1155.win.qureka.co Open in urlscan Pro
158.69.126.204 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://1155.win.qureka.com/
Effective URL:
https://1155.win.qureka.co/intro/question
Submission: On August 30 via manual (August 30th 2022, 8:55:02 pm UTC) from US — Scanned from DE

Summary HTTP 146 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 19 IPs in 4 countries across 14 domains to perform 146 HTTP transactions. The main IP is 158.69.126.204, located in Montreal, Canada and belongs to OVH, FR. The main domain is 1155.win.qureka.co.
TLS certificate: Issued by R3 on July 5th 2022. Valid for: 3 months.

This is the only time 1155.win.qureka.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	103.146.40.63 103.146.40.63	18229 (CTRLS-AS-...) (CTRLS-AS-IN CtrlS Datacenters Ltd.)
2 38	158.69.126.204 158.69.126.204	16276 (OVH) (OVH)
14	164.52.203.24 164.52.203.24	132420 (E2E-NETWO...) (E2E-NETWORKS-IN 282)
2	2606:4700:303... 2606:4700:3033::6815:3f36	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1 4	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	() ()
146	19

1 103.146.40.63 (India) 1 redirects

ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN)

1155.win.qureka.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 158.69.126.204 (Montreal, Canada) 2 redirects

ASN16276 (OVH, FR)
PTR: ns522494.ip-158-69-126.net

1155.win.qureka.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 164.52.203.24 (India)

ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN)
PTR: e2e-71-24.ssdcloudindia.net

fecdn.qureka.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3033::6815:3f36 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (None, )

ASN- ()

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
52	qureka.co 2 redirects 1155.win.qureka.co fecdn.qureka.co	2 MB
37	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 123 tpc.googlesyndication.com — Cisco Umbrella Rank: 159	670 KB
14	gstatic.com www.gstatic.com fonts.gstatic.com	136 KB
11	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 54 ajax.googleapis.com — Cisco Umbrella Rank: 286	65 KB
10	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 52	124 KB
8	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 88 www.google.com — Cisco Umbrella Rank: 9	2 KB
4	google.de adservice.google.de — Cisco Umbrella Rank: 8811	1 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 194	132 KB
2	google-analytics.com www.google-analytics.com	20 KB
2	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 882	697 B
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 219	10 KB
2	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 941	813 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 78	41 KB
1	qureka.com 1 redirects 1155.win.qureka.com	784 B
146	14

	Domain	Requested by
38	1155.win.qureka.co	2 redirects 1155.win.qureka.co fecdn.qureka.co
19	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
18	pagead2.googlesyndication.com	1155.win.qureka.co pagead2.googlesyndication.com tpc.googlesyndication.com
14	fecdn.qureka.co	1155.win.qureka.co
11	www.gstatic.com	1155.win.qureka.co googleads.g.doubleclick.net
10	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
9	fonts.googleapis.com	1155.win.qureka.co googleads.g.doubleclick.net
4	www.google.com	1 redirects tpc.googlesyndication.com googleads.g.doubleclick.net
4	adservice.google.com	pagead2.googlesyndication.com
4	adservice.google.de	pagead2.googlesyndication.com
3	www.googletagservices.com	googleads.g.doubleclick.net
3	fonts.gstatic.com	fonts.googleapis.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	partner.googleadservices.com	pagead2.googlesyndication.com
2	ajax.googleapis.com	1155.win.qureka.co
2	cdnjs.cloudflare.com	1155.win.qureka.co
2	use.fontawesome.com	1155.win.qureka.co
1	www.googletagmanager.com	1155.win.qureka.co
1	1155.win.qureka.com	1 redirects
146	19

This site contains links to these domains. Also see Links.

Domain
www.qurekalite.com

Subject Issuer	Validity	Valid
*.win.qureka.co R3	`2022-07-05` - `2022-10-03`	3 months	crt.sh
fecdn.qureka.co R3	`2022-06-23` - `2022-09-21`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-06` - `2023-06-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh

This page contains 15 frames:

Primary Page: https://1155.win.qureka.co/intro/question
Frame ID: 1399C0D890BA6D215576D834BCE7B16D
Requests: 95 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20190131/zrt_lookup.html
Frame ID: BD35CB385201AAD63BF2752F3AE20E6F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8137430087055934&output=html&adk=1812271804&adf=3025194257&lmt=1661892897&plat=1%3A16777216%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2F1155.win.qureka.co%2Fintro%3Bjsessionid%3D82F8A1036D2AD95017A4D995935258A3&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661892897252&bpp=3&bdt=1694&idt=215&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8590589378058&frm=20&pv=2&ga_vid=1380633514.1661892897&ga_sid=1661892897&ga_hid=2101320871&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31062931&oid=2&pvsid=2563739940666425&tmod=1536280696&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=237
Frame ID: 1393CD73399F1C5F9B777425AEC769D2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1
Frame ID: B9A13982BE3922158BA49D281A0737D2
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: F3F0B243E5B520F0DD244486C5ADE622
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/OjkVMSBLCKffYYJCcR1sndQZ2h8-FW78sMeE84aZbRQ.js
Frame ID: 21540D4F395A9977AE101E9BC18BECF0
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A933AEA5A6DD138729584F05D6D6C7EE
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A8B421072D5A8CFC2954906B19E3AD8D
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20190131/zrt_lookup.html
Frame ID: 8EB40677BA4A86340183A821F3DC8CA6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8137430087055934&output=html&adk=1812271804&adf=3025194257&lmt=1661892901&plat=1%3A16777216%2C2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2F1155.win.qureka.co%2Fintro%2Fquestion&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661892900885&bpp=3&bdt=1269&idt=172&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D15e4136980febbf5-228385e70bce0059%3AT%3D1661892897%3ART%3D1661892897%3AS%3DALNI_MYavjTQ7Sy_QGeMVtLwYL39g0lrHw&nras=1&correlator=4230268263538&frm=20&pv=2&ga_vid=1935520878.1661892901&ga_sid=1661892901&ga_hid=5789849&ga_fc=0&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761793%2C44760911%2C44767166%2C44770881&oid=2&pvsid=1090744991192274&tmod=227493226&uas=0&nvt=1&ref=https%3A%2F%2F1155.win.qureka.co%2Fintro%3Bjsessionid%3D82F8A1036D2AD95017A4D995935258A3&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=187
Frame ID: 0405AA07BDB75CFA8C0F463FA1B95570
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8137430087055934&output=html&h=280&slotname=2062501451&adk=3741451252&adf=3494793682&pi=t.ma~as.2062501451&w=350&fwrn=4&fwrnh=100&lmt=1661892901&rafmt=1&rdp=0&psa=1&format=350x280&url=https%3A%2F%2F1155.win.qureka.co%2Fintro%2Fquestion&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661892901101&bpp=2&bdt=1484&idt=2&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D15e4136980febbf5-228385e70bce0059%3AT%3D1661892897%3ART%3D1661892897%3AS%3DALNI_MYavjTQ7Sy_QGeMVtLwYL39g0lrHw&prev_fmts=0x0&nras=1&correlator=4230268263538&frm=20&pv=1&ga_vid=1935520878.1661892901&ga_sid=1661892901&ga_hid=5789849&ga_fc=0&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=625&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761793%2C44760911%2C44767166%2C44770881&oid=2&pvsid=1090744991192274&tmod=227493226&uas=0&nvt=1&ref=https%3A%2F%2F1155.win.qureka.co%2Fintro%3Bjsessionid%3D82F8A1036D2AD95017A4D995935258A3&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=lF7N2gOmbN&p=https%3A//1155.win.qureka.co&dtd=9
Frame ID: 5E567311D1D73562205DD94D9030CA84
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 935D712ABE4479412DD6C8C65620FFDB
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1
Frame ID: 54795CBA2F564F01FBC550AA1A0259A3
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: F88E6691B2A2F5F3997CBB52B4D51A0E
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/OjkVMSBLCKffYYJCcR1sndQZ2h8-FW78sMeE84aZbRQ.js
Frame ID: CFDD2E72D16390541C55F6209AC48F82
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Qureka Lite

Page URL History Show full URLs

https://1155.win.qureka.com/ HTTP 302
https://1155.win.qureka.co/ HTTP 302
http://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3 HTTP 301
https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3 Page URL
https://1155.win.qureka.co/intro/question Page URL

Detected technologies

Firebase (Databases) Expand

Overall confidence: 100%
Detected patterns

/firebasejs/([\d.]+)/firebase

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

<meta[^>]*google-signin-client_id

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Moment Timezone (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment-timezone(?:-data)?(?:\.min)?\.js

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

146
Requests

99 %
HTTPS

79 %
IPv6

14
Domains

19
Subdomains

19
IPs

4
Countries

3670 kB
Transfer

8522 kB
Size

6
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.qurekalite.com/cookie-policy.html
Title: Learn more about how we use cookies

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://1155.win.qureka.com/ HTTP 302
https://1155.win.qureka.co/ HTTP 302
http://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3 HTTP 301
https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3 Page URL
https://1155.win.qureka.co/intro/question Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://1155.win.qureka.com/ HTTP 302
https://1155.win.qureka.co/ HTTP 302
http://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3 HTTP 301
https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3

Request Chain 125

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

146 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200

intro;jsessionid=82F8A1036D2AD95017A4D995935258A3 Show response
1155.win.qureka.co/
Redirect Chain

https://1155.win.qureka.com/
https://1155.win.qureka.co/
http://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3

11 KB
4 KB

940ms
940ms

Document
text/html

158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: e89d14508310786348dc009a70d181ddcc7642281a36074df101743060c5a518

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Encoding: gzip
Content-Language: de-DE
Content-Type: text/html;charset=UTF-8
Date: Tue, 30 Aug 2022 20:54:55 GMT
Server: nginx/1.16.1
Transfer-Encoding: chunked

Redirect headers

Connection: keep-alive
Content-Length: 169
Content-Type: text/html
Date: Tue, 30 Aug 2022 20:54:54 GMT
Location: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Server: nginx/1.16.1

GET
H2 200 bootstrap.min.css
fecdn.qureka.co/css/ 156 KB
156 KB 762ms
334ms Stylesheet
text/css 164.52.203.24
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://fecdn.qureka.co/css/bootstrap.min.css?version=2
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 164.52.203.24 , India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: e2e-71-24.ssdcloudindia.net
Software: nginx/1.16.1 /
Resource Hash: 2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:56 GMT
last-modified: Tue, 24 Aug 2021 07:16:48 GMT
server: nginx/1.16.1
etag: "61249ce0-26f1b"
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type: text/css
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 159515

GET
H2 200 all.js Show response
use.fontawesome.com/releases/v5.12.1/js/ 1 MB
407 KB 140ms
55ms Script
application/javascript 2606:4700:3033::6815:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.12.1/js/all.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30081cca00d16a1b3e17f364e55cf7f3bc210789122bd357943377c39f0b2ead

Request headers

Referer: https://1155.win.qureka.co/
Origin: https://1155.win.qureka.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:55 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 628834
access-control-allow-methods: GET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: XBBFEC7Z9MJRVQ71
x-amz-id-2: jcXRzCUkJ3sd+6/66Rhgms80eajmGDK4JIXQCs5xKXxltlU11VJZyxD9g2suIN0kLoU5/vMLcAA=
last-modified: Wed, 30 Jun 2021 15:38:16 GMT
server: cloudflare
etag: W/"c15792e690074db2442dd1a8cabfbb6b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PgUaDrB%2FzHgQixPs6LiIeULN%2FSxkb5%2FWv37mL9WfRSkV3iyUP5bQGy531BmdlN1II0tAz4%2F52DAWD9nJuAcnRqHBmfQ9ex919GKe%2FIwMZkRmR1%2BXHpcF3ay1ZboQADmoZScR97gg9xULsMpVURkg9nKg"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 74306ca5fa71baab-MXP

GET
H2 200 aes.js Show response
cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/ 13 KB
5 KB 100ms
41ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 7071177
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4256
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-3430"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FGQqAcVhmfqK%2BHiHNJ7nxI4fn32AWC7G8YcTRXvf7s71N6bEhoEYMe34C9U4BjnneXiOXZJjX0PLueupWkegWqhmx4AVCHpLdCn5dcyPZK72SO8F%2BjqrUz597Cna8VJ1Mb874SNU0i8CrAH72bv%2BJOcI"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 74306ca5dea123df-ZRH
expires: Sun, 20 Aug 2023 20:54:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 80ms
24ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:400,700

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2604b45b39193f2405a1a4b4f93b2d769fb6a67c8f1d0b097343e540c7911ec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 20:07:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 30 Aug 2022 20:54:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 30 Aug 2022 20:54:55 GMT

GET
H/1.1 200 style.css
1155.win.qureka.co/css/ 149 KB
18 KB 277ms
266ms Stylesheet
text/css 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/css/style.css?version=2
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 48ca9dd00cec2798405c88d58189780a3614b7cbbfed2c8d639ef6de06d95d15

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Feb 2022 10:00:39 GMT
Server: nginx/1.16.1
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: text/css;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H/1.1 200 main.css
1155.win.qureka.co/css/ 4 KB
2 KB 327ms
106ms Stylesheet
text/css 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/css/main.css?version=2
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 14f7ebbd5c4c6b776d6624ec0cc86553e24cd9bff65f696353d3742c570bf18e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Feb 2022 10:00:39 GMT
Server: nginx/1.16.1
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: text/css;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H/1.1 200 add2home.css
1155.win.qureka.co/css/ 621 B
1 KB 360ms
122ms Stylesheet
text/css 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/css/add2home.css
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 9a276accc759cbe507ab2959bbbc2badd8a6bcaf1bda3f199ee18c97c19392e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:55 GMT
Last-Modified: Fri, 11 Feb 2022 10:00:41 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: text/css;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 621

GET
H/1.1 200 common.css
1155.win.qureka.co/css/ 4 KB
2 KB 355ms
118ms Stylesheet
text/css 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/css/common.css
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 3b37e06e414610e7a765285272c07f4523bc1b52793b5f4f5c78bea1464b4a9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Feb 2022 10:00:48 GMT
Server: nginx/1.16.1
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: text/css;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.0.0/ 81 KB
29 KB 78ms
22ms Script
text/javascript 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.0.0/jquery.min.js

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d482871a5e948cb4884fa0972ea98a81abca057b6bd3f8c995a18c12487e761c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 18:12:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 441774
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29195
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 25 Aug 2023 18:12:01 GMT

GET
H2 200 jquery-3.5.1.min.js Show response
fecdn.qureka.co/js/ 87 KB
88 KB 1105ms
679ms Script
application/javascript 164.52.203.24
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://fecdn.qureka.co/js/jquery-3.5.1.min.js?version=2
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 164.52.203.24 , India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: e2e-71-24.ssdcloudindia.net
Software: nginx/1.16.1 /
Resource Hash: 6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:56 GMT
last-modified: Tue, 24 Aug 2021 07:16:43 GMT
server: nginx/1.16.1
etag: "61249cdb-15d83"
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 89475

GET
H2 200 popper.min.js Show response
fecdn.qureka.co/js/ 21 KB
21 KB 1106ms
679ms Script
application/javascript 164.52.203.24
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://fecdn.qureka.co/js/popper.min.js?version=2
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 164.52.203.24 , India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: e2e-71-24.ssdcloudindia.net
Software: nginx/1.16.1 /
Resource Hash: a5361be48e64297f23046a94801067bfcf644391c76de624cbce5560e35d660b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:56 GMT
last-modified: Tue, 24 Aug 2021 07:16:46 GMT
server: nginx/1.16.1
etag: "61249cde-5308"
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 21256

GET
H2 200 bootstrap.min.js Show response
fecdn.qureka.co/js/ 59 KB
59 KB 1105ms
679ms Script
application/javascript 164.52.203.24
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://fecdn.qureka.co/js/bootstrap.min.js?version=2
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 164.52.203.24 , India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: e2e-71-24.ssdcloudindia.net
Software: nginx/1.16.1 /
Resource Hash: 5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:56 GMT
last-modified: Tue, 24 Aug 2021 07:16:43 GMT
server: nginx/1.16.1
etag: "61249cdb-ea6a"
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 60010

GET
H2 200 moment.min.js Show response
fecdn.qureka.co/js/timezone/ 52 KB
53 KB 1104ms
678ms Script
application/javascript 164.52.203.24
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://fecdn.qureka.co/js/timezone/moment.min.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 164.52.203.24 , India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: e2e-71-24.ssdcloudindia.net
Software: nginx/1.16.1 /
Resource Hash: e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:56 GMT
last-modified: Tue, 24 Aug 2021 07:16:54 GMT
server: nginx/1.16.1
etag: "61249ce6-d04c"
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 53324

GET
H2 200 moment-timezone.js Show response
fecdn.qureka.co/js/timezone/ 151 KB
151 KB 1104ms
678ms Script
application/javascript 164.52.203.24
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://fecdn.qureka.co/js/timezone/moment-timezone.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 164.52.203.24 , India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: e2e-71-24.ssdcloudindia.net
Software: nginx/1.16.1 /
Resource Hash: 289def01ae1f9b0456ff7fea4bb091f25e9999421907ca2028b951ec0cd20078

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:56 GMT
last-modified: Tue, 24 Aug 2021 07:16:54 GMT
server: nginx/1.16.1
etag: "61249ce6-25a03"
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 154115

GET
H2 200 luxon.min.js Show response
fecdn.qureka.co/js/timezone/ 70 KB
71 KB 1104ms
678ms Script
application/javascript 164.52.203.24
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://fecdn.qureka.co/js/timezone/luxon.min.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 164.52.203.24 , India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: e2e-71-24.ssdcloudindia.net
Software: nginx/1.16.1 /
Resource Hash: e2c6d3ce60825bd2c6ac88793ac37c5793df75a77517533084b00ec972a7b04d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:56 GMT
last-modified: Tue, 24 Aug 2021 07:16:53 GMT
server: nginx/1.16.1
etag: "61249ce5-119bf"
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 72127

GET
H2 200 firebase-app.js Show response
www.gstatic.com/firebasejs/7.21.1/ 20 KB
7 KB 76ms
22ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/7.21.1/firebase-app.js

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b9df018a8675ae9a77a534130118ec4d56dcf31f83af2433af4075b62f27721

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 02:54:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 410413
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6666
x-xss-protection: 0
last-modified: Thu, 24 Sep 2020 21:06:37 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 26 Aug 2023 02:54:42 GMT

GET
H2 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/7.21.1/ 40 KB
11 KB 75ms
21ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/7.21.1/firebase-messaging.js

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38df5c8cb08b4293084cb7138a88598e0aed51e21596f7a92334346c3dcfcf05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 07:57:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46670
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11051
x-xss-protection: 0
last-modified: Thu, 24 Sep 2020 21:06:36 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 30 Aug 2023 07:57:05 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 165 KB
57 KB 169ms
117ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ab403f9df7f9a993264e3876083a4d312470f0be6c3716974561fe86d92fb7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57320
x-xss-protection: 0
server: cafe
etag: 6085703446507055854
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 20:54:57 GMT

GET
H/1.1 200 firebaseconfig.js Show response
1155.win.qureka.co/js/ 545 B
1 KB 373ms
127ms Script
application/javascript 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/js/firebaseconfig.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 9d08febebac1272bafba590db20145cb6b10a051722931b35ea20828b5184840

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:55 GMT
Last-Modified: Fri, 11 Feb 2022 10:00:29 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 545

GET
H/1.1 200 toi.js Show response
1155.win.qureka.co/js/ 8 KB
2 KB 385ms
132ms Script
application/javascript 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/js/toi.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: c53e019f803420681beca5ab70ba5ea4c8aa2fe1312ecabdec64abe2e18b631c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Feb 2022 10:00:27 GMT
Server: nginx/1.16.1
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H/1.1 200 636gaId.js Show response
1155.win.qureka.co/js/ 372 B
932 B 404ms
128ms Script
application/javascript 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/js/636gaId.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 97799cfa66c24923ecf3e30891e471f975657439c17940b1aad05951d7578487

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:55 GMT
Last-Modified: Fri, 11 Feb 2022 10:00:28 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 372

GET
H/1.1 200 common.js Show response
1155.win.qureka.co/js/ 1 KB
1 KB 436ms
111ms Script
application/javascript 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/js/common.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 118850fce1e3f5be11f65e63f87791584020a15feac59f52eab4626eb4f2daf2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Feb 2022 10:00:33 GMT
Server: nginx/1.16.1
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H/1.1 200 logo_intro.png
1155.win.qureka.co/img/ 3 KB
4 KB 123ms
122ms Image
image/png 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1155.win.qureka.co/img/logo_intro.png
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 7b780a3076074eabb25df8614ce3ba45447813f874e6bbee6473825bf417691b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:57 GMT
Last-Modified: Fri, 11 Feb 2022 09:59:48 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: image/png;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 3552

GET
H/1.1 200 single_coins.png
1155.win.qureka.co/img/ 2 KB
2 KB 112ms
111ms Image
image/png 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1155.win.qureka.co/img/single_coins.png
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: e995dbff785b00884324a600a1982bc64fea6d3f826bc6e0a9c0c69268b29494

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:57 GMT
Last-Modified: Fri, 11 Feb 2022 10:00:03 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: image/png;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 1977

GET
H/1.1 200 cookei.js Show response
1155.win.qureka.co/js/ 2 KB
1 KB 106ms
105ms Script
application/javascript 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/js/cookei.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: c72a6ae8d91bb7e5733c142cbd56a126d1adcf75dd5bb069d006f4857fff3220

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:57 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Feb 2022 10:00:30 GMT
Server: nginx/1.16.1
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
772 B 25ms
25ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto&family=Roboto+Condensed:wght@700&display=swap

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/css/common.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

41675f8b7bcc33ea71f06021a1ae524fb8b710af540eb2c3b6bb912c4bfcd93c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 20:54:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 30 Aug 2022 20:54:56 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 30 Aug 2022 20:54:56 GMT

GET
H/1.1 200 countrycheck Show response
1155.win.qureka.co/ 2 B
486 B 117ms
117ms XHR
application/json 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/countrycheck
Requested by: Host: fecdn.qureka.co
URL: https://fecdn.qureka.co/js/jquery-3.5.1.min.js?version=2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: f031b70a2653be44af3a20aa33ad0f35d8a256046c108cfcaa3480988b4b383b

Request headers

Accept: */*
Referer: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:57 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 2

GET
H/1.1 200 webappbdg.jpg
1155.win.qureka.co/img/ 16 KB
16 KB 240ms
239ms Image
image/jpeg 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1155.win.qureka.co/img/webappbdg.jpg
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/css/style.css?version=2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: cac418965ef4f855b9f1cb79af6ce213523b59a97daa8174e60fb8208a987664

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/css/style.css?version=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:57 GMT
Last-Modified: Fri, 11 Feb 2022 09:59:40 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: image/jpeg;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 15982

GET
H/1.1 200 introbg.png
1155.win.qureka.co/img/ 102 KB
103 KB 230ms
229ms Image
image/png 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1155.win.qureka.co/img/introbg.png
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 3006c9327677d152e1c749c400bd9ad2f9c6f162a645c949e2678560747acb37

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:57 GMT
Last-Modified: Fri, 11 Feb 2022 10:00:14 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: image/png;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 104573

GET
H/1.1 200 line.png
1155.win.qureka.co/img/ 307 B
854 B 128ms
127ms Image
image/png 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1155.win.qureka.co/img/line.png
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: b5123420c8cfb2e42a3658743614b4e17ba24ff424964da0914eae902dc20dd0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:57 GMT
Last-Modified: Fri, 11 Feb 2022 10:00:08 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: image/png;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 307

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 60ms
21ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto&family=Roboto+Condensed:wght@700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://1155.win.qureka.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 08:01:51 GMT
x-content-type-options: nosniff
age: 478386
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 25 Aug 2023 08:01:51 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208250101/ 343 KB
121 KB 107ms
76ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208250101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8137430087055934&plah=1155.win.qureka.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d36fd7392384e2eee0fdd619db3cce71df8b2f176c845a37b581bf7381584c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123441
x-xss-protection: 0
server: cafe
etag: 4275460990634908365
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 20:54:57 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220829/r20190131/ Frame BD35 10 KB
5 KB 54ms
15ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220829/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1155.win.qureka.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 77922
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 23:16:15 GMT
etag: 8616628553774171045
expires: Mon, 12 Sep 2022 23:16:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 213 B
644 B 128ms
25ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=1155.win.qureka.co&callback=_gfp_s_&client=ca-pub-8137430087055934

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208250101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8137430087055934&plah=1155.win.qureka.co

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

b81a43695eedf50df338cf23687d2c48d8653a90757498629a295ea6913f9223

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 199
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 93ms
26ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=1155.win.qureka.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Aug 2022 20:54:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 107ms
24ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=1155.win.qureka.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Aug 2022 20:54:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 49ms
49ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2F1155.win.qureka.co%2Fintro%3Bjsessionid%3D82F8A1036D2AD95017A4D995935258A3&tn=DIV&cls=redirect-msg%20clearfix%20bd-highlight1&ign=false&pw=1600&ph=1200&x=1575&y=1175

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Aug 2022 20:54:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1393 144 KB
42 KB 777ms
744ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8137430087055934&output=html&adk=1812271804&adf=3025194257&lmt=1661892897&plat=1%3A16777216%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2F1155.win.qureka.co%2Fintro%3Bjsessionid%3D82F8A1036D2AD95017A4D995935258A3&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661892897252&bpp=3&bdt=1694&idt=215&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8590589378058&frm=20&pv=2&ga_vid=1380633514.1661892897&ga_sid=1661892897&ga_hid=2101320871&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31062931&oid=2&pvsid=2563739940666425&tmod=1536280696&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=237

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

06c07f2436b38010662fc218c7cb6fc92c8f880d41688c83a379cebc161efbe3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1155.win.qureka.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 42553
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 30 Aug 2022 20:54:58 GMT
expires: Tue, 30 Aug 2022 20:54:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208250101/ 149 KB
53 KB 98ms
98ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208250101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f895948be7378e1dc9be3c870935af45a4c62ff69c271a32765f534d5c0ed007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54518
x-xss-protection: 0
server: cafe
etag: 4012725185596832414
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 20:54:58 GMT

GET
H3 200 slotcar_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208250101/ 80 KB
28 KB 60ms
59ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208250101/slotcar_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09f0896103f17dc0ec450b4ea9d47760991b0dec28eff29e22afc32efc09e433

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28910
x-xss-protection: 0
server: cafe
etag: 2854843245521929420
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 20:54:58 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 60ms
28ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=1155.win.qureka.co

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Aug 2022 20:54:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 59ms
27ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=1155.win.qureka.co

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Aug 2022 20:54:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/ Frame B9A1 10 KB
4 KB 15ms
15ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1155.win.qureka.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 76822
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 23:34:36 GMT
etag: 8616628553774171045
expires: Mon, 12 Sep 2022 23:34:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame B9A1 4 KB
636 B 24ms
24ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 20:02:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 30 Aug 2022 20:54:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 30 Aug 2022 20:54:58 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame B9A1 205 B
229 B 50ms
18ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:39:31 GMT
x-content-type-options: nosniff
age: 927
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 30 Aug 2023 20:39:31 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame B9A1 604 B
628 B 49ms
17ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:43:19 GMT
x-content-type-options: nosniff
age: 699
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 30 Aug 2023 20:43:19 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/elements/html/ Frame B9A1 19 KB
9 KB 69ms
16ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b3d58bcf272258d6dde92e0123d8bd16f3caf1c4a025147c5964fe778e064e6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8311
x-xss-protection: 0
server: cafe
etag: 13410161823615325117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Sep 2022 20:54:09 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame F3F0 8 KB
893 B 26ms
25ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 19:59:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 30 Aug 2022 20:54:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 30 Aug 2022 20:54:58 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame F3F0 2 KB
983 B 33ms
30ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:40:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 896
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Sep 2022 20:40:02 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/ Frame F3F0 23 KB
9 KB 21ms
19ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f63e08b18115b72e6d2cbe9db5f7527d2731545d38beae54317e10cfe0f58fc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:44:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 623
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9615
x-xss-protection: 0
server: cafe
etag: 5965352936607719246
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Sep 2022 20:44:35 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame F3F0 3 KB
1 KB 32ms
30ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:06:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2903
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Sep 2022 20:06:35 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F3F0 141 KB
44 KB 90ms
37ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d94a91612f816c172c583d17bb06e140969a22fae663e7b8cae7d18d55eb2c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44757
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661773661488070"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 30 Aug 2022 20:54:58 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame F3F0 17 KB
8 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:46:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 524
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Sep 2022 20:46:14 GMT

GET
H3 200 e3ca5db921b3b46420ba257a4c2f6b26.js Show response
www.gstatic.com/mysidia/ Frame F3F0 33 KB
13 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e3ca5db921b3b46420ba257a4c2f6b26.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24302eeb5b736bcc9f610299a37ac5dcf7e5b4c11591489fe9ad89f1533bd09b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 22:39:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 512136
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13683
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 19:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 22:39:22 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 98ms
65ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220829&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4cf64a8b3ba11f1b6284f46884238a9044091bfa9585688c3876b98918b5d8e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Aug 2022 20:54:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11171
x-xss-protection: 0

GET
H3 200 OjkVMSBLCKffYYJCcR1sndQZ2h8-FW78sMeE84aZbRQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 2154 36 KB
16 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OjkVMSBLCKffYYJCcR1sndQZ2h8-FW78sMeE84aZbRQ.js

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a391531204b08a7df618242711d6c9dd419da1f3e156efcb0c784f386996d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 13:27:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26836
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15855
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 11:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 30 Aug 2023 13:27:42 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 63ms
29ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 30 Aug 2022 20:54:58 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A933 13 KB
5 KB 15ms
15ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1155.win.qureka.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 345
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 30 Aug 2022 20:49:13 GMT
expires: Wed, 30 Aug 2023 20:49:13 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame A8B4 783 B
1 KB 96ms
57ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

95dda40864766e7597d900ef657aa874a2b0f9a1844b6676c3d95eb301c08865

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-QAm_QDkRlEhFjMjies7KOg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://1155.win.qureka.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-QAm_QDkRlEhFjMjies7KOg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 30 Aug 2022 20:54:58 GMT
expires: Tue, 30 Aug 2022 20:54:58 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 OjkVMSBLCKffYYJCcR1sndQZ2h8-FW78sMeE84aZbRQ.js Show response
pagead2.googlesyndication.com/bg/ Frame A933 36 KB
16 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OjkVMSBLCKffYYJCcR1sndQZ2h8-FW78sMeE84aZbRQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a391531204b08a7df618242711d6c9dd419da1f3e156efcb0c784f386996d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 13:27:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26836
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15855
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 11:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 30 Aug 2023 13:27:42 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A933 0
10 B 15ms
14ms Image
text/plain 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?aRe_Vw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:59 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A8B4 0
0 49ms
49ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220829&jk=2563739940666425&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H/1.1 200 Primary Request question Show response
1155.win.qureka.co/intro/ 928 KB
37 KB 309ms
309ms Document
text/html 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/intro/question
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 290977e73ef5d82c2593ea7b1a1d8793c2c8444ec3179db7f430c530a5886bcf

Request headers

Referer: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Encoding: gzip
Content-Language: de-DE
Content-Type: text/html;charset=UTF-8
Date: Tue, 30 Aug 2022 20:54:59 GMT
Server: nginx/1.16.1
Transfer-Encoding: chunked

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 52ms
51ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220829&jk=2563739940666425&bg=!KSqlKm7NAAaXrHhMt6w7ACkAdvg8Wr8FmtTs4W6cI9S-cl67rnStWl9J1bR6Lx8pqelZlL2Ap21tyQIAAABLUgAAAAJoAQeZAusMZj-WbXvA1mDh5RmJXx6LRrw-uR1xTnvE9YBp8KljejJRblejPjKI7_WIChALgoKn5fTGbGC4RLDl5_onZTtQZp5Jb6EFOMAA-sqohT5jvS7pByiwUl6Bbxn9ayIU-QyR-KNAuOVS4WBNev0_lU9kAcAMR-S54YTe4FgRv2viJM7i0sarkIMYdW9-V0G4Q1aRz5N_IJzy6ek1WRtTQ7iC1VrZj14vaJQXPOdyj0D2MsTLAG-bV87h89RXZmGbjVi2AWNPsBb1mic-zOH6u5PuBTwUbSKurd8Bi2oYmMRzWAkbNacVRuH1ASbH7CzHxWsN6rgwSZM4EfPwAbTWjkoNApxKZIMwW_b4wojmOyX9-wWUn2_x33MtVxM_-y-YNQdn0iwfCPL-sTTYXXce-G0trXzlgiHkPsh60I4oKV6RGqxZXFHeYVhW0_3e3mooHnU_DdmlEab6nUQ6aetRBHjOR-KYg-LctgiEflztV5ALcm1Xbvl3F3XQ_uBll2jep8zvNe7o03Km59XgIF1yKonQX3Z1bpNkfJ74uHnIaUkd8bGwh2zzKEAiFBPXTUwAPxj7St-or6O6WNu7nJqXBdXXsyWe1lbq8M0R5cXG7JwTJ2SUW2tmPrkXuxBacad-nNw_srFyDFeDmTCZ4-wo6g6vEPVmIYa0LD6RxgGpbnjXp15Ug93mMwTMhmRjlfzmldERGs7FhTImZEeAwp2XD6qLeNmbK5qICNSqh-3WHGECoBVmG4u6P_v68y6qQUrbmHNWjN5_XTBA6vG8jOL5lc5IzesZHTXOtdI2-7KS0faUDKAOhQ5jEpALxlSAqwr3zrliJF9xM6dLv5CiXhpxQX0r04QnBt-illPzkbDLzMmbFYkuEgQAyGEg0ZtUhw1Mu7YGEUKfQodlnsyuA1Nx0dFnnYUVu6Mh_CPLjQmv2bZbZ4sXwcx7_TOkjwHX56eRwMxNeSIEgAnWsO3kcdQ8ngqh2D4Kwhyta5a3lr0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H2 200 bootstrap.min.css
fecdn.qureka.co/css/ 156 KB
156 KB 330ms
324ms Stylesheet
text/css 164.52.203.24
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://fecdn.qureka.co/css/bootstrap.min.css?version=2
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 164.52.203.24 , India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: e2e-71-24.ssdcloudindia.net
Software: nginx/1.16.1 /
Resource Hash: 2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:59 GMT
last-modified: Tue, 24 Aug 2021 07:16:48 GMT
server: nginx/1.16.1
etag: "61249ce0-26f1b"
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type: text/css
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 159515

GET
H3 200 all.js Show response
use.fontawesome.com/releases/v5.12.1/js/ 1 MB
406 KB 84ms
51ms Script
application/javascript 2606:4700:3033::6815:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.12.1/js/all.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30081cca00d16a1b3e17f364e55cf7f3bc210789122bd357943377c39f0b2ead

Request headers

Referer: https://1155.win.qureka.co/
Origin: https://1155.win.qureka.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:59 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 628838
access-control-allow-methods: GET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: XBBFEC7Z9MJRVQ71
x-amz-id-2: jcXRzCUkJ3sd+6/66Rhgms80eajmGDK4JIXQCs5xKXxltlU11VJZyxD9g2suIN0kLoU5/vMLcAA=
last-modified: Wed, 30 Jun 2021 15:38:16 GMT
server: cloudflare
etag: W/"c15792e690074db2442dd1a8cabfbb6b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nyxWCjtWYc%2BBpdhbT%2F%2BxbGdmMzvhHU0Kd3TKWdsHgR66KOlB0zBapsK9tbPNSMwc8fY4HUkqDhitC4tP2ybnEnJn%2FLZHmvFbdnVb0thH0olE3lddyuYoieeMH8mtbU4KokDJBR9KOCAaS4gGt1YXKVgo"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 74306cbefbbfbaf4-MXP

GET
H3 200 aes.js Show response
cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/ 13 KB
5 KB 64ms
32ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 7071181
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4256
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-3430"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fd1gdeq8pCxafoAuNgBt8Fj%2BxzqXsq0Fx8S8h8iOBL8qwsZR5I12F915Cws%2FKtBWFUtbDtw0TQXBQfmQDu93PTxj%2BFoKzA9RDSHKGvJKptVJJ3TSng0etSOuGkd4PNXslivngChKgxXb9%2Bf%2FVmkSDwIK"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 74306cbefa3401db-ZRH
expires: Sun, 20 Aug 2023 20:54:59 GMT

GET
H3 200 css
fonts.googleapis.com/ 3 KB
549 B 29ms
24ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:400,700

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2604b45b39193f2405a1a4b4f93b2d769fb6a67c8f1d0b097343e540c7911ec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 20:01:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 30 Aug 2022 20:54:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 30 Aug 2022 20:54:59 GMT

GET
H/1.1 200 style.css
1155.win.qureka.co/css/ 149 KB
18 KB 130ms
125ms Stylesheet
text/css 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/css/style.css?version=2
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 48ca9dd00cec2798405c88d58189780a3614b7cbbfed2c8d639ef6de06d95d15

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro/question
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:59 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Feb 2022 10:00:39 GMT
Server: nginx/1.16.1
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: text/css;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H/1.1 200 main.css
1155.win.qureka.co/css/ 4 KB
2 KB 124ms
119ms Stylesheet
text/css 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/css/main.css?version=2
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 14f7ebbd5c4c6b776d6624ec0cc86553e24cd9bff65f696353d3742c570bf18e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro/question
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:59 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Feb 2022 10:00:39 GMT
Server: nginx/1.16.1
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: text/css;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H/1.1 200 add2home.css
1155.win.qureka.co/css/ 621 B
1 KB 118ms
113ms Stylesheet
text/css 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/css/add2home.css
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 9a276accc759cbe507ab2959bbbc2badd8a6bcaf1bda3f199ee18c97c19392e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro/question
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:59 GMT
Last-Modified: Fri, 11 Feb 2022 10:00:41 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: text/css;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 621

GET
H/1.1 200 common.css
1155.win.qureka.co/css/ 4 KB
2 KB 131ms
127ms Stylesheet
text/css 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/css/common.css
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 3b37e06e414610e7a765285272c07f4523bc1b52793b5f4f5c78bea1464b4a9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro/question
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:59 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Feb 2022 10:00:48 GMT
Server: nginx/1.16.1
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: text/css;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H3 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.0.0/ 81 KB
29 KB 51ms
16ms Script
text/javascript 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.0.0/jquery.min.js

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d482871a5e948cb4884fa0972ea98a81abca057b6bd3f8c995a18c12487e761c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 18:12:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 441778
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29195
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 25 Aug 2023 18:12:01 GMT

GET
H2 200 jquery-3.5.1.min.js Show response
fecdn.qureka.co/js/ 87 KB
88 KB 654ms
649ms Script
application/javascript 164.52.203.24
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://fecdn.qureka.co/js/jquery-3.5.1.min.js?version=2
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 164.52.203.24 , India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: e2e-71-24.ssdcloudindia.net
Software: nginx/1.16.1 /
Resource Hash: 6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:59 GMT
last-modified: Tue, 24 Aug 2021 07:16:43 GMT
server: nginx/1.16.1
etag: "61249cdb-15d83"
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 89475

GET
H2 200 popper.min.js Show response
fecdn.qureka.co/js/ 21 KB
21 KB 822ms
817ms Script
application/javascript 164.52.203.24
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://fecdn.qureka.co/js/popper.min.js?version=2
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 164.52.203.24 , India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: e2e-71-24.ssdcloudindia.net
Software: nginx/1.16.1 /
Resource Hash: a5361be48e64297f23046a94801067bfcf644391c76de624cbce5560e35d660b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:59 GMT
last-modified: Tue, 24 Aug 2021 07:16:46 GMT
server: nginx/1.16.1
etag: "61249cde-5308"
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 21256

GET
H2 200 bootstrap.min.js Show response
fecdn.qureka.co/js/ 59 KB
59 KB 823ms
818ms Script
application/javascript 164.52.203.24
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://fecdn.qureka.co/js/bootstrap.min.js?version=2
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 164.52.203.24 , India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: e2e-71-24.ssdcloudindia.net
Software: nginx/1.16.1 /
Resource Hash: 5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:59 GMT
last-modified: Tue, 24 Aug 2021 07:16:43 GMT
server: nginx/1.16.1
etag: "61249cdb-ea6a"
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 60010

GET
H2 200 moment.min.js Show response
fecdn.qureka.co/js/timezone/ 52 KB
53 KB 824ms
819ms Script
application/javascript 164.52.203.24
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://fecdn.qureka.co/js/timezone/moment.min.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 164.52.203.24 , India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: e2e-71-24.ssdcloudindia.net
Software: nginx/1.16.1 /
Resource Hash: e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:59 GMT
last-modified: Tue, 24 Aug 2021 07:16:54 GMT
server: nginx/1.16.1
etag: "61249ce6-d04c"
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 53324

GET
H2 200 moment-timezone.js Show response
fecdn.qureka.co/js/timezone/ 151 KB
151 KB 824ms
820ms Script
application/javascript 164.52.203.24
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://fecdn.qureka.co/js/timezone/moment-timezone.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 164.52.203.24 , India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: e2e-71-24.ssdcloudindia.net
Software: nginx/1.16.1 /
Resource Hash: 289def01ae1f9b0456ff7fea4bb091f25e9999421907ca2028b951ec0cd20078

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:59 GMT
last-modified: Tue, 24 Aug 2021 07:16:54 GMT
server: nginx/1.16.1
etag: "61249ce6-25a03"
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 154115

GET
H2 200 luxon.min.js Show response
fecdn.qureka.co/js/timezone/ 70 KB
71 KB 990ms
985ms Script
application/javascript 164.52.203.24
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://fecdn.qureka.co/js/timezone/luxon.min.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 164.52.203.24 , India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: e2e-71-24.ssdcloudindia.net
Software: nginx/1.16.1 /
Resource Hash: e2c6d3ce60825bd2c6ac88793ac37c5793df75a77517533084b00ec972a7b04d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:59 GMT
last-modified: Tue, 24 Aug 2021 07:16:53 GMT
server: nginx/1.16.1
etag: "61249ce5-119bf"
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 72127

GET
H3 200 firebase-app.js Show response
www.gstatic.com/firebasejs/7.21.1/ 20 KB
7 KB 19ms
15ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/7.21.1/firebase-app.js

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b9df018a8675ae9a77a534130118ec4d56dcf31f83af2433af4075b62f27721

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 02:54:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 410417
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6666
x-xss-protection: 0
last-modified: Thu, 24 Sep 2020 21:06:37 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 26 Aug 2023 02:54:42 GMT

GET
H3 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/7.21.1/ 40 KB
11 KB 20ms
16ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/7.21.1/firebase-messaging.js

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38df5c8cb08b4293084cb7138a88598e0aed51e21596f7a92334346c3dcfcf05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 07:57:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46674
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11051
x-xss-protection: 0
last-modified: Thu, 24 Sep 2020 21:06:36 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 30 Aug 2023 07:57:05 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
50 KB 82ms
80ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9e64351638b6a4379446a02a65e055569f163a982fc7a5230c74aee21a979fa3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:55:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51521
x-xss-protection: 0
server: cafe
etag: 324799858184899684
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 20:55:00 GMT

GET
H/1.1 200 firebaseconfig.js Show response
1155.win.qureka.co/js/ 545 B
1 KB 107ms
104ms Script
application/javascript 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/js/firebaseconfig.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 9d08febebac1272bafba590db20145cb6b10a051722931b35ea20828b5184840

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro/question
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:59 GMT
Last-Modified: Fri, 11 Feb 2022 10:00:29 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 545

GET
H/1.1 200 toi.js Show response
1155.win.qureka.co/js/ 8 KB
2 KB 130ms
127ms Script
application/javascript 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/js/toi.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: c53e019f803420681beca5ab70ba5ea4c8aa2fe1312ecabdec64abe2e18b631c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro/question
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:59 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Feb 2022 10:00:27 GMT
Server: nginx/1.16.1
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H/1.1 200 636gaId.js Show response
1155.win.qureka.co/js/ 372 B
932 B 211ms
103ms Script
application/javascript 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/js/636gaId.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 97799cfa66c24923ecf3e30891e471f975657439c17940b1aad05951d7578487

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro/question
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:59 GMT
Last-Modified: Fri, 11 Feb 2022 10:00:28 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 372

GET
H/1.1 200 common.js Show response
1155.win.qureka.co/js/ 1 KB
1 KB 240ms
123ms Script
application/javascript 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/js/common.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 118850fce1e3f5be11f65e63f87791584020a15feac59f52eab4626eb4f2daf2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro/question
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:54:59 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Feb 2022 10:00:33 GMT
Server: nginx/1.16.1
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H/1.1 200 sad.png
1155.win.qureka.co/img/ 19 KB
19 KB 248ms
247ms Image
image/png 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1155.win.qureka.co/img/sad.png
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 09d1e6e68a85ee35eb2d07ef2a9e8dc601b7f10ea10e0669361814b16658ec6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro/question
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:55:00 GMT
Last-Modified: Fri, 11 Feb 2022 10:00:15 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: image/png;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 19400

GET
H/1.1 200 smile.png
1155.win.qureka.co/img/ 20 KB
21 KB 212ms
211ms Image
image/png 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1155.win.qureka.co/img/smile.png
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 417bd106ecab4a20b51125e7509b369f1e571a58119babb25bf1790059618f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro/question
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:55:00 GMT
Last-Modified: Fri, 11 Feb 2022 10:00:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: image/png;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 20737

GET
H/1.1 200 logo.png
1155.win.qureka.co/img/ 6 KB
6 KB 112ms
111ms Image
image/png 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1155.win.qureka.co/img/logo.png
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 8b96b9b729a456fc4a0a302be562fee0c5e307400e3dcb52115db51aeb805f10

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro/question
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:55:00 GMT
Last-Modified: Fri, 11 Feb 2022 09:59:31 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: image/png;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 5889

GET
H/1.1 200 login-popup-cross-image.png
1155.win.qureka.co/img/ 2 KB
2 KB 133ms
132ms Image
image/png 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1155.win.qureka.co/img/login-popup-cross-image.png
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: cc44eeb7de4836d453c4c303e68ab46613b745d5313a670f31018ab8f7edd5ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro/question
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:55:00 GMT
Last-Modified: Fri, 11 Feb 2022 09:59:54 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: image/png;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 1992

GET
H/1.1 200 login-popup-image.png
1155.win.qureka.co/img/ 25 KB
25 KB 258ms
257ms Image
image/png 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1155.win.qureka.co/img/login-popup-image.png
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 24c06e9934b9233b553d4f70eeb56f9c31214699b5b0352587ebf050d3376f68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro/question
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:55:00 GMT
Last-Modified: Fri, 11 Feb 2022 10:00:05 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: image/png;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 25520

GET
H/1.1 200 popupbasedonCountrycode.js Show response
1155.win.qureka.co/js/ 941 B
1 KB 121ms
120ms Script
application/javascript 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/js/popupbasedonCountrycode.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 1de19c5ef239ab0b8b289e3d31383d683e2789c44e205bf14f79b4696833c235

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro/question
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:55:00 GMT
Last-Modified: Fri, 11 Feb 2022 10:00:23 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 941

GET
H/1.1 200 610pixel.js Show response
1155.win.qureka.co/js/ 291 B
851 B 106ms
106ms Script
application/javascript 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/js/610pixel.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: c140ff2764d7a1000ce8a05ad8e6f730b9d5ab66974c6e2bb0e72231eeac82b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro/question
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:55:00 GMT
Last-Modified: Fri, 11 Feb 2022 10:00:35 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 291

GET
H/1.1 200 gaIds.js Show response
1155.win.qureka.co/js/ 184 KB
25 KB 266ms
266ms Script
application/javascript 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/js/gaIds.js
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: c96231693136d320a9829f78c4938e7cef67554da4eba4839dc788818b4e54b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/intro/question
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:55:00 GMT
Content-Encoding: gzip
Last-Modified: Wed, 23 Mar 2022 10:48:55 GMT
Server: nginx/1.16.1
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H3 200 css2
fonts.googleapis.com/ 4 KB
676 B 25ms
24ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto&family=Roboto+Condensed:wght@700&display=swap

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/css/common.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

41675f8b7bcc33ea71f06021a1ae524fb8b710af540eb2c3b6bb912c4bfcd93c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 20:55:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 30 Aug 2022 20:55:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 30 Aug 2022 20:55:00 GMT

GET
H/1.1 200 countrycheck Show response
1155.win.qureka.co/ 2 B
486 B 114ms
114ms XHR
application/json 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://1155.win.qureka.co/countrycheck
Requested by: Host: fecdn.qureka.co
URL: https://fecdn.qureka.co/js/jquery-3.5.1.min.js?version=2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: f031b70a2653be44af3a20aa33ad0f35d8a256046c108cfcaa3480988b4b383b

Request headers

Accept: */*
Referer: https://1155.win.qureka.co/intro/question
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:55:00 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 2

GET
H/1.1 200 webappbdg.jpg
1155.win.qureka.co/img/ 16 KB
16 KB 308ms
227ms Image
image/jpeg 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1155.win.qureka.co/img/webappbdg.jpg
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/css/style.css?version=2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: cac418965ef4f855b9f1cb79af6ce213523b59a97daa8174e60fb8208a987664

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/css/style.css?version=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:55:00 GMT
Last-Modified: Fri, 11 Feb 2022 09:59:40 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: image/jpeg;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 15982

GET
H/1.1 200 bg.png
1155.win.qureka.co/img/ 114 KB
114 KB 348ms
247ms Image
image/png 158.69.126.204
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1155.win.qureka.co/img/bg.png
Requested by: Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/css/style.css?version=2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.126.204 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns522494.ip-158-69-126.net
Software: nginx/1.16.1 /
Resource Hash: 1405cb73aaffc455797510e7b07e41339330e7eec8b68a8272972c965137cfa6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/css/style.css?version=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 20:55:00 GMT
Last-Modified: Fri, 11 Feb 2022 09:59:42 GMT
Server: nginx/1.16.1
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH
Content-Type: image/png;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 116381

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 47ms
15ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto&family=Roboto+Condensed:wght@700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://1155.win.qureka.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 08:01:51 GMT
x-content-type-options: nosniff
age: 478389
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 25 Aug 2023 08:01:51 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208250101/ 343 KB
121 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208250101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8137430087055934&plah=1155.win.qureka.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fb568542327d4264166e9839781916f91331fc0bae0bb29397ee3ebb4cc66ed8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:55:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123441
x-xss-protection: 0
server: cafe
etag: 7010565757551956371
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 20:55:00 GMT

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220829/r20190131/ Frame 8EB4 10 KB
4 KB 15ms
15ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220829/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1155.win.qureka.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 77925
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 23:16:15 GMT
etag: 8616628553774171045
expires: Mon, 12 Sep 2022 23:16:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie.js Show response
partner.googleadservices.com/gampad/ 12 B
53 B 55ms
24ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=1155.win.qureka.co&callback=_gfp_s_&client=ca-pub-8137430087055934&cookie=ID%3D15e4136980febbf5-228385e70bce0059%3AT%3D1661892897%3ART%3D1661892897%3AS%3DALNI_MYavjTQ7Sy_QGeMVtLwYL39g0lrHw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:55:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 24ms
23ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=1155.win.qureka.co

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Aug 2022 20:55:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 25ms
24ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=1155.win.qureka.co

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Aug 2022 20:55:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 49ms
49ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2F1155.win.qureka.co%2Fintro%2Fquestion&tn=DIV&cls=bottm-slide-modal&ign=false&pw=1600&ph=1200&x=800&y=1060.8

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Aug 2022 20:55:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 50ms
49ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2F1155.win.qureka.co%2Fintro%2Fquestion&tn=DIV&id=consent-modal&cls=modal-bottom%20show&ign=false&pw=1600&ph=1200&x=800&y=0

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro/question

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Aug 2022 20:55:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0405 163 KB
44 KB 1044ms
1044ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8137430087055934&output=html&adk=1812271804&adf=3025194257&lmt=1661892901&plat=1%3A16777216%2C2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2F1155.win.qureka.co%2Fintro%2Fquestion&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661892900885&bpp=3&bdt=1269&idt=172&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D15e4136980febbf5-228385e70bce0059%3AT%3D1661892897%3ART%3D1661892897%3AS%3DALNI_MYavjTQ7Sy_QGeMVtLwYL39g0lrHw&nras=1&correlator=4230268263538&frm=20&pv=2&ga_vid=1935520878.1661892901&ga_sid=1661892901&ga_hid=5789849&ga_fc=0&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761793%2C44760911%2C44767166%2C44770881&oid=2&pvsid=1090744991192274&tmod=227493226&uas=0&nvt=1&ref=https%3A%2F%2F1155.win.qureka.co%2Fintro%3Bjsessionid%3D82F8A1036D2AD95017A4D995935258A3&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=187

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a8eda9ef70ec603ecbebeed72e2c8d8badd6c6adc3115c243e65aed88764e1a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1155.win.qureka.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 45247
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 30 Aug 2022 20:55:02 GMT
expires: Tue, 30 Aug 2022 20:55:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 105 KB
41 KB 69ms
31ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-188792587-10

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/js/gaIds.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cc9232dc6bf153cd164d97d7b9ae0f36d4b68a53951353e5c17cb45c08fe4bf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:55:01 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41945
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 20:06:33 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Aug 2022 20:55:01 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5E56 62 KB
20 KB 966ms
966ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8137430087055934&output=html&h=280&slotname=2062501451&adk=3741451252&adf=3494793682&pi=t.ma~as.2062501451&w=350&fwrn=4&fwrnh=100&lmt=1661892901&rafmt=1&rdp=0&psa=1&format=350x280&url=https%3A%2F%2F1155.win.qureka.co%2Fintro%2Fquestion&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661892901101&bpp=2&bdt=1484&idt=2&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D15e4136980febbf5-228385e70bce0059%3AT%3D1661892897%3ART%3D1661892897%3AS%3DALNI_MYavjTQ7Sy_QGeMVtLwYL39g0lrHw&prev_fmts=0x0&nras=1&correlator=4230268263538&frm=20&pv=1&ga_vid=1935520878.1661892901&ga_sid=1661892901&ga_hid=5789849&ga_fc=0&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=625&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761793%2C44760911%2C44767166%2C44770881&oid=2&pvsid=1090744991192274&tmod=227493226&uas=0&nvt=1&ref=https%3A%2F%2F1155.win.qureka.co%2Fintro%3Bjsessionid%3D82F8A1036D2AD95017A4D995935258A3&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=lF7N2gOmbN&p=https%3A//1155.win.qureka.co&dtd=9

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b9092fdeecb4da3e9255d2aa0bc30ecb6b1c92022c76b1e0677bf53041f93921

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1155.win.qureka.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 20444
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 30 Aug 2022 20:55:02 GMT
expires: Tue, 30 Aug 2022 20:55:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 55ms
15ms Script
text/javascript 2a00:1450:4001:80f::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-188792587-10

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 6781
date: Tue, 30 Aug 2022 19:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 30 Aug 2022 21:02:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 54ms
22ms XHR
text/plain 2a00:1450:4001:80f::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=5789849&t=pageview&_s=1&dl=https%3A%2F%2F1155.win.qureka.co%2Fintro%2Fquestion&ul=en-us&de=UTF-8&dt=Qureka%20Lite&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAAC~&jid=435630144&gjid=183824570&cid=1935520878.1661892901&tid=UA-188792587-10&_gid=1115559835.1661892901&_r=1&gtm=2ou8t0&z=726851419

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://1155.win.qureka.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 Aug 2022 20:55:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://1155.win.qureka.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 5E56 8 KB
893 B 26ms
25ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8137430087055934&output=html&h=280&slotname=2062501451&adk=3741451252&adf=3494793682&pi=t.ma~as.2062501451&w=350&fwrn=4&fwrnh=100&lmt=1661892901&rafmt=1&rdp=0&psa=1&format=350x280&url=https%3A%2F%2F1155.win.qureka.co%2Fintro%2Fquestion&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661892901101&bpp=2&bdt=1484&idt=2&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D15e4136980febbf5-228385e70bce0059%3AT%3D1661892897%3ART%3D1661892897%3AS%3DALNI_MYavjTQ7Sy_QGeMVtLwYL39g0lrHw&prev_fmts=0x0&nras=1&correlator=4230268263538&frm=20&pv=1&ga_vid=1935520878.1661892901&ga_sid=1661892901&ga_hid=5789849&ga_fc=0&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=625&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761793%2C44760911%2C44767166%2C44770881&oid=2&pvsid=1090744991192274&tmod=227493226&uas=0&nvt=1&ref=https%3A%2F%2F1155.win.qureka.co%2Fintro%3Bjsessionid%3D82F8A1036D2AD95017A4D995935258A3&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=lF7N2gOmbN&p=https%3A//1155.win.qureka.co&dtd=9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 20:04:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 30 Aug 2022 20:55:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 30 Aug 2022 20:55:02 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame 5E56 2 KB
902 B 16ms
14ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:45:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 597
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Sep 2022 20:45:05 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/ Frame 5E56 23 KB
9 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f63e08b18115b72e6d2cbe9db5f7527d2731545d38beae54317e10cfe0f58fc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1118
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9615
x-xss-protection: 0
server: cafe
etag: 5965352936607719246
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Sep 2022 20:36:24 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame 5E56 3 KB
1 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:17:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Sep 2022 20:17:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5E56 141 KB
44 KB 70ms
38ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d94a91612f816c172c583d17bb06e140969a22fae663e7b8cae7d18d55eb2c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:55:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44757
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661773661488070"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 30 Aug 2022 20:55:02 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame 5E56 17 KB
7 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:39:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 932
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Sep 2022 20:39:30 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 5E56 0
0 58ms
22ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRy5KdxgL-Oxca2c0eL47PqfNcEeYZWu1ahBTiffklSZW4U5GTT1DJUX1ritC2DfPHyQfmN
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8137430087055934&output=html&h=280&slotname=2062501451&adk=3741451252&adf=3494793682&pi=t.ma~as.2062501451&w=350&fwrn=4&fwrnh=100&lmt=1661892901&rafmt=1&rdp=0&psa=1&format=350x280&url=https%3A%2F%2F1155.win.qureka.co%2Fintro%2Fquestion&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661892901101&bpp=2&bdt=1484&idt=2&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D15e4136980febbf5-228385e70bce0059%3AT%3D1661892897%3ART%3D1661892897%3AS%3DALNI_MYavjTQ7Sy_QGeMVtLwYL39g0lrHw&prev_fmts=0x0&nras=1&correlator=4230268263538&frm=20&pv=1&ga_vid=1935520878.1661892901&ga_sid=1661892901&ga_hid=5789849&ga_fc=0&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=625&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761793%2C44760911%2C44767166%2C44770881&oid=2&pvsid=1090744991192274&tmod=227493226&uas=0&nvt=1&ref=https%3A%2F%2F1155.win.qureka.co%2Fintro%3Bjsessionid%3D82F8A1036D2AD95017A4D995935258A3&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=lF7N2gOmbN&p=https%3A//1155.win.qureka.co&dtd=9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H3 200 e3ca5db921b3b46420ba257a4c2f6b26.js Show response
www.gstatic.com/mysidia/ Frame 5E56 33 KB
13 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e3ca5db921b3b46420ba257a4c2f6b26.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24302eeb5b736bcc9f610299a37ac5dcf7e5b4c11591489fe9ad89f1533bd09b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 22:39:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 512140
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13683
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 19:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 22:39:22 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5E56 0
0 60ms
60ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CDzmJJXkOY7vXCMCl9u8Pu86a0A_Nw8-RbJyY_qCSD5aD276mDxABIImd_V9gleKQgqAHoAGT7Lv3AsgBAagDAaoE1AFP0BMio1ouCvv_rxXTUYSMFBurQXY5VAweIvXUG7mW8NMrhzF2F4HudCUFTkbmPjoBymfCGi5lUQG_O4y8yc97hVBV3-djF05Q0ZqRMRWWLifx2Fdy569xFBtplSd6B-vviytg5LrOTozT2KuT7LzUlmmtvtZ5-XqTuPlssyD0fqJOicd1Ii1BxX1HDMxm-qm3NyfRM3ZKlYL4ZHCxGLI2LbIBaC2cNJe2xcrl7yYP71GTG_a-Czpnopu1WKtdjl2C8FKZ0KxWLP5DHEPvcXXwC1av_cAEr9v7zvwDkgUECAQYAZIFBAgFGASAB8X_oHOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBRCKuoAD0ggRCIDhgHAQARgfMgLrAjoCgECACgHICwHYEwyIFAXQFQGYFgGAFwGyFxwKGggAEhRwdWItODEzNzQzMDA4NzA1NTkzNBgA&sigh=WZd-9EiArwI&uach_m=[UACH]&template_id=5007

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8137430087055934&output=html&h=280&slotname=2062501451&adk=3741451252&adf=3494793682&pi=t.ma~as.2062501451&w=350&fwrn=4&fwrnh=100&lmt=1661892901&rafmt=1&rdp=0&psa=1&format=350x280&url=https%3A%2F%2F1155.win.qureka.co%2Fintro%2Fquestion&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661892901101&bpp=2&bdt=1484&idt=2&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D15e4136980febbf5-228385e70bce0059%3AT%3D1661892897%3ART%3D1661892897%3AS%3DALNI_MYavjTQ7Sy_QGeMVtLwYL39g0lrHw&prev_fmts=0x0&nras=1&correlator=4230268263538&frm=20&pv=1&ga_vid=1935520878.1661892901&ga_sid=1661892901&ga_hid=5789849&ga_fc=0&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=625&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761793%2C44760911%2C44767166%2C44770881&oid=2&pvsid=1090744991192274&tmod=227493226&uas=0&nvt=1&ref=https%3A%2F%2F1155.win.qureka.co%2Fintro%3Bjsessionid%3D82F8A1036D2AD95017A4D995935258A3&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=lF7N2gOmbN&p=https%3A//1155.win.qureka.co&dtd=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 30 Aug 2022 20:55:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/12848888667324999975/ Frame 5E56 2 KB
2 KB 17ms
16ms Image
image/jpeg 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12848888667324999975/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

736b7f220f43d95ee88be10486fcc720a1e501f59719ef7fdc3494a5d99d22df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 18:51:40 GMT
x-content-type-options: nosniff
age: 266602
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2322
x-xss-protection: 0
last-modified: Mon, 02 Aug 2021 10:49:11 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 27 Aug 2023 18:51:40 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14447728421755608141/ Frame 5E56 3 KB
3 KB 17ms
17ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14447728421755608141/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

661a496105d21580380701730bea3cd9a2ce9cae222345912b72c1713edc2612

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 04:10:40 GMT
x-content-type-options: nosniff
age: 492262
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2641
x-xss-protection: 0
last-modified: Thu, 28 Nov 2019 17:51:29 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 25 Aug 2023 04:10:40 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 935D 143 B
163 B 16ms
14ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8137430087055934&output=html&h=280&slotname=2062501451&adk=3741451252&adf=3494793682&pi=t.ma~as.2062501451&w=350&fwrn=4&fwrnh=100&lmt=1661892901&rafmt=1&rdp=0&psa=1&format=350x280&url=https%3A%2F%2F1155.win.qureka.co%2Fintro%2Fquestion&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661892901101&bpp=2&bdt=1484&idt=2&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D15e4136980febbf5-228385e70bce0059%3AT%3D1661892897%3ART%3D1661892897%3AS%3DALNI_MYavjTQ7Sy_QGeMVtLwYL39g0lrHw&prev_fmts=0x0&nras=1&correlator=4230268263538&frm=20&pv=1&ga_vid=1935520878.1661892901&ga_sid=1661892901&ga_hid=5789849&ga_fc=0&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=625&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761793%2C44760911%2C44767166%2C44770881&oid=2&pvsid=1090744991192274&tmod=227493226&uas=0&nvt=1&ref=https%3A%2F%2F1155.win.qureka.co%2Fintro%3Bjsessionid%3D82F8A1036D2AD95017A4D995935258A3&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=lF7N2gOmbN&p=https%3A//1155.win.qureka.co&dtd=9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2618
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Tue, 30 Aug 2022 20:11:24 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208250101/ 149 KB
53 KB 105ms
105ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208250101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d3d8816d9ea885bbf49093526e536e87e312d47606a05b179a6cc07280c5444

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:55:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54512
x-xss-protection: 0
server: cafe
etag: 11738399490024816227
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 20:55:02 GMT

GET
H3 200 slotcar_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208250101/ 80 KB
28 KB 94ms
94ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208250101/slotcar_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09f0896103f17dc0ec450b4ea9d47760991b0dec28eff29e22afc32efc09e433

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:55:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28910
x-xss-protection: 0
server: cafe
etag: 2854843245521929420
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 20:55:02 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 935D
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

31ms
30ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 30 Aug 2022 20:55:02 GMT
expires: Tue, 30 Aug 2022 20:55:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 30 Aug 2022 20:55:02 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 5E56 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a3eaf4ded3d865cb068d333b21eb88d33c91d56c72c902480a174d40a8d9ee8f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 5E56 28 KB
28 KB 17ms
16ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 08:44:44 GMT
x-content-type-options: nosniff
age: 562218
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Aug 2023 08:44:44 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 32ms
32ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=1155.win.qureka.co

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Aug 2022 20:55:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 26ms
25ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=1155.win.qureka.co

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Aug 2022 20:55:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/ Frame 5479 10 KB
4 KB 15ms
15ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1155.win.qureka.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 76826
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 23:34:36 GMT
etag: 8616628553774171045
expires: Mon, 12 Sep 2022 23:34:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame 5479 4 KB
636 B 25ms
24ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 20:00:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 30 Aug 2022 20:55:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 30 Aug 2022 20:55:02 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 5479 205 B
229 B 15ms
15ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:39:31 GMT
x-content-type-options: nosniff
age: 931
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 30 Aug 2023 20:39:31 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 5479 604 B
628 B 16ms
16ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:43:19 GMT
x-content-type-options: nosniff
age: 703
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 30 Aug 2023 20:43:19 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/elements/html/ Frame 5479 19 KB
8 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b3d58bcf272258d6dde92e0123d8bd16f3caf1c4a025147c5964fe778e064e6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:54:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8311
x-xss-protection: 0
server: cafe
etag: 13410161823615325117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Sep 2022 20:54:09 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame F88E 8 KB
893 B 24ms
24ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 19:57:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 30 Aug 2022 20:55:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 30 Aug 2022 20:55:02 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame F88E 2 KB
902 B 15ms
14ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:45:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 597
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Sep 2022 20:45:05 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/ Frame F88E 23 KB
9 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f63e08b18115b72e6d2cbe9db5f7527d2731545d38beae54317e10cfe0f58fc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1118
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9615
x-xss-protection: 0
server: cafe
etag: 5965352936607719246
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Sep 2022 20:36:24 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame F88E 3 KB
1 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:17:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Sep 2022 20:17:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F88E 141 KB
44 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d94a91612f816c172c583d17bb06e140969a22fae663e7b8cae7d18d55eb2c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:55:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44757
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661773661488070"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 30 Aug 2022 20:55:02 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame F88E 17 KB
7 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 20:39:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 932
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Sep 2022 20:39:30 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame F88E 0
0 23ms
22ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTH-332TVXEL3os4zWUDm8g0IWlEzfd0PJIZnKm4raIsJxDSNJGKncaJDbER5V2UuwJ_lew
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H3 200 e3ca5db921b3b46420ba257a4c2f6b26.js Show response
www.gstatic.com/mysidia/ Frame F88E 33 KB
13 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e3ca5db921b3b46420ba257a4c2f6b26.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24302eeb5b736bcc9f610299a37ac5dcf7e5b4c11591489fe9ad89f1533bd09b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 22:39:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 512140
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13683
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 19:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 22:39:22 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 63ms
62ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220829&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6e711083de977c63e58d523a31a15f5550abb8fc48160c4cfec6f5416cb99da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1155.win.qureka.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Aug 2022 20:55:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10969
x-xss-protection: 0

GET
H3 200 OjkVMSBLCKffYYJCcR1sndQZ2h8-FW78sMeE84aZbRQ.js Show response
pagead2.googlesyndication.com/bg/ Frame CFDD 36 KB
16 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OjkVMSBLCKffYYJCcR1sndQZ2h8-FW78sMeE84aZbRQ.js

Requested by

Host: 1155.win.qureka.co
URL: https://1155.win.qureka.co/intro;jsessionid=82F8A1036D2AD95017A4D995935258A3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a391531204b08a7df618242711d6c9dd419da1f3e156efcb0c784f386996d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 13:27:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26840
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15855
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 11:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 30 Aug 2023 13:27:42 GMT

GET sodar2.js
tpc.googlesyndication.com/sodar/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Verdicts & Comments Add Verdict or Comment

91 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
1155.win.qureka.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: 801~892173D5DF4EBFB6600E96399ADC50BF
1155.win.qureka.com/	1970-01-20 14:23:48	Name: getSubDomain Value: 1155.win.qureka.com
1155.win.qureka.com/	1970-01-20 14:23:48	Name: redirect Value: false
1155.win.qureka.co/	1969-12-31 23:59:59	Name: JSESSIONID Value: WINQ4430~82F8A1036D2AD95017A4D995935258A3
.qureka.co/	1970-01-20 14:59:48	Name: __gads Value: ID=15e4136980febbf5-228385e70bce0059:T=1661892897:RT=1661892897:S=ALNI_MYavjTQ7Sy_QGeMVtLwYL39g0lrHw
.doubleclick.net/	1970-01-20 05:38:13	Name: test_cookie Value: CheckForPermission

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1155.win.qureka.co
1155.win.qureka.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
cdnjs.cloudflare.com
fecdn.qureka.co
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
tpc.googlesyndication.com
use.fontawesome.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
tpc.googlesyndication.com
103.146.40.63
142.250.186.98
158.69.126.204
164.52.203.24
2606:4700:3033::6815:3f36
2606:4700::6811:190e
2a00:1450:4001:802::2002
2a00:1450:4001:808::2002
2a00:1450:4001:809::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:812::2004
2a00:1450:4001:812::200a
2a00:1450:4001:813::200a
2a00:1450:4001:827::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82f::2008
2a00:1450:4001:831::2003
06c07f2436b38010662fc218c7cb6fc92c8f880d41688c83a379cebc161efbe3
09d1e6e68a85ee35eb2d07ef2a9e8dc601b7f10ea10e0669361814b16658ec6e
09f0896103f17dc0ec450b4ea9d47760991b0dec28eff29e22afc32efc09e433
0ab403f9df7f9a993264e3876083a4d312470f0be6c3716974561fe86d92fb7e
118850fce1e3f5be11f65e63f87791584020a15feac59f52eab4626eb4f2daf2
1405cb73aaffc455797510e7b07e41339330e7eec8b68a8272972c965137cfa6
14f7ebbd5c4c6b776d6624ec0cc86553e24cd9bff65f696353d3742c570bf18e
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1de19c5ef239ab0b8b289e3d31383d683e2789c44e205bf14f79b4696833c235
24302eeb5b736bcc9f610299a37ac5dcf7e5b4c11591489fe9ad89f1533bd09b
24c06e9934b9233b553d4f70eeb56f9c31214699b5b0352587ebf050d3376f68
2604b45b39193f2405a1a4b4f93b2d769fb6a67c8f1d0b097343e540c7911ec1
289def01ae1f9b0456ff7fea4bb091f25e9999421907ca2028b951ec0cd20078
290977e73ef5d82c2593ea7b1a1d8793c2c8444ec3179db7f430c530a5886bcf
2d3d8816d9ea885bbf49093526e536e87e312d47606a05b179a6cc07280c5444
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
3006c9327677d152e1c749c400bd9ad2f9c6f162a645c949e2678560747acb37
30081cca00d16a1b3e17f364e55cf7f3bc210789122bd357943377c39f0b2ead
38df5c8cb08b4293084cb7138a88598e0aed51e21596f7a92334346c3dcfcf05
3a391531204b08a7df618242711d6c9dd419da1f3e156efcb0c784f386996d14
3b37e06e414610e7a765285272c07f4523bc1b52793b5f4f5c78bea1464b4a9f
3b9df018a8675ae9a77a534130118ec4d56dcf31f83af2433af4075b62f27721
3d94a91612f816c172c583d17bb06e140969a22fae663e7b8cae7d18d55eb2c6
41675f8b7bcc33ea71f06021a1ae524fb8b710af540eb2c3b6bb912c4bfcd93c
417bd106ecab4a20b51125e7509b369f1e571a58119babb25bf1790059618f98
48ca9dd00cec2798405c88d58189780a3614b7cbbfed2c8d639ef6de06d95d15
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4cf64a8b3ba11f1b6284f46884238a9044091bfa9585688c3876b98918b5d8e5
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
661a496105d21580380701730bea3cd9a2ce9cae222345912b72c1713edc2612
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d36fd7392384e2eee0fdd619db3cce71df8b2f176c845a37b581bf7381584c8
736b7f220f43d95ee88be10486fcc720a1e501f59719ef7fdc3494a5d99d22df
7b780a3076074eabb25df8614ce3ba45447813f874e6bbee6473825bf417691b
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8b96b9b729a456fc4a0a302be562fee0c5e307400e3dcb52115db51aeb805f10
95dda40864766e7597d900ef657aa874a2b0f9a1844b6676c3d95eb301c08865
97799cfa66c24923ecf3e30891e471f975657439c17940b1aad05951d7578487
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9a276accc759cbe507ab2959bbbc2badd8a6bcaf1bda3f199ee18c97c19392e1
9d08febebac1272bafba590db20145cb6b10a051722931b35ea20828b5184840
9e64351638b6a4379446a02a65e055569f163a982fc7a5230c74aee21a979fa3
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3eaf4ded3d865cb068d333b21eb88d33c91d56c72c902480a174d40a8d9ee8f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5361be48e64297f23046a94801067bfcf644391c76de624cbce5560e35d660b
a8eda9ef70ec603ecbebeed72e2c8d8badd6c6adc3115c243e65aed88764e1a5
b3d58bcf272258d6dde92e0123d8bd16f3caf1c4a025147c5964fe778e064e6a
b5123420c8cfb2e42a3658743614b4e17ba24ff424964da0914eae902dc20dd0
b81a43695eedf50df338cf23687d2c48d8653a90757498629a295ea6913f9223
b9092fdeecb4da3e9255d2aa0bc30ecb6b1c92022c76b1e0677bf53041f93921
c140ff2764d7a1000ce8a05ad8e6f730b9d5ab66974c6e2bb0e72231eeac82b7
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c53e019f803420681beca5ab70ba5ea4c8aa2fe1312ecabdec64abe2e18b631c
c72a6ae8d91bb7e5733c142cbd56a126d1adcf75dd5bb069d006f4857fff3220
c96231693136d320a9829f78c4938e7cef67554da4eba4839dc788818b4e54b4
cac418965ef4f855b9f1cb79af6ce213523b59a97daa8174e60fb8208a987664
cc44eeb7de4836d453c4c303e68ab46613b745d5313a670f31018ab8f7edd5ee
cc9232dc6bf153cd164d97d7b9ae0f36d4b68a53951353e5c17cb45c08fe4bf8
d482871a5e948cb4884fa0972ea98a81abca057b6bd3f8c995a18c12487e761c
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964
e2c6d3ce60825bd2c6ac88793ac37c5793df75a77517533084b00ec972a7b04d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e89d14508310786348dc009a70d181ddcc7642281a36074df101743060c5a518
e995dbff785b00884324a600a1982bc64fea6d3f826bc6e0a9c0c69268b29494
f031b70a2653be44af3a20aa33ad0f35d8a256046c108cfcaa3480988b4b383b
f63e08b18115b72e6d2cbe9db5f7527d2731545d38beae54317e10cfe0f58fc6
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6e711083de977c63e58d523a31a15f5550abb8fc48160c4cfec6f5416cb99da
f895948be7378e1dc9be3c870935af45a4c62ff69c271a32765f534d5c0ed007
fb568542327d4264166e9839781916f91331fc0bae0bb29397ee3ebb4cc66ed8
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

1155.win.qureka.co Open in urlscan Pro 158.69.126.204 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

146 Requests

99 %HTTPS

79 %IPv6

14 Domains

19 Subdomains

19 IPs

4 Countries

3670 kBTransfer

8522 kBSize

6 Cookies

1 Outgoing links

Page URL History

Redirected requests

146 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

1155.win.qureka.co Open in urlscan Pro
158.69.126.204 Public Scan

Screenshot
Live screenshot

Full Image

146
Requests

99 %
HTTPS

79 %
IPv6

14
Domains

19
Subdomains

19
IPs

4
Countries

3670 kB
Transfer

8522 kB
Size

6
Cookies

146 HTTP transactions
1 data transactions