urlscan.io logo urlscan.io
SecurityTrails logo

www.abonnesturf.1s.fr Open in urlscan Pro
5.135.149.81  Public Scan

Go To Rescan Add Verdict Report
URL: http://www.abonnesturf.1s.fr/index.php
Submission: On May 18 via manual from ML — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 3 countries across 16 domains to perform 45 HTTP transactions. The main IP is 5.135.149.81, located in France and belongs to OVH, FR. The main domain is www.abonnesturf.1s.fr.
This is the only time www.abonnesturf.1s.fr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

10    5.135.149.81 (France)

ASN16276 (OVH, FR)
PTR: web3.venez.net
www.abonnesturf.1s.fr
www.venez.fr
8    194.150.236.165 (France)

ASN44976 (HIWIT_AS, FR)
PTR: ns5.hiwit.net
www.turf.dafun.com
6    2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
8    2a06:98c1:3120::a (United States)

ASN13335 (CLOUDFLARENET, US)
img.root-top.com
3    88.99.130.181 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: freegifmaker.me
www.loogix.com
3    3.66.136.156 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
freegifmaker.me
1    194.150.236.166 (France)

ASN44976 (HIWIT_AS, FR)
PTR: ns6.hiwit.net
www.turfinfos.ouba.com
4    185.119.26.1 (France)

ASN203544 (WEBDEVIIN-AS, FR)
PTR: 1.26.119.185.in-addr.arpa
payment.allopass.com
2    2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net
partner.googleadservices.com
1    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.fr
1    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
3    2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:803::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
Apex Domain
Subdomains		 Transfer
9 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 95
tpc.googlesyndication.com — Cisco Umbrella Rank: 130
201 KB
8 root-top.com
img.root-top.com
7 KB
8 dafun.com
www.turf.dafun.com
1 MB
7 venez.fr
www.venez.fr
9 KB
4 allopass.com
payment.allopass.com
11 KB
3 freegifmaker.me
freegifmaker.me
142 KB
3 loogix.com
www.loogix.com
738 B
3 1s.fr
www.abonnesturf.1s.fr
3 KB
2 google.com
adservice.google.com — Cisco Umbrella Rank: 74
www.google.com — Cisco Umbrella Rank: 7
2 KB
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 44
5 KB
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37
20 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 71
39 KB
1 google.fr
adservice.google.fr — Cisco Umbrella Rank: 26188
792 B
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 789
640 B
1 ouba.com
www.turfinfos.ouba.com
6 KB
0 zone-turf.fr Failed
www.zone-turf.fr — Cisco Umbrella Rank: 297650 Failed
45 16
Domain Requested by
8 img.root-top.com 7 redirects www.turf.dafun.com
8 www.turf.dafun.com www.abonnesturf.1s.fr
www.turf.dafun.com
7 www.venez.fr www.abonnesturf.1s.fr
www.venez.fr
6 pagead2.googlesyndication.com www.abonnesturf.1s.fr
pagead2.googlesyndication.com
tpc.googlesyndication.com
4 payment.allopass.com www.turf.dafun.com
payment.allopass.com
3 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
www.abonnesturf.1s.fr
3 freegifmaker.me www.turf.dafun.com
3 www.loogix.com 3 redirects
3 www.abonnesturf.1s.fr www.abonnesturf.1s.fr
2 googleads.g.doubleclick.net pagead2.googlesyndication.com
1 www.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com payment.allopass.com
1 www.google.com tpc.googlesyndication.com
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.fr pagead2.googlesyndication.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 www.turfinfos.ouba.com www.turf.dafun.com
0 www.zone-turf.fr Failed www.turf.dafun.com
45 18

This site contains no links.

Subject Issuer Validity Valid
venez.fr
R3		 2022-03-25 -
2022-06-23		 3 months crt.sh
*.allopass.com
Gandi Standard SSL CA 2		 2021-10-08 -
2022-10-08		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.google.fr
GTS CA 1C3		 2022-04-25 -
2022-07-18		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-04-25 -
2022-07-18		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-04-25 -
2022-07-18		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh

This page contains 9 frames:

Primary Page: http://www.abonnesturf.1s.fr/index.php
Frame ID: 07E0EBA2CED89A0482C8CC40BBFC96A7
Requests: 1 HTTP requests in this frame

Frame: http://www.abonnesturf.1s.fr/barre-abonnesturf.1s.fr.html
Frame ID: 30824FA516469562A42AA4E0141C73EE
Requests: 12 HTTP requests in this frame

Frame: http://www.turf.dafun.com/pronos/abonnesturf/index.php
Frame ID: 8AD06016F329330566141E5B460FA10F
Requests: 20 HTTP requests in this frame

Frame: http://www.abonnesturf.1s.fr/stats-abonnesturf.1s.fr.html
Frame ID: 8A79E70478D06F373B0A58E543CC6F52
Requests: 1 HTTP requests in this frame

Frame: https://www.venez.fr/alternate-barre.htm
Frame ID: 1107972B8EEC4100A6B8AC2A5B54FB5E
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220511/r20190131/zrt_lookup.html
Frame ID: 90868F8B13C144C4544CDA78689FFA35
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5203714787387788&output=html&h=90&slotname=4563536207&adk=2647235303&adf=3604715433&pi=t.ma~as.4563536207&w=970&psa=0&format=970x90&url=http%3A%2F%2Fwww.abonnesturf.1s.fr%2Findex.php&ea=0&wgl=1&dt=1652893210485&bpp=4&bdt=314&idt=191&shv=r20220511&mjsv=m202205120101&ptt=9&saldr=aa&correlator=7095771583384&frm=23&ife=1&pv=2&ga_vid=1095336553.1652893211&ga_sid=1652893211&ga_hid=1745075589&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=20&ady=0&biw=1600&bih=1200&isw=1600&ish=90&ifk=2071789444&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761043%2C31065544%2C31067528%2C31067628%2C31062931&oid=2&pvsid=3297194283933979&pem=406&tmod=1062143010&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=o%7Co%7CaeE%7C&abl=NA&pfx=0&fu=4&bc=23&ifi=1&uci=1.414lq5a1dm9n&fsb=1&dtd=208
Frame ID: 320B86B30B72D3829A4E300D34D799A0
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 98FD0A9178B0FD2F7C92855A6426B61A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B41F007475AA123F6C0DA731B9D28270
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ABONNESTURF

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js

Page Statistics

45
Requests

60 %
HTTPS

56 %
IPv6

16
Domains

18
Subdomains

16
IPs

3
Countries

1493 kB
Transfer

1939 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • http://img.root-top.com/topsite/miroirduturf/banner.gif HTTP 301
  • https://img.root-top.com/topsite/miroirduturf/banner.gif HTTP 302
  • http://www.loogix.com/img/res/1/4/0/8/2/6/14082678501421827.gif?1408267850 HTTP 301
  • http://freegifmaker.me/img/res/1/4/0/8/2/6/14082678501421827.gif?1408267850
Request Chain 15
  • http://img.root-top.com/topsite/lc13/banner.gif HTTP 301
  • https://img.root-top.com/topsite/lc13/banner.gif
Request Chain 16
  • http://img.root-top.com/topsite/bienjouer/banner.gif HTTP 301
  • https://img.root-top.com/topsite/bienjouer/banner.gif HTTP 302
  • http://www.loogix.com/img/res/1/3/9/3/7/5/13937580041908691.gif HTTP 301
  • http://freegifmaker.me/img/res/1/3/9/3/7/5/13937580041908691.gif
Request Chain 17
  • http://img.root-top.com/topsite/turfgagnant/banner.gif HTTP 301
  • https://img.root-top.com/topsite/turfgagnant/banner.gif HTTP 302
  • http://www.loogix.com/img/res/1/4/0/0/6/6/1400663748165342.gif?1400663749 HTTP 301
  • http://freegifmaker.me/img/res/1/4/0/0/6/6/1400663748165342.gif?1400663749
Request Chain 20
  • http://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium

45 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.php
www.abonnesturf.1s.fr/ 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.abonnesturf.1s.fr/index.php
Protocol
HTTP/1.1
Server
5.135.149.81 , France, ASN16276 (OVH, FR),
Reverse DNS
web3.venez.net
Software
Apache /
Resource Hash
8802fdcd7c23840a84f6440f2c455cf5cad0583dcd9ccb17c83e7da9f68263af

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
1098
Content-Type
text/html; charset=iso-8859-1
Date
Wed, 18 May 2022 17:00:09 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Vary
Host,Accept-Encoding
barre-abonnesturf.1s.fr.html
www.abonnesturf.1s.fr/ Frame 3082 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.abonnesturf.1s.fr/barre-abonnesturf.1s.fr.html
Requested by
Host: www.abonnesturf.1s.fr
URL: http://www.abonnesturf.1s.fr/index.php
Protocol
HTTP/1.1
Server
5.135.149.81 , France, ASN16276 (OVH, FR),
Reverse DNS
web3.venez.net
Software
Apache /
Resource Hash
0bbaf9cf448aa834e165863d2974c0c1079450318f27a32a91cddeb7bddee69c

Request headers

Referer
http://www.abonnesturf.1s.fr/index.php
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
1486
Content-Type
text/html; charset=ISO-8859-1
Date
Wed, 18 May 2022 17:00:09 GMT
Expires
Wed, 18 May 2022 17:00:09 GMT
Keep-Alive
timeout=5, max=99
Last-Modified
Wed, 18 May 2022 17:00:09 GMT
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
index.php
www.turf.dafun.com/pronos/abonnesturf/ Frame 8AD0 		11 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.turf.dafun.com/pronos/abonnesturf/index.php
Requested by
Host: www.abonnesturf.1s.fr
URL: http://www.abonnesturf.1s.fr/index.php
Protocol
HTTP/1.1
Server
194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS
ns5.hiwit.net
Software
Apache /
Resource Hash
2719a9f1d8cc54f0c76876191aa3c2c0515ad30f470e3068521902e36e34c3ad

Request headers

Referer
http://www.abonnesturf.1s.fr/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Connection
Keep-Alive
Content-Type
text/html
Date
Wed, 18 May 2022 17:00:10 GMT
Keep-Alive
timeout=15, max=100
Server
Apache
Transfer-Encoding
chunked
Vary
Host
stats-abonnesturf.1s.fr.html
www.abonnesturf.1s.fr/ Frame 8A79 		0
192 B 		Document
General
Check archive.org
Download Go to
Full URL
http://www.abonnesturf.1s.fr/stats-abonnesturf.1s.fr.html
Requested by
Host: www.abonnesturf.1s.fr
URL: http://www.abonnesturf.1s.fr/index.php
Protocol
HTTP/1.1
Server
5.135.149.81 , France, ASN16276 (OVH, FR),
Reverse DNS
web3.venez.net
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://www.abonnesturf.1s.fr/index.php
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Connection
Keep-Alive
Content-Length
0
Content-Type
text/html; charset=iso-8859-1
Date
Wed, 18 May 2022 17:00:09 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
site.js
www.venez.fr/js/ Frame 3082 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.venez.fr/js/site.js?www.venez.fr
Requested by
Host: www.abonnesturf.1s.fr
URL: http://www.abonnesturf.1s.fr/barre-abonnesturf.1s.fr.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
5.135.149.81 , France, ASN16276 (OVH, FR),
Reverse DNS
web3.venez.net
Software
Apache /
Resource Hash
0c91a24c2deb753c963c48cd9c3e5d16ee96128b30bce193c4324e121728c306

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.abonnesturf.1s.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:09 GMT
Content-Encoding
gzip
Last-Modified
Wed, 18 May 2022 17:00:09 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
1023
Expires
Wed, 25 May 2022 17:00:09 GMT
separateur90.gif
www.venez.fr/images/ Frame 3082 		82 B
388 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.venez.fr/images/separateur90.gif
Requested by
Host: www.abonnesturf.1s.fr
URL: http://www.abonnesturf.1s.fr/barre-abonnesturf.1s.fr.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
5.135.149.81 , France, ASN16276 (OVH, FR),
Reverse DNS
web3.venez.net
Software
Apache /
Resource Hash
3289fc83b622ca0a13683fa81b006a05de135d1938744d6e30e5c9be2f2d782a

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.abonnesturf.1s.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:09 GMT
Last-Modified
Thu, 15 Nov 2018 22:11:22 GMT
Server
Apache
ETag
"52-57abb54b25680"
Content-Type
image/gif
Cache-Control
max-age=604800, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
82
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame 3082 		156 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: www.abonnesturf.1s.fr
URL: http://www.abonnesturf.1s.fr/barre-abonnesturf.1s.fr.html
Protocol
HTTP/1.1
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c33347c19d7ac7e32c4d60bc87a31e2e4658557353e2ac70a154f57852154b1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.abonnesturf.1s.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Timing-Allow-Origin
*
Date
Wed, 18 May 2022 17:00:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
cafe
ETag
2807819708406934829
Vary
Accept-Encoding, Origin
P3P
policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control
private, max-age=3600
Cross-Origin-Resource-Policy
cross-origin
Content-Disposition
attachment; filename="f.txt"
Content-Type
text/javascript; charset=UTF-8
Content-Length
56016
X-XSS-Protection
0
Expires
Wed, 18 May 2022 17:00:10 GMT
alternate-barre.htm
www.venez.fr/ Frame 1107 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.venez.fr/alternate-barre.htm
Requested by
Host: www.abonnesturf.1s.fr
URL: http://www.abonnesturf.1s.fr/barre-abonnesturf.1s.fr.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
5.135.149.81 , France, ASN16276 (OVH, FR),
Reverse DNS
web3.venez.net
Software
Apache /
Resource Hash
ae62ef8d8f1c29f07722f4744ec3a081f0016e525cab740d679b67d230c2b5bf

Request headers

Referer
http://www.abonnesturf.1s.fr/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
848
Content-Type
text/html; charset=iso-8859-1
Date
Wed, 18 May 2022 17:00:09 GMT
Keep-Alive
timeout=5, max=99
Server
Apache
Vary
Accept-Encoding
barre90.gif
www.venez.fr/images/ Frame 3082 		110 B
416 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.venez.fr/images/barre90.gif
Requested by
Host: www.abonnesturf.1s.fr
URL: http://www.abonnesturf.1s.fr/barre-abonnesturf.1s.fr.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
5.135.149.81 , France, ASN16276 (OVH, FR),
Reverse DNS
web3.venez.net
Software
Apache /
Resource Hash
49d4ba84e10d9d1f2a83956dde4f20625fd11efc01f60a3a4552a9e09a05a74f

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.abonnesturf.1s.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:09 GMT
Last-Modified
Thu, 15 Nov 2018 22:06:23 GMT
Server
Apache
ETag
"6e-57abb42dff5c0"
Content-Type
image/gif
Cache-Control
max-age=604800, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
110
120x60.gif
www.venez.fr/images/ Frame 1107 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.venez.fr/images/120x60.gif
Requested by
Host: www.venez.fr
URL: https://www.venez.fr/alternate-barre.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
5.135.149.81 , France, ASN16276 (OVH, FR),
Reverse DNS
web3.venez.net
Software
Apache /
Resource Hash
7dc792d48132ff15a9ad8c11a139bf26f8e13aa3df30a71582ae406ddffdab4f

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.venez.fr/alternate-barre.htm
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:09 GMT
Last-Modified
Wed, 02 Mar 2011 00:16:24 GMT
Server
Apache
ETag
"f4c-49d74d2b9c600"
Content-Type
image/gif
Cache-Control
max-age=604800, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
3916
site.js
www.venez.fr/js/ Frame 1107 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.venez.fr/js/site.js?www.venez.fr
Requested by
Host: www.venez.fr
URL: https://www.venez.fr/alternate-barre.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
5.135.149.81 , France, ASN16276 (OVH, FR),
Reverse DNS
web3.venez.net
Software
Apache /
Resource Hash
0c91a24c2deb753c963c48cd9c3e5d16ee96128b30bce193c4324e121728c306

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.venez.fr/alternate-barre.htm
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:09 GMT
Content-Encoding
gzip
Last-Modified
Wed, 18 May 2022 17:00:09 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
1023
Expires
Wed, 25 May 2022 17:00:09 GMT
barre90.gif
www.venez.fr/images/ Frame 1107 		110 B
416 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.venez.fr/images/barre90.gif
Requested by
Host: www.venez.fr
URL: https://www.venez.fr/alternate-barre.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
5.135.149.81 , France, ASN16276 (OVH, FR),
Reverse DNS
web3.venez.net
Software
Apache /
Resource Hash
49d4ba84e10d9d1f2a83956dde4f20625fd11efc01f60a3a4552a9e09a05a74f

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.venez.fr/alternate-barre.htm
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:09 GMT
Last-Modified
Thu, 15 Nov 2018 22:06:23 GMT
Server
Apache
ETag
"6e-57abb42dff5c0"
Content-Type
image/gif
Cache-Control
max-age=604800, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
110
h1.png
www.turf.dafun.com/pronos/abonnesturf/ Frame 8AD0 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.turf.dafun.com/pronos/abonnesturf/h1.png
Requested by
Host: www.turf.dafun.com
URL: http://www.turf.dafun.com/pronos/abonnesturf/index.php
Protocol
HTTP/1.1
Server
194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS
ns5.hiwit.net
Software
Apache /
Resource Hash
acb0939b88719c0a69a6333ed54b8be78afaa623f53873be5f698ae052aa7293

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.turf.dafun.com/pronos/abonnesturf/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:10 GMT
Last-Modified
Tue, 13 Oct 2015 10:55:32 GMT
Server
Apache
ETag
"e75cd9-7414-521fa48e41100"
Vary
Host
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Content-Length
29716
head.jpg
www.turf.dafun.com/pronos/abonnesturf/ Frame 8AD0 		285 KB
285 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.turf.dafun.com/pronos/abonnesturf/head.jpg
Requested by
Host: www.turf.dafun.com
URL: http://www.turf.dafun.com/pronos/abonnesturf/index.php
Protocol
HTTP/1.1
Server
194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS
ns5.hiwit.net
Software
Apache /
Resource Hash
4b7fad91f5413c7460b5e04ea365d0bed0b91502482973fd34bfb3e204fe61e0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.turf.dafun.com/pronos/abonnesturf/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:10 GMT
Last-Modified
Sat, 17 Apr 2021 11:52:50 GMT
Server
Apache
ETag
"e75d26-47215-5c029bc5da880"
Vary
Host
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
291349
14082678501421827.gif
freegifmaker.me/img/res/1/4/0/8/2/6/ Frame 8AD0
Redirect Chain
  • http://img.root-top.com/topsite/miroirduturf/banner.gif
  • https://img.root-top.com/topsite/miroirduturf/banner.gif
  • http://www.loogix.com/img/res/1/4/0/8/2/6/14082678501421827.gif?1408267850
  • http://freegifmaker.me/img/res/1/4/0/8/2/6/14082678501421827.gif?1408267850
57 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://freegifmaker.me/img/res/1/4/0/8/2/6/14082678501421827.gif?1408267850
Requested by
Host: www.turf.dafun.com
URL: http://www.turf.dafun.com/pronos/abonnesturf/index.php
Protocol
HTTP/1.1
Server
3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
29e58a31046cbd8912e14634fb404dba058f422d9cf5cb9aa2e2759a2be89707

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.turf.dafun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:10 GMT
Content-Encoding
gzip
Response
200
Last-Modified
Sat, 14 May 2022 23:51:01 GMT
Server
nginx
Display
staticcontent_sol
Etag
"53f0764a-e259-gzip"
Vary
Accept-Encoding, Origin,Accept-Encoding
Content-Type
image/gif
X-Middleton-Display
staticcontent_sol
Expires
Wed, 25 May 2022 17:00:10 GMT
Cache-Control
max-age=604800
Transfer-Encoding
chunked
X-Middleton-Response
200
X-Ua-Compatible
IE=edge

Redirect headers

Location
http://freegifmaker.me/img/res/1/4/0/8/2/6/14082678501421827.gif?1408267850
Date
Wed, 18 May 2022 17:00:10 GMT
Server
nginx/1.12.0
Connection
keep-alive
Content-Length
185
Content-Type
text/html
logo.gif
www.turfinfos.ouba.com/ Frame 8AD0 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.turfinfos.ouba.com/logo.gif
Requested by
Host: www.turf.dafun.com
URL: http://www.turf.dafun.com/pronos/abonnesturf/index.php
Protocol
HTTP/1.1
Server
194.150.236.166 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS
ns6.hiwit.net
Software
Apache /
Resource Hash
b3d1ff1c03e608adcedb1eb0620301291d21d70834b11c8e6f1d710351debd38

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.turf.dafun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:10 GMT
Last-Modified
Tue, 12 Sep 2017 08:21:11 GMT
Server
Apache
ETag
"134e672-169d-558f9b9ceebc0"
Vary
Host
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
5789
banner.gif
img.root-top.com/topsite/lc13/ Frame 8AD0
Redirect Chain
  • http://img.root-top.com/topsite/lc13/banner.gif
  • https://img.root-top.com/topsite/lc13/banner.gif
2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.root-top.com/topsite/lc13/banner.gif
Requested by
Host: www.turf.dafun.com
URL: http://www.turf.dafun.com/pronos/abonnesturf/index.php
Protocol
H2
Server
2a06:98c1:3120::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7495b7e83d34ce1d4509df7b853c249f11bd7a0a88d6ab70a36aebfc112e825

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.turf.dafun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 18 May 2022 17:00:10 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
213009
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2430
last-modified
Mon, 16 May 2022 05:50:01 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jktW6d9%2F0skDuhFiIbehii1wn6ZvCeVw5qaudDZVcd326dzYOHyeeMr91SLB9wLmaF%2Bm1NCGzOx5rHD9lMM15RUnP%2F37gsit7LpL1StbhaZEOoZRCWRfqNb%2BY9hcWELiO%2BrxLeA5KozDaCa56T3c"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400, must-revalidate
accept-ranges
bytes
cf-ray
70d625c5aadb4031-CDG
expires
Thu, 19 May 2022 05:50:01 GMT

Redirect headers

Date
Wed, 18 May 2022 17:00:10 GMT
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Age
1067
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CdDaJtVnW2NbSRAjs6cz8%2BfMdm97iDvxkZnjqhpJxoRrEOP1FBryEGRw77cAi671eYLQlwYw6P%2BycLzLyW6%2FYoAevCsotqXysWPLvxP6KfeiRMUp%2FMH06gSQXR9FUDPhoYnas%2FNpYxMy52BQTpOx"}],"group":"cf-nel","max_age":604800}
Location
https://img.root-top.com/topsite/lc13/banner.gif
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
70d625c52c9c99b4-CDG
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
0
13937580041908691.gif
freegifmaker.me/img/res/1/3/9/3/7/5/ Frame 8AD0
Redirect Chain
  • http://img.root-top.com/topsite/bienjouer/banner.gif
  • https://img.root-top.com/topsite/bienjouer/banner.gif
  • http://www.loogix.com/img/res/1/3/9/3/7/5/13937580041908691.gif
  • http://freegifmaker.me/img/res/1/3/9/3/7/5/13937580041908691.gif
10 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://freegifmaker.me/img/res/1/3/9/3/7/5/13937580041908691.gif
Requested by
Host: www.turf.dafun.com
URL: http://www.turf.dafun.com/pronos/abonnesturf/index.php
Protocol
HTTP/1.1
Server
3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
282bf0267358b4b4f834644fced15044b16455ebecce54a5278d67e0baa8feef

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.turf.dafun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:10 GMT
Content-Encoding
gzip
Response
200
Last-Modified
Sat, 14 May 2022 23:51:01 GMT
Server
nginx
Display
staticcontent_sol
Etag
"53130f34-26f1-gzip"
Vary
Accept-Encoding, Origin,Accept-Encoding
Content-Type
image/gif
X-Middleton-Display
staticcontent_sol
Expires
Wed, 25 May 2022 17:00:10 GMT
Cache-Control
max-age=604800
Transfer-Encoding
chunked
X-Middleton-Response
200
X-Ua-Compatible
IE=edge

Redirect headers

Location
http://freegifmaker.me/img/res/1/3/9/3/7/5/13937580041908691.gif
Date
Wed, 18 May 2022 17:00:10 GMT
Server
nginx/1.12.0
Connection
keep-alive
Content-Length
185
Content-Type
text/html
1400663748165342.gif
freegifmaker.me/img/res/1/4/0/0/6/6/ Frame 8AD0
Redirect Chain
  • http://img.root-top.com/topsite/turfgagnant/banner.gif
  • https://img.root-top.com/topsite/turfgagnant/banner.gif
  • http://www.loogix.com/img/res/1/4/0/0/6/6/1400663748165342.gif?1400663749
  • http://freegifmaker.me/img/res/1/4/0/0/6/6/1400663748165342.gif?1400663749
77 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://freegifmaker.me/img/res/1/4/0/0/6/6/1400663748165342.gif?1400663749
Requested by
Host: www.turf.dafun.com
URL: http://www.turf.dafun.com/pronos/abonnesturf/index.php
Protocol
HTTP/1.1
Server
3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
a51445ce818e264ccd17cdd92631fa7fb0f9536fda57df7270c54ddbe3444079

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.turf.dafun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:10 GMT
Content-Encoding
gzip
Response
200
Last-Modified
Sat, 14 May 2022 23:51:01 GMT
Server
nginx
Display
staticcontent_sol
Etag
"537c6ec5-1351b-gzip"
Vary
Accept-Encoding, Origin,Accept-Encoding
Content-Type
image/gif
X-Middleton-Display
staticcontent_sol
Expires
Wed, 25 May 2022 17:00:10 GMT
Cache-Control
max-age=604800
Transfer-Encoding
chunked
X-Middleton-Response
200
X-Ua-Compatible
IE=edge

Redirect headers

Location
http://freegifmaker.me/img/res/1/4/0/0/6/6/1400663748165342.gif?1400663749
Date
Wed, 18 May 2022 17:00:10 GMT
Server
nginx/1.12.0
Connection
keep-alive
Content-Length
185
Content-Type
text/html
checkout.apu
payment.allopass.com/buy/ Frame 8AD0 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payment.allopass.com/buy/checkout.apu?ids=352300&idd=1539058&lang=fr
Requested by
Host: www.turf.dafun.com
URL: http://www.turf.dafun.com/pronos/abonnesturf/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS
1.26.119.185.in-addr.arpa
Software
Apache /
Resource Hash
c102d3ed3e5f056645d35b31ab9ed84cd41636c5f1009b731c8b09e4f3127a38

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.turf.dafun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 May 2022 17:00:10 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP='NON NID OTPa OUR NOR' policy-ref='http://payment.allopass.com/info/p3p/policy-references.xml'
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
Content-Type
text/html
Content-Length
2960
Expires
Thu, 19 Nov 1981 08:52:00 GMT
ratio-thieben.jpg
www.turf.dafun.com/pronos/abonnesturf/ Frame 8AD0 		28 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.turf.dafun.com/pronos/abonnesturf/ratio-thieben.jpg
Requested by
Host: www.turf.dafun.com
URL: http://www.turf.dafun.com/pronos/abonnesturf/index.php
Protocol
HTTP/1.1
Server
194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS
ns5.hiwit.net
Software
Apache /
Resource Hash
9ec37f7a06412aa02f72942e4675e5b2a57cceaf03bbbef6c0c04d4f8fdb8d61

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.turf.dafun.com/pronos/abonnesturf/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:10 GMT
Last-Modified
Tue, 13 Oct 2015 10:55:40 GMT
Server
Apache
ETag
"e75d86-7121-521fa495e2300"
Vary
Host
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
28961
module_webmaster.php
www.zone-turf.fr/module/ Frame 8AD0
Redirect Chain
  • http://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
0
0
h3.png
www.turf.dafun.com/pronos/abonnesturf/ Frame 8AD0 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.turf.dafun.com/pronos/abonnesturf/h3.png
Requested by
Host: www.turf.dafun.com
URL: http://www.turf.dafun.com/pronos/abonnesturf/index.php
Protocol
HTTP/1.1
Server
194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS
ns5.hiwit.net
Software
Apache /
Resource Hash
5b5cceed2cb716c00e2ac6a024cf27d7efad1d17dda764769105ef14d4fe9355

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.turf.dafun.com/pronos/abonnesturf/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:10 GMT
Last-Modified
Tue, 13 Oct 2015 10:55:34 GMT
Server
Apache
ETag
"e75d0e-7436-521fa49029580"
Vary
Host
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
29750
arplan.jpg
www.turf.dafun.com/pronos/abonnesturf/ Frame 8AD0 		609 KB
609 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.turf.dafun.com/pronos/abonnesturf/arplan.jpg
Requested by
Host: www.turf.dafun.com
URL: http://www.turf.dafun.com/pronos/abonnesturf/index.php
Protocol
HTTP/1.1
Server
194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS
ns5.hiwit.net
Software
Apache /
Resource Hash
321e5e5af465f1753cdf0a077c1cfdc6eb72ca29f68d91496f184de7f1b0253f

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.turf.dafun.com/pronos/abonnesturf/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:10 GMT
Last-Modified
Sat, 17 Apr 2021 11:52:42 GMT
Server
Apache
ETag
"179a42f-9843d-5c029bbe39680"
Vary
Host
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
623677
h2.png
www.turf.dafun.com/pronos/abonnesturf/ Frame 8AD0 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.turf.dafun.com/pronos/abonnesturf/h2.png
Requested by
Host: www.turf.dafun.com
URL: http://www.turf.dafun.com/pronos/abonnesturf/index.php
Protocol
HTTP/1.1
Server
194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS
ns5.hiwit.net
Software
Apache /
Resource Hash
1dfedd383e1fc3d297e6a301ebd3045097c859b39b0c490bcff19527e05d56dd

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.turf.dafun.com/pronos/abonnesturf/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:10 GMT
Last-Modified
Tue, 13 Oct 2015 10:55:33 GMT
Server
Apache
ETag
"e75cfd-72ce-521fa48f35340"
Vary
Host
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
29390
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205120101/ Frame 3082 		309 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5203714787387788&plah=www.abonnesturf.1s.fr
Requested by
Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c4001b9474884c84314e54217dab003561a7dce7e4e3d762e125fb3539a907d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.abonnesturf.1s.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 18 May 2022 17:00:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112749
x-xss-protection
0
server
cafe
etag
11357289952706970154
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 18 May 2022 17:00:10 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220511/r20190131/ Frame 9086 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220511/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
42b853168bb627593eb95b83db66183f7b3bd442db24c37398f1958d1451acd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://www.abonnesturf.1s.fr/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

age
82011
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4421
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 17 May 2022 18:13:19 GMT
etag
1428802124239944296
expires
Tue, 31 May 2022 18:13:19 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
cookie.js
partner.googleadservices.com/gampad/ Frame 3082 		209 B
640 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=www.abonnesturf.1s.fr&callback=_gfp_s_&client=ca-pub-5203714787387788
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5203714787387788&plah=www.abonnesturf.1s.fr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
4c6a0adcfe24395347e4a870f05d35ffffdda1ff4597b0a7cebec362faa15068
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.abonnesturf.1s.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 18 May 2022 17:00:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
195
x-xss-protection
0
integrator.js
adservice.google.fr/adsid/ Frame 3082 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.fr/adsid/integrator.js?domain=www.abonnesturf.1s.fr
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5203714787387788&plah=www.abonnesturf.1s.fr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.abonnesturf.1s.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 18 May 2022 17:00:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 3082 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.abonnesturf.1s.fr
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5203714787387788&plah=www.abonnesturf.1s.fr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.abonnesturf.1s.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 18 May 2022 17:00:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 320B 		436 B
413 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5203714787387788&output=html&h=90&slotname=4563536207&adk=2647235303&adf=3604715433&pi=t.ma~as.4563536207&w=970&psa=0&format=970x90&url=http%3A%2F%2Fwww.abonnesturf.1s.fr%2Findex.php&ea=0&wgl=1&dt=1652893210485&bpp=4&bdt=314&idt=191&shv=r20220511&mjsv=m202205120101&ptt=9&saldr=aa&correlator=7095771583384&frm=23&ife=1&pv=2&ga_vid=1095336553.1652893211&ga_sid=1652893211&ga_hid=1745075589&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=20&ady=0&biw=1600&bih=1200&isw=1600&ish=90&ifk=2071789444&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761043%2C31065544%2C31067528%2C31067628%2C31062931&oid=2&pvsid=3297194283933979&pem=406&tmod=1062143010&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=o%7Co%7CaeE%7C&abl=NA&pfx=0&fu=4&bc=23&ifi=1&uci=1.414lq5a1dm9n&fsb=1&dtd=208
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5203714787387788&plah=www.abonnesturf.1s.fr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
00ecbffd21c28de1153f18934f68fae842e0373e0b28f4956718ea15e87f6495
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://www.abonnesturf.1s.fr/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
211
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 18 May 2022 17:00:10 GMT
expires
Wed, 18 May 2022 17:00:10 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame 3082 		14 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220511&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5203714787387788&plah=www.abonnesturf.1s.fr
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0599078e9539b3264dd89a11cc0fdbd47375ecb6d8be4c85e22ba8b6a5601820
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.abonnesturf.1s.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 18 May 2022 17:00:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10632
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 3082 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5203714787387788&plah=www.abonnesturf.1s.fr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.abonnesturf.1s.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 18 May 2022 17:00:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 18 May 2022 17:00:11 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 98FD 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://www.abonnesturf.1s.fr/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

accept-ranges
bytes
age
1819
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 18 May 2022 16:29:52 GMT
expires
Thu, 18 May 2023 16:29:52 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame B41F 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
1ca08296ac5da370a7378f69363940f1c3df6c633d6893a73a2ab4e48fb16c90
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-NexgNjLEfqmylMhism6Prw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.abonnesturf.1s.fr/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
511
content-security-policy
script-src 'report-sample' 'nonce-NexgNjLEfqmylMhism6Prw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 18 May 2022 17:00:11 GMT
expires
Wed, 18 May 2022 17:00:11 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
gtm.js
www.googletagmanager.com/ Frame 8AD0 		101 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NHFGDSD
Requested by
Host: payment.allopass.com
URL: https://payment.allopass.com/buy/checkout.apu?ids=352300&idd=1539058&lang=fr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
644d88f0dec19a31f9075abc8d3747206cad3bee66c11408b066512ebbe53222
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.turf.dafun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 18 May 2022 17:00:11 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39796
x-xss-protection
0
last-modified
Wed, 18 May 2022 16:23:05 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 18 May 2022 17:00:11 GMT
buy-button.css
payment.allopass.com/static/css/ Frame 8AD0 		2 KB
830 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payment.allopass.com/static/css/buy-button.css?1
Requested by
Host: payment.allopass.com
URL: https://payment.allopass.com/buy/checkout.apu?ids=352300&idd=1539058&lang=fr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS
1.26.119.185.in-addr.arpa
Software
Apache /
Resource Hash
95eb15e76b752a9c78d6281cd3b7c43a8fbc2931783edf3bf3703af55eff06e2

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.turf.dafun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:11 GMT
Content-Encoding
gzip
Last-Modified
Tue, 16 Nov 2021 13:36:55 GMT
Server
Apache
ETag
"232e2-69a-5d0e804cbabc0"
Vary
Accept-Encoding
Content-Type
text/css
Connection
close
Accept-Ranges
bytes
Content-Length
546
162x56.png
payment.allopass.com/static/buy/button/fr/ Frame 8AD0 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payment.allopass.com/static/buy/button/fr/162x56.png
Requested by
Host: www.turf.dafun.com
URL: http://www.turf.dafun.com/pronos/abonnesturf/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS
1.26.119.185.in-addr.arpa
Software
Apache /
Resource Hash
7dd9659e56e92abc376e04d427903b2cfca1d52d854d38e35fefa4cf9e7fd9db

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.turf.dafun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:11 GMT
Last-Modified
Tue, 16 Nov 2021 13:36:55 GMT
Server
Apache
ETag
"40f3d-1688-5d0e804cbabc0"
Content-Type
image/png
Connection
close
Accept-Ranges
bytes
Content-Length
5768
bt_ok.gif
payment.allopass.com/imgweb/common/ Frame 8AD0 		753 B
991 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payment.allopass.com/imgweb/common/bt_ok.gif
Requested by
Host: www.turf.dafun.com
URL: http://www.turf.dafun.com/pronos/abonnesturf/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS
1.26.119.185.in-addr.arpa
Software
Apache /
Resource Hash
d1d6b5efe0d6c2540778435a8f7873cbec1eb76a2b107370388a8806cb5dda6a

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.turf.dafun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:11 GMT
Last-Modified
Tue, 26 Nov 2019 14:39:46 GMT
Server
Apache
ETag
"432cd-2f1-59840d9fb3080"
Content-Type
image/gif
Connection
close
Accept-Ranges
bytes
Content-Length
753
arpnum.png
www.turf.dafun.com/pronos/abonnesturf/ Frame 8AD0 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.turf.dafun.com/pronos/abonnesturf/arpnum.png
Requested by
Host: www.turf.dafun.com
URL: http://www.turf.dafun.com/pronos/abonnesturf/index.php
Protocol
HTTP/1.1
Server
194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS
ns5.hiwit.net
Software
Apache /
Resource Hash
f2207fe2c468645234ccc51e5d925121bf6ad9075e84b3c898fd2855981fba10

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.turf.dafun.com/pronos/abonnesturf/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 18 May 2022 17:00:11 GMT
Last-Modified
Tue, 13 Oct 2015 10:55:31 GMT
Server
Apache
ETag
"e75cc8-7055-521fa48d4cec0"
Vary
Host
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Content-Length
28757
Yd3cEgPtLOfKcy7GxWkHziCM9jl-6RVWGk-YTJsF5Kc.js
pagead2.googlesyndication.com/bg/ Frame 98FD 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Yd3cEgPtLOfKcy7GxWkHziCM9jl-6RVWGk-YTJsF5Kc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61dddc1203ed2ce7ca732ec6c56907ce208cf6397ee915561a4f984c9b05e4a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 16:20:56 GMT
content-encoding
br
x-content-type-options
nosniff
age
88755
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13574
x-xss-protection
0
last-modified
Mon, 09 May 2022 12:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 17 May 2023 16:20:56 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame B41F 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220511&jk=3297194283933979&rc=
Requested by
Host: www.abonnesturf.1s.fr
URL: http://www.abonnesturf.1s.fr/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers
analytics.js
www.google-analytics.com/ Frame 8AD0 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NHFGDSD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.turf.dafun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
2463
date
Wed, 18 May 2022 16:19:08 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 18 May 2022 18:19:08 GMT
generate_204
tpc.googlesyndication.com/ Frame 98FD 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?9OORag
Requested by
Host: www.abonnesturf.1s.fr
URL: http://www.abonnesturf.1s.fr/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 18 May 2022 17:00:11 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ Frame 3082 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220511&jk=3297194283933979&bg=!GxilGFzNAAZL3OSAa9w7ACkAdvg8Wu_zYCE5jfsXphx5neZPbcWe3eKJT-ga8_BbbagNENJTLdJ7vgIAAABTUgAAAAJoAQcKAFx9IHeXxtMSWtFEMTD0lbTkwa7FCEvpNEKMyJ1e8RfnHcY0GjtP2OLwENlmtDAMbMQlAY1Fr0SxtGdB9cOl4xUWP_3txdTmgigFpPwL9h1KnakTnyiUgwVhP0YbgZkCwOdAWc-ZfZ7ZEmlFBitN3nOdC-tYEKQNqDaUKi3B7YDwsRCxP4eflYriHspyTIzuP8WiE8X-0ULUv77UOJpXgmANRJx0fFMXNSDJiay7wzFyPkSBQqAunxENhsvQKIrTYyUkCTiQYcDI_41VuuUnDVK7p88ycN_M55oCMfUPdab3kMFdmrhI0K_nqmXgv2n-PsUAdAph_QqKml55Y8PWu8OfdGTmR0wX6I8kuBfepfSSdHEgAY9oKtwo_ksbvvpgq908MdLRQYdGetoSVEDHVxOJ_MLkvqpDymSv4r3X0PF2NsYVoMhfWXzA60xRLB4TIJx4zcRd8galUIefc5v_z9DXP98A0L7b4rNi6cYyPTjqsLL1Fp2OzIXzdaFRLj-YzhzqiAHU3uXRwa2q4L7Wgc7fb4lBhje2HArGb56sYRSWUlGtKjE6FdOf2AbMc2DSDL8JTfu_DlRU_rYN6_F6_y3caf8V3v4SFSpD0l8GQKotFj43dVxuAW9nYAVwbChPg17TanDSWwgE8lmhTXc9s79Qo_oC2CAPsTxiH94lca7KpxyOOR2BtRVsEaLjt3v38KB9RpUVKeDJckiNbVi1qhLOhxhXJhI6raztRYcBRP7lyPvl_r2IX9HgApb1idjdhTU8QmyRU9GK3HZ3CWxwyBuaqVfGYo-35RcHdODJ8mrXw-ucZhXcYX9-EntCjXXw0K5_IHyikQpSJHzwmwBfZrOYdqL0NuZcVYj3_6SYXp6cPiFrwJCl5x5fqrYdvyFw2S4aB318W_ZuedM0ZIQdtFHMCMV-3TFhUKIm2qoEsr_jsZqd--eQjaWY2nbGispqU_Zf03n0rvN_smBQkkiwrBIpnK4fxnk8uEQGJfrI0maOMIrZhOPjlZORKUs3pZf_m8aKjiqGRaNXj0cEqfqF5fcOEQiyILC2pPk_5Vageajx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://www.abonnesturf.1s.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.zone-turf.fr
URL
https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| oncontextlost object| oncontextrestored function| structuredClone object| google_reactive_ads_global_state object| google_ad_modifications number| google_global_correlator object| google_prev_clients

4 Cookies

Domain/Path Name / Value
.1s.fr/ Name: __gads
Value: ID=e7f874672e3f559f-228c531197cd0052:T=1652893210:RT=1652893210:S=ALNI_Magfk0lhlv7HwvR4TIwlXLbctSNDQ
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
payment.allopass.com/ Name: ShopSessionId
Value: fd2bb510-b2ab-4ce2-88fd-a4cfb02d7921
.allopass.com/ Name: AP_CUSK
Value: 3568444282

1 Console Messages

Source Level URL
Text
network error URL: https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.fr
freegifmaker.me
googleads.g.doubleclick.net
img.root-top.com
pagead2.googlesyndication.com
partner.googleadservices.com
payment.allopass.com
tpc.googlesyndication.com
www.abonnesturf.1s.fr
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.loogix.com
www.turf.dafun.com
www.turfinfos.ouba.com
www.venez.fr
www.zone-turf.fr
www.zone-turf.fr
142.250.184.226
185.119.26.1
194.150.236.165
194.150.236.166
2a00:1450:4001:801::2002
2a00:1450:4001:803::2008
2a00:1450:4001:811::2001
2a00:1450:4001:811::2004
2a00:1450:4001:812::2002
2a00:1450:4001:827::2002
2a00:1450:4001:831::2002
2a00:1450:4001:831::200e
2a06:98c1:3120::a
3.66.136.156
5.135.149.81
88.99.130.181
00ecbffd21c28de1153f18934f68fae842e0373e0b28f4956718ea15e87f6495
0599078e9539b3264dd89a11cc0fdbd47375ecb6d8be4c85e22ba8b6a5601820
0bbaf9cf448aa834e165863d2974c0c1079450318f27a32a91cddeb7bddee69c
0c91a24c2deb753c963c48cd9c3e5d16ee96128b30bce193c4324e121728c306
1ca08296ac5da370a7378f69363940f1c3df6c633d6893a73a2ab4e48fb16c90
1dfedd383e1fc3d297e6a301ebd3045097c859b39b0c490bcff19527e05d56dd
2719a9f1d8cc54f0c76876191aa3c2c0515ad30f470e3068521902e36e34c3ad
282bf0267358b4b4f834644fced15044b16455ebecce54a5278d67e0baa8feef
29e58a31046cbd8912e14634fb404dba058f422d9cf5cb9aa2e2759a2be89707
321e5e5af465f1753cdf0a077c1cfdc6eb72ca29f68d91496f184de7f1b0253f
3289fc83b622ca0a13683fa81b006a05de135d1938744d6e30e5c9be2f2d782a
42b853168bb627593eb95b83db66183f7b3bd442db24c37398f1958d1451acd6
49d4ba84e10d9d1f2a83956dde4f20625fd11efc01f60a3a4552a9e09a05a74f
4b7fad91f5413c7460b5e04ea365d0bed0b91502482973fd34bfb3e204fe61e0
4c6a0adcfe24395347e4a870f05d35ffffdda1ff4597b0a7cebec362faa15068
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5b5cceed2cb716c00e2ac6a024cf27d7efad1d17dda764769105ef14d4fe9355
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61dddc1203ed2ce7ca732ec6c56907ce208cf6397ee915561a4f984c9b05e4a7
644d88f0dec19a31f9075abc8d3747206cad3bee66c11408b066512ebbe53222
7dc792d48132ff15a9ad8c11a139bf26f8e13aa3df30a71582ae406ddffdab4f
7dd9659e56e92abc376e04d427903b2cfca1d52d854d38e35fefa4cf9e7fd9db
8802fdcd7c23840a84f6440f2c455cf5cad0583dcd9ccb17c83e7da9f68263af
95eb15e76b752a9c78d6281cd3b7c43a8fbc2931783edf3bf3703af55eff06e2
9ec37f7a06412aa02f72942e4675e5b2a57cceaf03bbbef6c0c04d4f8fdb8d61
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a51445ce818e264ccd17cdd92631fa7fb0f9536fda57df7270c54ddbe3444079
acb0939b88719c0a69a6333ed54b8be78afaa623f53873be5f698ae052aa7293
ae62ef8d8f1c29f07722f4744ec3a081f0016e525cab740d679b67d230c2b5bf
b3d1ff1c03e608adcedb1eb0620301291d21d70834b11c8e6f1d710351debd38
b7495b7e83d34ce1d4509df7b853c249f11bd7a0a88d6ab70a36aebfc112e825
c102d3ed3e5f056645d35b31ab9ed84cd41636c5f1009b731c8b09e4f3127a38
c33347c19d7ac7e32c4d60bc87a31e2e4658557353e2ac70a154f57852154b1e
c4001b9474884c84314e54217dab003561a7dce7e4e3d762e125fb3539a907d5
d1d6b5efe0d6c2540778435a8f7873cbec1eb76a2b107370388a8806cb5dda6a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f2207fe2c468645234ccc51e5d925121bf6ad9075e84b3c898fd2855981fba10