a71ea75de5daf4fee5389ea89
.fadeliry.pro/	1969-12-31 23:59:59	Name: at_check Value: true
.fadeliry.pro/	1970-01-20 07:25:34	Name: mbox Value: session#fa942c8906fa4113986234d0f0204b52#1668334628
.demdex.net/	1970-01-20 11:44:44	Name: demdex Value: 77224329503074743510773209141841049493
.fadeliry.pro/	1969-12-31 23:59:59	Name: AMCVS_EDCF01AC512D2B770A490D4C%40AdobeOrg Value: 1
.everesttech.net/	1970-01-20 16:11:08	Name: everest_g_v2 Value: g_surferid~Y3C83wAAAD3sxwOV
.dpm.demdex.net/	1970-01-20 11:44:44	Name: dpm Value: 77224329503074743510773209141841049493
.fadeliry.pro/	1970-01-20 17:01:32	Name: AMCV_EDCF01AC512D2B770A490D4C%40AdobeOrg Value: -330454231%7CMCIDTS%7C19310%7CMCMID%7C71669356577683261300209268151634948040%7CMCAAMLH-1668937567%7C6%7CMCAAMB-1668937567%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1668339967s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19317%7CvVersion%7C3.1.2
cfa.fadeliry.pro/	1970-01-20 17:01:32	Name: thx_guid Value: 729e6c680c266139d627edac7be55b5a
cfa.fadeliry.pro/	1970-01-20 17:01:32	Name: tmx_guid Value: AAzYR4vPX7x0-s1bE4JGEq4bDpIgCt8VqWl5xewdtKA0KRlNYI_dIERIfrU2k0DN0WrghruxyDEfn2cl3dRhSiwE2bZ8Lw
.fadeliry.pro/	1970-01-20 16:11:08	Name: s_pers Value: %20visitStart%3D1668332768542%7C1699868768542%3B%20gpv_c11%3DFid.com%2520web%257CInternational%257CInternational%2520Usage%2520Agreement%7C1668334568549%3B
.fadeliry.pro/	1969-12-31 23:59:59	Name: s_sess Value: %20s_cc%3Dtrue%3B
.fadeliry.pro/	1970-01-20 11:44:44	Name: AAMC_fidelity_0 Value: REGION%7C6
.fadeliry.pro/	1970-01-20 08:08:44	Name: aam_uuid Value: 77224329503074743510773209141841049493
.adnxs.com/	1970-01-20 09:35:08	Name: uuid2 Value: 2721345729940198821
.agkn.com/	1970-01-20 16:11:08	Name: ab Value: 0001%3AK%2FUzI6XALpbljpLEvd7lcC5O8pCY28E3
.agkn.com/	1970-01-20 16:11:08	Name: u Value: C\|0CAArA3lgKwN5YAAAAAAAAUNFAAAAAA
.fadeliry.pro/	1970-01-20 09:35:08	Name: _gcl_au Value: 1.1.1787369893.1668332769
h.online-metrix.net/	1970-01-20 17:01:32	Name: thx_global_guid Value: ddf63fef007e41d9849d6e8093f346e6
.doubleclick.net/	1970-01-20 16:47:08	Name: IDE Value: AHWqTUnMDWcJo0rgrY1SfKYLRSxFYpzaFF0rRblpZF29HmYosx95YMVJcYrUrCsQVHU
.fadeliry.pro/	1970-01-20 17:01:32	Name: _ga Value: GA1.2.1878180480.1668332769
.fadeliry.pro/	1970-01-20 07:26:59	Name: _gid Value: GA1.2.1922922188.1668332769
.fadeliry.pro/	1970-01-20 07:25:32	Name: _gat_gtag_UA_84221228_1 Value: 1
.bing.com/	1970-01-20 16:47:08	Name: MUID Value: 1F6DBE91190A651A18BCACCA18616435
.twitter.com/	1970-01-20 17:01:32	Name: personalization_id Value: "v1_Uw+40NbAoy+lLGuIBHegJw=="
.fadeliry.pro/	1970-01-20 16:11:08	Name: _abck Value: EA7780FFAD16BFE36D5546B193FB0E8B~-1~YAAQCaAkFx916mGEAQAAddBhcAiH2G7H1i9DJrqcE1DXogS7r40imcf9ZRQaPwxUVT1F0kyDHtdWxkOwmNNOpH2uv2nfBbKQYWhIdLD1RuYg/y4sQKgcBGmjQAShoDcGMeOStne6qGx9HUfn27LjB8AWBwzt+j2Wi8Akp9DwPWCtLNQ22w/ljN1mMOCBPdyVwtQIgy++1MgX8d9QxiV9B/R2zC7x42zhU0x2WJr6dc2XBWkD/O8oJ8UcWd33bSiyB27QNiW1whMqDGdDJGLruRocQiofJiNV7TgnghAbCoqMT9J66adJjAj8/oLRECytJedY55yUsnBvUEXr7mKXhLhVhxbT/jHX/knZk9Cd4EMS+Za3rwT0kNqQ4BguxGZumouY2AI73LMecRLB~-1~-1~-1
.adnxs.com/	1970-01-20 09:35:08	Name: anj Value: dTM7k!M4.FErk#WF']wIg2E?eJ9izo!@wnfH)iR8PMp-v=0H`<kyy<WiJ%DaaDE=l8B>#thY8'q/X%W#.wL5oa9/sZwfzrVaQItDTWBCu(lOfM!x'7q*[LJX
.casalemedia.com/	1970-01-20 16:11:08	Name: CMID Value: Y3C84c6KKpzhCfOW7gjSGwAA
.casalemedia.com/	1970-01-20 09:35:08	Name: CMPS Value: 1172
.casalemedia.com/	1970-01-20 09:35:08	Name: CMPRO Value: 1172
.pubmatic.com/	1970-01-20 09:35:08	Name: KRTBCOOKIE_218 Value: 4056-Y3C83wAAAD3sxwOV&KRTB&22978-Y3C83wAAAD3sxwOV&KRTB&23194-Y3C83wAAAD3sxwOV&KRTB&23209-Y3C83wAAAD3sxwOV
.pubmatic.com/	1970-01-20 08:08:44	Name: PugT Value: 1668332769
.demdex.net/	1970-01-20 11:44:44	Name: dextp Value: 60-1-1668332768515\|358-1-1668332768617\|477-1-1668332768718\|771-1-1668332768825\|1123-1-1668332769071\|1957-1-1668332769217\|144228-1-1668332769318\|144229-1-1668332769418\|144230-1-1668332769519\|144231-1-1668332769636\|144232-1-1668332769744\|144233-1-1668332769846\|144234-1-1668332769947\|144235-1-1668332770048\|144236-1-1668332770148\|144237-1-1668332770249
.spotxchange.com/	1970-01-20 08:05:51	Name: audience Value: 00edf3ec-6338-11ed-a2ff-1860f0710306

26 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://www.fadeliry.pro/ Message: Mixed Content: The page at 'https://www.fadeliry.pro/' was loaded over HTTPS, but requested an insecure element 'http://personal.fadeliry.pro/include/footer/images/Footer_Logo.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://www.fadeliry.pro/(Line 182) Message: Mixed Content: The page at 'https://www.fadeliry.pro/' was loaded over HTTPS, but requested an insecure element 'http://personal.fadeliry.pro/include/footer/images/Footer_Logo.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network	error	URL: https://personal.fadeliry.pro/include/footer/images/Footer_Logo.png Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://idsync.rlcdn.com/365868.gif?partner_uid=77224329503074743510773209141841049493 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://clixqa4.fmr.com/clix Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://idsync.rlcdn.com/365868.gif?partner_uid=77224329503074743510773209141841049493 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://fmrcorp.tt.omtrdc.net/rest/v1/delivery?client=fmrcorp&sessionId=fa942c8906fa4113986234d0f0204b52&version=2.3.0 Message: Failed to load resource: the server responded with a status of 403 ()
worker	warning	URL: blob:https://www.fadeliry.pro/4ed18dea-a6a2-4bad-a019-12c6ae6521bc(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5902/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://www.fadeliry.pro/55e52ab6-5628-40ac-828c-323f598a0fd4(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5901/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://www.fadeliry.pro/339813fb-4dcb-48b9-a2ed-de635ed24321(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:63333/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://www.fadeliry.pro/139db1ea-df65-4880-ae9c-30435700c70b(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:7000/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://www.fadeliry.pro/e6c44cc9-da8f-49c6-9bf3-8cbd39c6c531(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:6040/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://www.fadeliry.pro/216df142-6976-4a89-949e-99b1c54d4509(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5900/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://www.fadeliry.pro/a2254e76-36f3-43bf-b707-6b83f04240ef(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:9993/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://www.fadeliry.pro/849ec3e7-b790-4288-b775-410c627b6936(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5944/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://www.fadeliry.pro/ad9ee12f-664f-4a69-afb4-f6d5f60c86b5(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5279/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://www.fadeliry.pro/e107935c-5ff3-4cb2-967b-b36cce1f9e5b(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:8009/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://www.fadeliry.pro/ee271019-9b2e-4c8c-803c-372cbb918bfa(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:3389/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://www.fadeliry.pro/0f8c4c2f-5839-4fe8-b14b-6f5b608d3cd8(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:6039/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://www.fadeliry.pro/39c6d1b0-58f2-4323-8001-0e019f8d23c9(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5903/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://www.fadeliry.pro/192ff551-e0f5-4988-8dc0-1575777ea4dd(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:7001/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://www.fadeliry.pro/d4a91a4f-a77f-4b74-85e0-9fd06b27d831(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5950/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://www.fadeliry.pro/8ce5126f-33f7-41ca-93c5-109643dc9a6c(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:7100/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://www.fadeliry.pro/68dea5a8-fa06-4639-9752-4c903de75420(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5931/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://www.fadeliry.pro/7be16d20-b564-44e7-bc90-7fb9ab40ace4(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5939/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://www.fadeliry.pro/72d2e0ee-46ba-4f28-8995-337412b498c9(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:7070/' failed: WebSocket is closed before the connection is established.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5h8i3ud8x7awtta6xkedajahyjeih4covmvv62r64ce9fcc6358593f3am1.e.aa.online-metrix.net
analytics.twitter.com
c.bing.com
cfa.fadeliry.pro
cfa.fidelity.com
clixqa4.fmr.com
cm.everesttech.net
cm.g.doubleclick.net
d.agkn.com
dmt.fidelity.com
dpm.demdex.net
dsum-sec.casalemedia.com
fidelity.demdex.net
fmrcorp.tt.omtrdc.net
googleads.g.doubleclick.net
h.online-metrix.net
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
nexus.ensighten.com
personal.fadeliry.pro
pixel.rubiconproject.com
rtd-tm.everesttech.net
rtd.tubemogul.com
sitecatalyst.fidelity.com
siteintercept.qualtrics.com
sjc1.qualtrics.com
stats.g.doubleclick.net
storage.glancecdn.net
sync-tm.everesttech.net
sync.search.spotxchange.com
us-u.openx.net
www.facebook.com
www.fadeliry.pro
www.glancecdn.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
zncvgjh8lmjxbkyln-fmrpi.siteintercept.qualtrics.com
clixqa4.fmr.com
personal.fadeliry.pro
104.17.208.240
104.17.209.240
104.244.42.67
15.236.176.210
151.101.130.49
151.101.2.49
172.217.16.194
185.64.189.110
185.80.39.216
185.94.180.126
2.16.186.185
23.11.206.9
2600:9000:206f:3e00:d:addc:2400:93a1
2606:4700:3035::6815:5f95
2620:1ec:c11::200
2a00:1450:4001:800::200e
2a00:1450:4001:80e::2003
2a00:1450:4001:811::2004
2a00:1450:4001:82a::2008
2a00:1450:4001:831::2002
2a00:1450:400c:c0c::9a
2a03:2880:f12d:83:face:b00c:0:25de
3.225.125.24
3.74.33.199
34.242.111.67
34.249.11.23
34.98.64.218
35.244.174.68
37.252.172.123
52.214.5.219
65.9.66.103
69.173.144.165
88.221.169.119
91.235.132.130
91.235.133.67
91.235.134.131
01b456b63ccf637be190ab22598ded353dfe8a2f49d4b589450d5f4e44d53c85
04c38ec86f7c7da00e13e1d44550b2cd0de84a1480e52056a8ef1005fe2f89f4
053f6f7de2dc83b0efa801d03de4f0f1b15cc6c43146f2f97484ee7384e05f21
06938dd593b945d6da6fe382a54eb2f8798be00d2f67281c8c16529a35bf9193
0b2502073850d32d0771c4f2c5c405d7855e61fad3719bd4efc12687523e3402
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d67fb1e900ac570b160aaf2200d35ab1d41f00d0979ade72034289e9d3ab262
163a0c97d1e6ecb76f27c79bf784c1d21ea923cc6f3cb33c4a276d185039584a
1717ea1fde8ceb7584341a24efc85c853083c660a1185968fbf94520f7193de2
1953b94ba034ab9ad857a51e0b28bb70b57a73a7fe51753d05df1cbdf0fb775b
1e37b248a85a3ba711b5dfe3d3c0b9efd2f361d41a28601acda628013c6a20d3
1ef8b37a63474996a7a2a5f1b20464bdcfda70740b292737fd1369a4c814b155
20ee45b17985faa6172dc3930d47bb56303e3e9f4452e72e2c0feb9d562a081d
2161468d3f649e8a99e59001323594264e28836181194356e5858bf0cf37a6ee
2451f78cdf73cb2817ec2a124bc1a77b9c7100f5c30bdb521b824a83677c83a0
261810b2a67fd59ab5e89584961e97a6ba419d5db0811ee5baf8b98affb49aa0
33f544d59c46dc9e521b38e634b51cbdfc4c010e92aa2bb00a75b31681859873
349adc0aa0b4d8a01d6333028da5edef079e75310696eeefdebc90a5bf64834f
34af42731cb2370ecef58756d13601e471cba541918aedfee81c5131c15e3afa
38310b4f61a09ec38b8e4303fa2eb4b9c7b804adfcaf0bff455152a12e9efc0c
3a8c79033d6f51d9221602443e34d42e174fd3d9fedd49be51747a5217ac01d7
4307168d52618587c52e25c713e7303523cc2731fae952adec27cba3cbeafeb5
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
459da4c8a9f2a70da8e894d10a363dea41b4d4cdb435af95186da4031da26464
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e8ecd6626e17c5f65b21bbdc7e5c33ddf3c57811eb8862fe7501c3362da6fba
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55e2b2ab595e0c192f763ad2c2a237f3f92ecc51e843da550393ffb51a7f115b
571e59607940fc3b89c6f087eab2341f8fb2d9254d1bcff54d36856778384db1
5fe7e6539ff5f1743439d2a6036982aaaa431e7b919b22874fb546c083fff9f7
5ff7b7fac25aa853e6041e6b12bfc361f97bf195872f166ff4684b1cca2c00ed
600d7ca8124e15df776c701868b82a0282b14f3ca64ffac4152b8c419f203b1c
61a7adddba7d096b4fa5ea4ef4e774c372f4169f870b0533e3cc4b708d43ba95
61fbcc82f876d63e9d0ddd1251d638646510ae157cd8ccc839144773ec53982c
656b507a55c361579615069ae025d160099bac360642eaba44bd2331f7fad4c3
6e72d30c589782e1029538ee2906d6c5f28f30f877e49e617002a16a434a7d6b
70ac34d176f59098e867cd1008c65de5e945ae2ee702444a4e6e9ee10ae314dd
739cee74d7fc4ed09047aa91e288cebb161abe861a7f5e55c137b38a2b0239b2
75130c88fd45f06e63bc933339fde630f4d3aa270150e5f07ebc0934f1c98295
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7f6b68da41024eaa3e62963ca740ffc101c6d18e0dcef244de384a4a0a38dc68
7f9dc30aa8e6d84f42f064d60c3aee3ca89337a6f38001b98561f836a52a6b68
80215e4d119951a2bdbb49d39524be4f7c8af7daeb0cd692ab70a90c9691889a
8149fdf3316c443ca4d5f707e6e25cda46e16b9d8b82651f1199f2af97070b7f
84694d83725e88328f1e12e509d9fd4244bbf60162859af52dee3e89917a5dd2
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8596f3beb992852b9e2f1bf8bb2460a8b416637203316575786f7efbf9894829
8bbd322d5b22764f29e7ff91003f0a7a25af17af76cbee3ff46e95a3d4d80b4f
90c8c49df9363f906709ff1407e338b965b70a1eed9f3e573a4306fd267f1c0c
90ca1ec69de35eb28fcd7f3dfe0215a56127cacf6b15b24780bb8b2478578d33
916f83f2e81b458e401fc26b0733372778fa05289ef0aec0cafab025ab47b23f
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
990d8853e6e6da4362a6c80a544f0c37b3d9fc53f5eaeaa590c6dd8427bfaf67
9a169cc782012d9a5ece8cf798f618fdb59bcbd85da9576b80fd419399c1c225
9b42c3e71681366cd6ec743a3bcc6d8f739f09415dc72875e539d98ff05cb35c
9b5ced1410bcd204e17bd6f80d05d7c6ee8f6317bc7275a4aabaab629402f0c6
9ff88b1e9e5b074a18cb830a6eee6e1713df09d4f3e8b8514cbd2a9f42925578
a68d55d5edf25c0baea3cd150e155c1c64eadbdc52a44ec5f239b8f27e250c8e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b376e7247f7b6432d3bd4f87c3598250819e31dfac7b17fa11f14ad568c35be1
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6
c0320ec20695d44f0fc3f0e3585aa6c6b7049384bcc668de7d4c0ce6bf00139b
c057703e7565118ba2084013ce7b26196eb48eb1103925bc9f703b2b251fbbb7
c7630c8e5671cf2acbb8c0ec86338d1e4ee16db8d592090a112a1a3c496add08
cc8721a1adc4924783894d6a7ffc53ec2b6a9f1d434f6105fe0bfe632de8eb2b
ce5f87e0347813b71f6a3d7db10145ac286ba42e856f38ab778178319f3627a8
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d17ea77190820fb8045de841be49d7ca27100343608eddfc073513d676d932b3
d1f87eff1637d3287467600a212f06458eff3c31c6012998b170789ffa4cfa5a
d62ca817b668e2e7fe40448059352566ecf10985548312f7a24a9c8b83fa3813
daf07b1bdd569e5f245e99c5ea956ec01dc98f4caaff58115ed3794ef91c0eb9
dc67469f764740248afbb4352bd76c513c6c5799c219fe4ca0f1c9d306a91e05
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e07bd958925ada74f41859021ac752ddc2c7da287a426e8e5ebf8ae3d3073abe
e0efcff5e42f48dc59be55debd3f3debb3258a7c37b7d71bb22adb50ab10b450
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
eb55d122ba0e3370c1d5c52c60f16db655f997c045402c2e52187615ce580477
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0425893c03f4b8a6d59be0c17802a6e4dcde9132d1be5f9f606c4f7455a1267
f11cfac021e776d1cb5df281531986bf3cceb1bdffb50da0c4f2ff59903f6434
f1bb3c416bfa02d4195f58d02e84e137811c28280d3d73d7d5d29bfb161fa572
f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9
f6b4a6124675203780f1883d16d012e98448f6dceec35da99e980c073fcf1e71
f9d0a29020e337a1751b317be738734ed9ac6132c10492d16a774ab57247e6ab
fa43fd4073d3976c0bc94de0d58e6f81290443515528b60e80aa889fa38f80c2
fac61e050d5eb05f5b913840d0d65423757b34191c2dd41f434f4256dc54aa86
fac706f55a5bd3496b91099f0d5993416d3d549074a830f26c12c07030bcded6
ff02be69d7fe3d2e304f1d7f1e896093141acc5dc382e8b664c062376f51106d

www.fadeliry.pro Open in urlscan Pro 2606:4700:3035::6815:5f95 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

163 Requests

75 %HTTPS

28 %IPv6

27 Domains

40 Subdomains

33 IPs

9 Countries

1025 kBTransfer

3974 kBSize

40 Cookies

0 Outgoing links

Redirected requests

163 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.fadeliry.pro Open in urlscan Pro
2606:4700:3035::6815:5f95 Public Scan

Screenshot
Live screenshot

Full Image

163
Requests

75 %
HTTPS

28 %
IPv6

27
Domains

40
Subdomains

33
IPs

9
Countries

1025 kB
Transfer

3974 kB
Size

40
Cookies

163 HTTP transactions
0 data transactions