ftp.winprizesonline.com Open in urlscan Pro
3.66.136.156 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ftp.winprizesonline.com/
Effective URL:
https://ftp.winprizesonline.com/
Submission: On July 27 via api (July 27th 2021, 2:12:32 am UTC) from KR

Summary HTTP 233 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 29 IPs in 5 countries across 26 domains to perform 233 HTTP transactions. The main IP is 3.66.136.156, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is ftp.winprizesonline.com.
TLS certificate: Issued by R3 on July 7th 2021. Valid for: 3 months.

This is the only time ftp.winprizesonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 88	3.66.136.156 3.66.136.156	16509 (AMAZON-02) (AMAZON-02)
23	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3031::6815:496e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:303... 2606:4700:3037::6815:4e07	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
10	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
3	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1 5	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2600:9000:20c... 2600:9000:20c8:7000:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c04::9c	15169 (GOOGLE) (GOOGLE)
1 4	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1 1	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY)
5	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1 1	34.237.156.120 34.237.156.120	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	185.86.139.104 185.86.139.104	201081 (SMARTADSE...) (SMARTADSERVER)
15	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
233	29

88 3.66.136.156 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com

ftp.winprizesonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::6815:496e (United States)

ASN13335 (CLOUDFLARENET, US)

go.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3037::6815:4e07 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20c8:7000:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.49 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.237.156.120 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-237-156-120.compute-1.amazonaws.com

fksnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.93 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.104 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
82	winprizesonline.com 1 redirects ftp.winprizesonline.com	495 KB
30	doubleclick.net securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net	196 KB
27	googlesyndication.com 280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	136 KB
15	ampproject.org cdn.ampproject.org	301 KB
14	google.com 1 redirects adservice.google.com www.google.com	3 KB
11	gstatic.com fonts.gstatic.com www.gstatic.com	209 KB
10	google.ch adservice.google.ch	2 KB
6	ezoic.net g.ezoic.net	818 B
6	googleapis.com fonts.googleapis.com	4 KB
5	facebook.com 1 redirects www.facebook.com	1 KB
4	google-analytics.com www.google-analytics.com	20 KB
4	facebook.net connect.facebook.net	167 KB
3	quantserve.com secure.quantserve.com pixel.quantserve.com cms.quantserve.com	10 KB
3	fontawesome.com use.fontawesome.com	161 KB
2	googletagservices.com www.googletagservices.com	65 KB
2	bootstrapcdn.com stackpath.bootstrapcdn.com	41 KB
1	smartadserver.com 1 redirects ssbsync.smartadserver.com	457 B
1	media.net 1 redirects cs.media.net	1 KB
1	fksnk.com 1 redirects fksnk.com	616 B
1	everesttech.net 1 redirects sync-tm.everesttech.net	536 B
1	google.de www.google.de	522 B
1	quantcount.com rules.quantcount.com	429 B
1	googletagmanager.com www.googletagmanager.com	40 KB
1	cloudflare.com cdnjs.cloudflare.com	7 KB
1	jquery.com code.jquery.com	30 KB
1	ezodn.com go.ezodn.com	88 KB
233	26

	Domain	Requested by
82	ftp.winprizesonline.com	1 redirects ftp.winprizesonline.com
23	securepubads.g.doubleclick.net	ftp.winprizesonline.com securepubads.g.doubleclick.net
17	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com ftp.winprizesonline.com
15	cdn.ampproject.org	securepubads.g.doubleclick.net
10	adservice.google.com	securepubads.g.doubleclick.net
10	adservice.google.ch	securepubads.g.doubleclick.net
10	fonts.gstatic.com	fonts.googleapis.com
8	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com www.googletagservices.com
6	g.ezoic.net	ftp.winprizesonline.com
6	fonts.googleapis.com	ftp.winprizesonline.com securepubads.g.doubleclick.net
5	cm.g.doubleclick.net	280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com
5	www.facebook.com	1 redirects ftp.winprizesonline.com connect.facebook.net
4	www.google.com	1 redirects ftp.winprizesonline.com tpc.googlesyndication.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com ftp.winprizesonline.com
4	connect.facebook.net	ftp.winprizesonline.com connect.facebook.net
3	use.fontawesome.com	ftp.winprizesonline.com use.fontawesome.com
2	www.googletagservices.com	securepubads.g.doubleclick.net 280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com
2	280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	stackpath.bootstrapcdn.com	ftp.winprizesonline.com
1	googleads.g.doubleclick.net	ftp.winprizesonline.com
1	ssbsync.smartadserver.com	1 redirects
1	cs.media.net	1 redirects
1	fksnk.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	cms.quantserve.com	280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com
1	www.gstatic.com	280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com
1	www.google.de	ftp.winprizesonline.com
1	pixel.quantserve.com	ftp.winprizesonline.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	rules.quantcount.com	secure.quantserve.com
1	secure.quantserve.com	ftp.winprizesonline.com
1	www.googletagmanager.com	ftp.winprizesonline.com
1	cdnjs.cloudflare.com	ftp.winprizesonline.com
1	code.jquery.com	ftp.winprizesonline.com
1	go.ezodn.com	ftp.winprizesonline.com
233	35

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
www.instagram.com
twitter.com
lp.constantcontact.com
pinterest.com

Subject Issuer	Validity	Valid
winprizesonline.com R3	`2021-07-07` - `2021-10-05`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-07-05` - `2021-09-27`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-05` - `2022-07-04`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-07-05` - `2021-09-27`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-05-26` - `2021-08-24`	3 months	crt.sh
ezoic.net R3	`2021-07-22` - `2021-10-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.google.ch GTS CA 1C3	`2021-07-05` - `2021-09-27`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh

This page contains 10 frames:

Primary Page: https://ftp.winprizesonline.com/
Frame ID: 42D7493D4E796A3D114613226ACB6538
Requests: 162 HTTP requests in this frame

Frame: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 1F95FF8C3134FE5B46CDFC348BDE26EB
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D427953467260386%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df10e22ed843ef0c%2526domain%253Dftp.winprizesonline.com%2526origin%253Dhttps%25253A%25252F%25252Fftp.winprizesonline.com%25252Ff275a760895ded4%2526relation%253Dparent.parent%26container_width%3D300%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252FWinPrizesOnline%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dtrue%26tabs%26width
Frame ID: 22288CE1ABCC443B041902BDB7C93137
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 66ABE21EEBA3AD882C617AB2188D6230
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D1563ACC8BA4A9EEA1123D38477F1935
Requests: 1 HTTP requests in this frame

Frame: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A546C6DA311F8E9E64AB9860B275A9CA
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DB764EF6A5287EB6D72FCD91CA705EC2
Requests: 9 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012107200040000/amp4ads-v0.mjs
Frame ID: E24EB3F9C1672D76A88252FFBE426AAF
Requests: 16 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012107200040000/amp4ads-v0.mjs
Frame ID: 28D5FE9237A10EE0D3123F2661E3BD00
Requests: 15 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012107200040000/amp4ads-v0.mjs
Frame ID: 270B6F83AF39449CD58EDCEC82E8BAD0
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://ftp.winprizesonline.com/ HTTP 301
https://ftp.winprizesonline.com/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

Page Statistics

233
Requests

97 %
HTTPS

78 %
IPv6

26
Domains

35
Subdomains

29
IPs

5
Countries

1975 kB
Transfer

4600 kB
Size

1
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/pages/httpswwwwinprizesonlinecom/136161331391
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.instagram.com/winprizesonline/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://twitter.com/winprizesonline
Title: Twitter

Search URL Search Domain Scan URL

URL: https://lp.constantcontact.com/su/BuPU8e7/DailySweepstakes
Title: Subscribe to Daily Email

Search URL Search Domain Scan URL

URL: https://pinterest.com/winprizesonline/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ftp.winprizesonline.com/ HTTP 301
https://ftp.winprizesonline.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 97

https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=427953467260386&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df10e22ed843ef0c%26domain%3Dftp.winprizesonline.com%26origin%3Dhttps%253A%252F%252Fftp.winprizesonline.com%252Ff275a760895ded4%26relation%3Dparent.parent&container_width=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2FWinPrizesOnline%2F&locale=en_US&sdk=joey&show_facepile=true&small_header=true&tabs=&width= HTTP 302
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D427953467260386%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df10e22ed843ef0c%2526domain%253Dftp.winprizesonline.com%2526origin%253Dhttps%25253A%25252F%25252Fftp.winprizesonline.com%25252Ff275a760895ded4%2526relation%253Dparent.parent%26container_width%3D300%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252FWinPrizesOnline%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dtrue%26tabs%26width

Request Chain 141

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEIAKelzbnFfRb6rmmDJqKiQ&google_cver=1&google_push=AYg5qPJwEV-Bt1rLnwTBMxDziutcl37yT4ZT7TieJjKzUetEGnSocFigqbu9DEfkSn72NydJ6D_09UfQjhc1RlE5QtCTWW5Wu8cE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEIAKelzbnFfRb6rmmDJqKiQ&google_push=AYg5qPJwEV-Bt1rLnwTBMxDziutcl37yT4ZT7TieJjKzUetEGnSocFigqbu9DEfkSn72NydJ6D_09UfQjhc1RlE5QtCTWW5Wu8cE

Request Chain 142

https://fksnk.com/cs/google?google_gid=CAESEOPn-qliMjnNZ6uayTiJtsk&google_cver=1&google_push=AYg5qPI_0i5Ydjfjfoa_l7IgVIFPbDoaM2p4bF2zMsKBdT5MvHIQKdhkWkhYXR0ZFzgiatZUoNsQ1X6sdr48QeJvw8L0nUNDEPxp HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=ODJBNUU3Mzk3MTU1NjNFQg==

Request Chain 143

https://cs.media.net/cksync?type=g&google_gid=CAESEBJ93l7uEsunFcOMafzyvTo&google_cver=1&google_push=AYg5qPLdc1CEOUHUEwjhl0CvQJszFC0l3xtHACPgi2BwqFFYkKRm-8fXT6_ESh6D46s9QgYMeddsBzUdL3I424a9RTHduB9g9UaS HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjcwMzUzNTM3NTM0ODM1MTAwMFYxMA%3d%3d&mn_hm=MjcwMzUzNTM3NTM0ODM1MTAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPLdc1CEOUHUEwjhl0CvQJszFC0l3xtHACPgi2BwqFFYkKRm-8fXT6_ESh6D46s9QgYMeddsBzUdL3I424a9RTHduB9g9UaS&gdpr=&gdpr_consent=

Request Chain 144

https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEFAfqZG5TVlBVq_uUUn7MLM&google_cver=1&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC

Request Chain 145

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEGQidwiCAZ1v0OgIKrx_GY8&google_cver=1&google_push=AYg5qPItuoraTQmbYEZKoraqvFGPrI9RFfdYLCgRqkfVJtQ8iVjUBnpXBCSBgEfroFsaqoW5OYvBKRz5oOgJ3Np62mlClEgqD-YI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPItuoraTQmbYEZKoraqvFGPrI9RFfdYLCgRqkfVJtQ8iVjUBnpXBCSBgEfroFsaqoW5OYvBKRz5oOgJ3Np62mlClEgqD-YI&google_hm=NzgzNTc5MTcyNTc3MjEyMTIwOQ%3D%3D

Request Chain 146

https://ads.avads.net/sync/ggl?google_gid=CAESEOdOKDJJvx7ghIkM74yyMA8&google_cver=1&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://ads.avads.net/sync/ggl?google_gid=CAESEOdOKDJJvx7ghIkM74yyMA8&google_cver=1&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f&av_tc=True HTTP 302
https://ads.avads.net/sync/ggl?google_gid=CAESEOdOKDJJvx7ghIkM74yyMA8&google_cver=1&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f

Request Chain 231

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

233 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
ftp.winprizesonline.com/
Redirect Chain

http://ftp.winprizesonline.com/
https://ftp.winprizesonline.com/

108 KB
24 KB

1252ms
1180ms

Document
text/html

3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx / PHP/5.5.9-1ubuntu4.27
Resource Hash: 820fba3ff1f9a7261d6589da4b1d722699a87dd220423053cc9b5cfcedb17a58

Request headers

:method: GET
:authority: ftp.winprizesonline.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cache-control: max-age=0, must-revalidate, no-cache, no-store
content-encoding: br
content-type: text/html
date: Tue, 27 Jul 2021 02:12:09 GMT
display: pub_site_sol
expires: Mon, 26 Jul 2021 02:12:09 GMT
pagespeed: off
pragma: no-cache
response: 200
server: nginx
set-cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; path=/ UserGUID=60ff6c2093d1b; expires=Fri, 11-Dec-2048 02:14:56 GMT; Max-Age=863913600; path=/; domain=.winprizesonline.com UserGUID=60ff6c20946dd; expires=Fri, 11-Dec-2048 02:14:56 GMT; Max-Age=863913600; path=/; domain=.winprizesonline.com UserGUID=60ff6c20955ff; expires=Fri, 11-Dec-2048 02:14:56 GMT; Max-Age=863913600; path=/; domain=.winprizesonline.com UserGUID=60ff6c2096932; expires=Fri, 11-Dec-2048 02:14:56 GMT; Max-Age=863913600; path=/; domain=.winprizesonline.com UserGUID=60ff6c20977e4; expires=Fri, 11-Dec-2048 02:14:56 GMT; Max-Age=863913600; path=/; domain=.winprizesonline.com UserGUID=60ff6c20986bd; expires=Fri, 11-Dec-2048 02:14:56 GMT; Max-Age=863913600; path=/; domain=.winprizesonline.com ezoadgid_164040=-1; Path=/; Domain=winprizesonline.com; Expires=Tue, 27 Jul 2021 02:42:08 UTC ezoref_164040=; Path=/; Domain=winprizesonline.com; Expires=Tue, 27 Jul 2021 04:12:08 UTC ezoab_164040=mod1-c; Path=/; Domain=winprizesonline.com; Expires=Tue, 27 Jul 2021 04:12:08 UTC active_template::164040=pub_site.1627351928; Path=/; Domain=winprizesonline.com; Expires=Thu, 29 Jul 2021 02:12:08 UTC ezopvc_164040=1; Path=/; Domain=winprizesonline.com; Expires=Tue, 27 Jul 2021 02:42:09 UTC ezepvv=0; Path=/; Domain=winprizesonline.com; Expires=Wed, 28 Jul 2021 02:12:09 UTC ezovid_164040=1619888507; Path=/; Domain=winprizesonline.com; Expires=Tue, 27 Jul 2021 02:42:09 UTC lp_164040=https://ftp.winprizesonline.com/; Path=/; Domain=winprizesonline.com; Expires=Tue, 27 Jul 2021 02:42:09 UTC ezovuuidtime_164040=1627351929; Path=/; Domain=winprizesonline.com; Expires=Thu, 29 Jul 2021 02:12:09 UTC ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; Path=/; Domain=winprizesonline.com; Expires=Tue, 27 Jul 2021 02:42:09 UTC ezCMPCCS=true; Path=/; Domain=winprizesonline.com; Expires=Wed, 27 Jul 2022 02:12:09 GMT
vary: Accept-Encoding Accept-Encoding,User-Agent
x-ezoic-cdn: Miss
x-middleton-display: pub_site_sol
x-middleton-response: 200
x-powered-by: PHP/5.5.9-1ubuntu4.27
x-sol: pub_site
x-ua-compatible: IE=edge

Redirect headers

Cache-Control: public, max-age=2592000
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 27 Jul 2021 02:12:08 GMT
Display: staticcontent_sol, orig_site_sol
Location: https://ftp.winprizesonline.com/
Pagespeed: off
Response: 301
Server: nginx
Vary: Accept-Encoding User-Agent,Origin,Accept-Encoding
X-Ezoic-Cdn: Hit ds;ds;13b47f66cbeefc3e0efbf00de005702a;2-164040-0;3f9d2538-54ab-414d-78a9-88ddb0515d00
X-Middleton-Display: staticcontent_sol, orig_site_sol
X-Middleton-Response: 301
X-Sol: orig
Content-Length: 328

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 70 KB
25 KB 81ms
29ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

4b7b40175f14405be34df25e66e637402d8114d281930b18130a8a18958b3ce9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "941 / 653 of 1000 / last-modified: 1627337502"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24727
x-xss-protection: 0
expires: Tue, 27 Jul 2021 02:12:10 GMT

GET
H2 200 dall.js Show response
go.ezodn.com/hb/ 284 KB
88 KB 57ms
34ms Script
application/javascript 2606:4700:3031::6815:496e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/hb/dall.js?b=criteo,oftmedia,onetag,pubmatic,pulsepoint,rhythmone,undertone&cb=195-2-26
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:496e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e70eeb916d84fbbd1439225f77eead8328c0c667e94bd15c4aaa0633a7de61fb

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 267025
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GHRaMmAsPL0DhNEF%2Beb9p4c%2FdOWck4noacyy5Oq9IQ7%2FIPhJoUaquRZgFADsuVVpXzGMJrQHP68YjZvjvO23Ke6dwqlafLj%2B0Gs00qnY4QJ2RiAeqDEDacnolJooGnCEbjC1UwKa%2BHhHrpI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 6752575a7b4e1f31-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 7 KB
648 B 38ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e4b20c06a20b7c958a8ebc8d7dd6766a94be7adfb473f4f68e2217b08620fda4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 27 Jul 2021 01:25:23 GMT
server: ESF
date: Tue, 27 Jul 2021 02:12:10 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 27 Jul 2021 02:12:10 GMT

GET
H2 200 css
fonts.googleapis.com/ 709 B
853 B 36ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Concert+One

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

77b0db1f12bb031d1dd668f48ef805c61e99c762a81783f98e03f24ccf2429cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 27 Jul 2021 01:24:55 GMT
server: ESF
date: Tue, 27 Jul 2021 02:12:10 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 27 Jul 2021 02:12:10 GMT

GET
H2 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/ 152 KB
25 KB 40ms
23ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://ftp.winprizesonline.com
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 756, 617, 617
age: 2223993
cdn-cachedat: 2021-06-20 12:47:45
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:08 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 85b07010ae9ddfffabd82077eece5351
cf-ray: 6752575a8a1016ee-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 jquery-3.3.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 26ms
8ms Script
application/javascript 2001:4de0:ac18::1:a:3b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.min.js
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: gzip
last-modified: Sat, 20 Jan 2018 17:26:44 GMT
server: nginx
etag: W/"5a637bd4-1538f"
vary: Accept-Encoding
x-hw: 1627351930.dop233.fr8.t,1627351930.cds236.fr8.hn,1627351930.cds002.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30288

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/ 21 KB
7 KB 38ms
12ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Origin: https://ftp.winprizesonline.com
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 329769
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6646
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-520c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wfCIxQCMd7fneuecYUE6Ue%2BeSWEV8eOXoYS6ow%2F9346425SL%2F%2BlSG1KFTDOTQccbJH2oUb%2FfGGlXN4sFQCGul3IGg5RCxwT5xNhERiHuQBahg0YrLdvcInhs%2BK%2FCon%2FhuQ96uak0Z2s%2FnwPNywx0iz%2BL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6752575b0de74eb5-FRA
expires: Sun, 17 Jul 2022 02:12:10 GMT

GET
H3-29 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/ 57 KB
16 KB 39ms
17ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://ftp.winprizesonline.com
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 632, 617, 617
age: 1500567
cdn-cachedat: 2021-06-19 07:54:27
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:08 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: bb2176677c03dffb8e5b84af4d86b85b
cf-ray: 6752575afb9b4a79-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 all.css
use.fontawesome.com/releases/v5.10.2/css/ 55 KB
13 KB 31ms
15ms Stylesheet
text/css 2606:4700:3037::6815:4e07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.10.2/css/all.css
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:4e07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce67cd6665e835604c7a650ea355d41857dcd2284618b61d82d252dca0abfe5d

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1749879
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 18EHTGCZMXAH6FMH
x-amz-id-2: c8mU9rQ6UVtEfBZyzGGXf5VVXZiikP/i6WQL7Cj6HhnShxlrabCYzx9Tu0PrvUSH3MxvM0Lpajc=
last-modified: Wed, 30 Jun 2021 15:36:08 GMT
server: cloudflare
etag: W/"164a58dcca37a5b00c22e06ee8e2fc68"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=803zbyWxKZQ%2B802TfycxQ4sDEUgHXXtLg6Fh8azNVn8odT43Lq72UsE0Dt47bSHN85KliYRy04KwbwiG2%2B0xapxaW0KdvmIl2%2BO98wE%2B05nqN5kyf%2BTbuaJgekDXEsjABjG7gtgcZ73IHG9vYz4g6INC"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 6752575a8d031f51-FRA

GET
H2 200 styleNewDesign.css
ftp.winprizesonline.com/css/ 64 KB
11 KB 49ms
49ms Stylesheet
text/css 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/css/styleNewDesign.css
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 44bbe754d5fde04f511bd53d04255192f898a6bc02b94a9825ce5344ce8ada18

Request headers

:path: /css/styleNewDesign.css
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
x-sol: orig
server: nginx
display: staticcontent_sol, orig_site_sol
x-ezoic-cdn: Hit ds;mm;52c290af4afef6d66d8396cee2c6fdfe;2-164040-0;62676da5-3378-466f-488f-5f7f3afffbc3
content-type: text/css
x-middleton-display: staticcontent_sol, orig_site_sol
cache-control: public, no-transform,max-age=2592000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 98 KB
40 KB 56ms
17ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-4084127-1

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5031cfe44ca23ba789003524dae330ca6686ef8e6555c7fe281defe3e0fb4c53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40003
x-xss-protection: 0
last-modified: Tue, 27 Jul 2021 01:09:37 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 27 Jul 2021 02:12:10 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 34ms
6ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

210166038b34f2c816152c5d0d3d1f47129a1afa4d0445d3dbe9185bb96d69d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://ftp.winprizesonline.com
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 689U3Jb5/a+sXVrvmQxlcw==
cross-origin-resource-policy: cross-origin
expires: Tue, 27 Jul 2021 02:29:59 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1684
x-fb-rlafr: 0
x-fb-debug: M3oMh0ocD9o3rj5Lt03Zsth0cHwgMY8CgMSfokruFuHryESHja8dMMJ/okAvRieGascBq+ogm44HOVzIXQPfmw==
x-fb-trip-id: 917726464
x-fb-content-md5: 96c2fa892822993e2ef67802c4108fad
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
date: Tue, 27 Jul 2021 02:12:10 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "ff51594294194f082ef28d0ad8643c74"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 244402_th2.png
ftp.winprizesonline.com/publisher_images/ 21 KB
21 KB 855ms
837ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/244402_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 63fa5c6bfff2d0628cc40dd79c4d79ae56105eeb75ed2870891c56e0c51b5e25

Request headers

:path: /publisher_images/244402_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 244361_th2.jpg
ftp.winprizesonline.com/publisher_images/ 4 KB
4 KB 668ms
651ms Image
image/jpeg 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/244361_th2.jpg
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 147bc6792a52f0122a880cd36f8a99076d5f5eae6826a07b92f7f30438585ca0

Request headers

:path: /publisher_images/244361_th2.jpg
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/jpeg
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
content-length: 3805
x-ua-compatible: IE=edge

GET
H2 200 244000_th2.png
ftp.winprizesonline.com/publisher_images/ 16 KB
16 KB 2096ms
2079ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/244000_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d9a93fe2b8894aabc63e93d6d50068eb09dd7bfed8a0dfe61301c792b18b338a

Request headers

:path: /publisher_images/244000_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:12 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:12 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 244383_th2.png
ftp.winprizesonline.com/publisher_images/ 11 KB
11 KB 678ms
661ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/244383_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 3be88af8a808338aa389d96fa3fd9cc50152c4a30270c14f01a0bbe55220576a

Request headers

:path: /publisher_images/244383_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 244397_th2.png
ftp.winprizesonline.com/publisher_images/ 12 KB
12 KB 680ms
664ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/244397_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: bbd2283b1602e1e59c8924ca46c72016a971b94e8156f85e8c5c5f680e1e28b9

Request headers

:path: /publisher_images/244397_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 244365_th2.png
ftp.winprizesonline.com/publisher_images/ 13 KB
13 KB 824ms
807ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/244365_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ac8b6e65d1ac3e054abe73e33df1b67dea28086bb354d365b41e44f4dc9b1ecf

Request headers

:path: /publisher_images/244365_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 244450_th2.png
ftp.winprizesonline.com/publisher_images/ 19 KB
19 KB 1094ms
1076ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/244450_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7132d6ffbbe3f4ff9c71d26e494238a8fdabefb950a3b2b0b1cfeb204a6a9845

Request headers

:path: /publisher_images/244450_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:11 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:11 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 243848_th2.png
ftp.winprizesonline.com/publisher_images/ 15 KB
15 KB 814ms
797ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/243848_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a934955830a208d1bf1ca6b99191c39a2d8d4bd899cac238b9df4c02dcbcec3e

Request headers

:path: /publisher_images/243848_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 244407_th2.png
ftp.winprizesonline.com/publisher_images/ 13 KB
13 KB 823ms
806ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/244407_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 9d4e51a4c93eac97d86a894f115f69ce50f9b3c48d752db06d0475cc7d411fcc

Request headers

:path: /publisher_images/244407_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 banger.js Show response
ftp.winprizesonline.com/porpoiseant/ 45 KB
10 KB 69ms
52ms Script
application/javascript 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/banger.js?cb=195-2&bv=38&v=51&PageSpeed=off
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b5c5b01c373d920bb6eebe87518b9c5613f6dee9e06f41bc3db24b173f0d6eeb

Request headers

:path: /porpoiseant/banger.js?cb=195-2&bv=38&v=51&PageSpeed=off
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 243829_th2.png
ftp.winprizesonline.com/publisher_images/ 11 KB
11 KB 2949ms
2932ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/243829_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1e4a5f448241f3626ea3d6d9d2c447e675c4ba22d8b11bf05aa51a8ec94c03bb

Request headers

:path: /publisher_images/243829_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:12 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:12 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 242503_th2.png
ftp.winprizesonline.com/publisher_images/ 12 KB
12 KB 818ms
801ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/242503_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: c95acef30f727576f1d6085abebf637ab39f5b6bd3265f3375c156c1ea8c5600

Request headers

:path: /publisher_images/242503_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 243080_th2.png
ftp.winprizesonline.com/publisher_images/ 7 KB
7 KB 662ms
646ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/243080_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a8013b1ee724e046342561c77cf313dbc69810573802cc049263759852a77773

Request headers

:path: /publisher_images/243080_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 243826_th2.jpg
ftp.winprizesonline.com/publisher_images/ 3 KB
3 KB 2967ms
2951ms Image
image/jpeg 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/243826_th2.jpg
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7f338e9b6da363fd312972a3edadb11dcdfc765f6b79debbdc84492302cce8e5

Request headers

:path: /publisher_images/243826_th2.jpg
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:13 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/jpeg
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:13 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
content-length: 2985
x-ua-compatible: IE=edge

GET
H2 200 243772_th2.png
ftp.winprizesonline.com/publisher_images/ 11 KB
11 KB 721ms
706ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/243772_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 4d9766c76edf9199da7e1cd4708a1d5ab13eeafcc95be603a87006296df8d4a2

Request headers

:path: /publisher_images/243772_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 243382_th2.png
ftp.winprizesonline.com/publisher_images/ 9 KB
9 KB 687ms
671ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/243382_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 9e9e99ead2f95e67c53bab08f4e05ed83afb8f91983824b7b048caa127121b2e

Request headers

:path: /publisher_images/243382_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 243652_th2.jpg
ftp.winprizesonline.com/publisher_images/ 3 KB
3 KB 689ms
674ms Image
image/jpeg 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/243652_th2.jpg
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b10f2ed2f7d721e860661e69f23036a30467f7c734d745719277af2ce796cd3d

Request headers

:path: /publisher_images/243652_th2.jpg
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/jpeg
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
content-length: 2957
x-ua-compatible: IE=edge

GET
H2 200 244006_th2.png
ftp.winprizesonline.com/publisher_images/ 13 KB
13 KB 850ms
835ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/244006_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d984940ff64f50146f8e4b93e9159c397ac4dbdad8262dfb43efb2d6fcd7bb6

Request headers

:path: /publisher_images/244006_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 39840_th2.jpeg
ftp.winprizesonline.com/publisher_images/ 4 KB
4 KB 685ms
670ms Image
image/jpeg 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/39840_th2.jpeg
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: c68d148a7d87931daf81734fe3cb996ea0f4711373af1dc8c3672ee138a7bf3d

Request headers

:path: /publisher_images/39840_th2.jpeg
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/jpeg
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 72008_th2.jpg
ftp.winprizesonline.com/publisher_images/ 3 KB
3 KB 670ms
655ms Image
image/jpeg 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/72008_th2.jpg
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ed752f771f966bb12f0b6736788057e687da90409f6abc3319897f641f0f8c20

Request headers

:path: /publisher_images/72008_th2.jpg
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/jpeg
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
content-length: 2632
x-ua-compatible: IE=edge

GET
H2 200 34968_th2.jpg
ftp.winprizesonline.com/publisher_images/ 3 KB
3 KB 2965ms
2951ms Image
image/jpeg 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/34968_th2.jpg
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 8533e5fff8a26696481d22ea01994f8c388f4b4996d251f966bf1c776e85dea0

Request headers

:path: /publisher_images/34968_th2.jpg
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:13 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/jpeg
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:13 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
content-length: 2873
x-ua-compatible: IE=edge

GET
H2 200 34456_th2.jpeg
ftp.winprizesonline.com/publisher_images/ 2 KB
2 KB 681ms
667ms Image
image/jpeg 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/34456_th2.jpeg
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 21e951b41d9a2d88e89078726a4bfe1b0a0028c8a2c4b9caee408e82bb4bdf2d

Request headers

:path: /publisher_images/34456_th2.jpeg
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/jpeg
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
content-length: 2297
x-ua-compatible: IE=edge

GET
H2 200 113079_th2.gif
ftp.winprizesonline.com/publisher_images/ 7 KB
6 KB 679ms
665ms Image
image/gif 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/113079_th2.gif
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 54a0b05f718c53b083f2c851f3824c93c8256daf8e36a3e45800b0ce1f84166c

Request headers

:path: /publisher_images/113079_th2.gif
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/gif
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 111862_th2.jpg
ftp.winprizesonline.com/publisher_images/ 3 KB
3 KB 681ms
668ms Image
image/jpeg 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/111862_th2.jpg
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: aa3789cf48c93e93ac628879de905e5f72cbf9a8f2131214a863b347cedf86d1

Request headers

:path: /publisher_images/111862_th2.jpg
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/jpeg
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
content-length: 3006
x-ua-compatible: IE=edge

GET
H2 200 82366_th2.jpg
ftp.winprizesonline.com/publisher_images/ 3 KB
3 KB 663ms
649ms Image
image/jpeg 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/82366_th2.jpg
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: fc44ae3954fe82685ce6b1248acf7ef8e0985d43b393d09aa151fce76ed28daf

Request headers

:path: /publisher_images/82366_th2.jpg
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/jpeg
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
content-length: 2736
x-ua-compatible: IE=edge

GET
H2 200 37863_th2.jpg
ftp.winprizesonline.com/publisher_images/ 4 KB
4 KB 665ms
652ms Image
image/jpeg 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/37863_th2.jpg
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ea4b59de2dc40133435c40e2deeb0282e395be2ab99a1d00bccd683dead15f4a

Request headers

:path: /publisher_images/37863_th2.jpg
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/jpeg
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
content-length: 3836
x-ua-compatible: IE=edge

GET
H2 200 42948_th2.jpg
ftp.winprizesonline.com/publisher_images/ 3 KB
3 KB 689ms
676ms Image
image/jpeg 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/42948_th2.jpg
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 8661364ee96f78dec114c2bfd907c9b7494380dc60096d8bc9cf615151846ab5

Request headers

:path: /publisher_images/42948_th2.jpg
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/jpeg
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
content-length: 2522
x-ua-compatible: IE=edge

GET
H2 200 71297_th2.jpg
ftp.winprizesonline.com/publisher_images/ 3 KB
3 KB 715ms
702ms Image
image/jpeg 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/71297_th2.jpg
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 2b13a448945d780a851d6b56dc1afb15cea56d45cce6cea6875410b11d606de4

Request headers

:path: /publisher_images/71297_th2.jpg
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/jpeg
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
content-length: 3214
x-ua-compatible: IE=edge

GET
H2 200 244171_th2.png
ftp.winprizesonline.com/publisher_images/ 12 KB
12 KB 139ms
127ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/244171_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 59b4f4be6661b9557bd42d9daf3532fb22a54163d5f760f964a80cbb0c40ec86

Request headers

:path: /publisher_images/244171_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Hit ds;ds;736c4c86776a17a25726b18933a91193;2-164040-0;78cee077-ad90-4c0e-535e-8eb3bbf716b2
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 244318_th2.png
ftp.winprizesonline.com/publisher_images/ 16 KB
16 KB 825ms
812ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/244318_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: c1f7087131333ce83273f48d058ce4b7c2327a0a2f6146cd539d855393340a47

Request headers

:path: /publisher_images/244318_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 243713_th2.jpg
ftp.winprizesonline.com/publisher_images/ 2 KB
2 KB 696ms
683ms Image
image/jpeg 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/243713_th2.jpg
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 32a9ee60cea6f692237b70fe9b2d9769574de2bd2869584c2d56931283f561a7

Request headers

:path: /publisher_images/243713_th2.jpg
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/jpeg
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
content-length: 1850
x-ua-compatible: IE=edge

GET
H2 200 241180_th2.png
ftp.winprizesonline.com/publisher_images/ 16 KB
16 KB 808ms
796ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/241180_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ad677b3f5f43c7055b1e8053d466deaa5ef9f200ea55dd95b1c69799651ad2c7

Request headers

:path: /publisher_images/241180_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 243450_th2.png
ftp.winprizesonline.com/publisher_images/ 14 KB
14 KB 829ms
817ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/243450_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 9d8179af923e93ad7445fb44c74ea90842eef60707dab1c623494d13c1145b16

Request headers

:path: /publisher_images/243450_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 243434_th2.jpg
ftp.winprizesonline.com/publisher_images/ 3 KB
2 KB 678ms
667ms Image
image/jpeg 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/243434_th2.jpg
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5e82624b9738b32f6fba66700d47b8f18ad2eb85690a4dc8539264a9975d499c

Request headers

:path: /publisher_images/243434_th2.jpg
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/jpeg
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
content-length: 2394
x-ua-compatible: IE=edge

GET
H2 200 241803_th2.png
ftp.winprizesonline.com/publisher_images/ 14 KB
14 KB 840ms
829ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/241803_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3337e6884e0da050420d2999cf5394330f850785aaabefb1311692d731b202b

Request headers

:path: /publisher_images/241803_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 242908_th2.png
ftp.winprizesonline.com/publisher_images/ 11 KB
11 KB 680ms
668ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/242908_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 96aff4e52cbf68f66cad54a8952c753d1369c74d5eec460ad69d683eeeb6e963

Request headers

:path: /publisher_images/242908_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 240856_th2.png
ftp.winprizesonline.com/publisher_images/ 13 KB
13 KB 847ms
835ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/240856_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 192fd6ce22683359da86d8962256b9b8f851ba4dffebbb538b51d43ae4972677

Request headers

:path: /publisher_images/240856_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 244769_th2.png
ftp.winprizesonline.com/publisher_images/ 11 KB
11 KB 653ms
642ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/244769_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 26e2c81392a1283a6043aea0009e5cd3dc66328114bed4e3fcf36c634e45238e

Request headers

:path: /publisher_images/244769_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 243497_th2.png
ftp.winprizesonline.com/publisher_images/ 11 KB
11 KB 1938ms
1927ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/243497_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 58165b29667efd7ba88d243700082a9850ee8af78a86070dbc11d4ea5eb6c556

Request headers

:path: /publisher_images/243497_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:11 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:11 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 244299_th2.jpg
ftp.winprizesonline.com/publisher_images/ 3 KB
3 KB 152ms
142ms Image
image/jpeg 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/244299_th2.jpg
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a9ca0ebc1f197fff4a210abe61cbe13efca770435cacbe0d1aeaf0e842b8218c

Request headers

:path: /publisher_images/244299_th2.jpg
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Hit ds;ds;032c5b8d0df5204fab411addb42f6453;2-164040-0;a376b0b4-22c1-4ebb-4c42-f83606936b42
content-type: image/jpeg
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
content-length: 3340
x-ua-compatible: IE=edge

GET
H2 200 244254_th2.png
ftp.winprizesonline.com/publisher_images/ 14 KB
14 KB 122ms
111ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/244254_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 08c57978a59ed422002c1d5f7a33c34271cb746d3f0409729112b525ad32d14c

Request headers

:path: /publisher_images/244254_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Hit ds;ds;499fca68389f88a9669ac568469b01d1;2-164040-0;a307e71a-8807-48ff-4e19-f1ef9b5b8bda
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 244535_th2.png
ftp.winprizesonline.com/publisher_images/ 17 KB
17 KB 814ms
804ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/244535_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 9b6afc38f068071f51ed07a0bf2d890f8d3a7f8e2a4d99b617bbc87b12643627

Request headers

:path: /publisher_images/244535_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Miss
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
expires: Mon, 26 Jul 2021 02:12:10 UTC
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 243937_th2.png
ftp.winprizesonline.com/publisher_images/ 19 KB
19 KB 256ms
246ms Image
image/png 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/publisher_images/243937_th2.png
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 9c6f8046b44983cbc5443613c1f4c0582939d3c2989d74c2a8a12143cad2f27a

Request headers

:path: /publisher_images/243937_th2.png
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Hit ds;ds;13be4958a207ed5cfc30c00f4f98aeb6;2-164040-0;83d60263-ecc1-432d-419b-13347aabbc40
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: public, no-transform,max-age=15552000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 menu.js Show response
ftp.winprizesonline.com/js/ 11 KB
3 KB 123ms
122ms Script
application/javascript 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/js/menu.js
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: f242631d2237faba0e67a26fd464c520db763a5bc572270e2697aaf4c2dcf150

Request headers

:path: /js/menu.js
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Hit ds;ds;51eab3efe469a8432fe78202b46c6ba8;2-164040-0;ba32f669-f729-403d-77e2-95d2e2bf15b2
content-type: application/javascript
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: public, no-transform,max-age=2592000
x-middleton-response: 200
content-length: 3265
x-ua-compatible: IE=edge

GET
H2 200 slick.min.js Show response
ftp.winprizesonline.com/js/ 41 KB
10 KB 153ms
134ms Script
application/javascript 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/js/slick.min.js
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5bd085ae9683aaf57ae67bb6bd1f645359b5a1150b548e79ee0c7be68a2e3a23

Request headers

:path: /js/slick.min.js
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
server: nginx
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Hit ds;ds;48e697f2b0e7aeeabe643e450df815be;2-164040-0;5c7e516b-ad40-464e-741a-22b46f60203a
content-type: application/javascript
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: public, no-transform,max-age=2592000
x-middleton-response: 200
x-ua-compatible: IE=edge

GET
H2 200 ezcl.webp Show response
ftp.winprizesonline.com/utilcave_com/inc/ 1 KB
984 B 69ms
59ms Script
application/javascript 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/utilcave_com/inc/ezcl.webp?cb=4
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319

Request headers

:path: /utilcave_com/inc/ezcl.webp?cb=4
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
x-sol: middleton
server: nginx
display: staticcontent_sol
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: staticcontent_sol
cache-control: max-age=86400
set-cookie: ezoab_164040=mod1-c; Path=/; Domain=winprizesonline.com; Expires=Tue, 27 Jul 2021 04:12:10 UTC ezoadgid_164040=-1; Path=/; Domain=winprizesonline.com; Expires=Tue, 27 Jul 2021 02:42:10 UTC ezoref_164040=; Path=/; Domain=winprizesonline.com; Expires=Tue, 27 Jul 2021 04:12:10 UTC active_template::164040=pub_site.1627351930; Path=/; Domain=winprizesonline.com; Expires=Thu, 29 Jul 2021 02:12:10 UTC
content-length: 605

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 95 KB
25 KB 25ms
6ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0d17b8a38d3dce6f7357bbc8da105d92c21b6cf1c4b92351ce2b1861b065f2c5

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 24676
x-xss-protection: 0
pragma: public
x-fb-debug: RTBde8mzcO/67AtmvG8ZxYQ2dp3EG05mNJQoeUF3giM48aDyfeMCH74G/rFigL7T9SE/0DiptN82CD1xbitAhw==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Tue, 27 Jul 2021 02:12:10 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ezosuigeneris.js Show response
g.ezoic.net/ 555 B
556 B 93ms
30ms Script
text/javascript 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/ezosuigeneris.js
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 4461a5c2285ded2abf4651e1e1a5bb5d6dfc1f29e062965b1c2b38a3301efc47

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
etag: 95c15ed0405e9a388031b2e8cb787f34
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cache-control: max-age=999999, private
content-length: 275
expires: Mon, 29 Apr 2020 21:44:55 GMT

GET
H2 200 cmbv2.js Show response
ftp.winprizesonline.com/detroitchicago/ 41 KB
11 KB 65ms
56ms Script
application/javascript 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d1285ef2f563de90e17a26675dd146284a39947af2f610a01cd61c23a6626866

Request headers

:path: /detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; active_template::164040=pub_site.1627351928; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 VEM1Ro9xs5PjtzCu-srDqSTijP4.woff2
fonts.gstatic.com/s/concertone/v12/ 24 KB
24 KB 37ms
6ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/concertone/v12/VEM1Ro9xs5PjtzCu-srDqSTijP4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Concert+One

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d11209d1442b020864f7c35c777ecb20a359c743121536d5e2c0a0c7557c0d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ftp.winprizesonline.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 13:46:43 GMT
x-content-type-options: nosniff
age: 44727
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24308
x-xss-protection: 0
last-modified: Tue, 29 Jun 2021 23:09:16 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 13:46:43 GMT

GET
H2 200 S6u8w4BMUTPHjxsAXC-q.woff2
fonts.gstatic.com/s/lato/v17/ 24 KB
24 KB 46ms
15ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u8w4BMUTPHjxsAXC-q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ccb5febf8ac335a1b768a7a2087fa4362cb3a0a9392e2e451df9d9825e88e5db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ftp.winprizesonline.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 15:35:22 GMT
x-content-type-options: nosniff
age: 556608
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24440
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:12:06 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Jul 2022 15:35:22 GMT

GET
H3-29 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.10.2/webfonts/ 74 KB
74 KB 29ms
15ms Font
font/woff2 2606:4700:3037::6815:4e07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.10.2/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.10.2/css/all.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:4e07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 80fe90cb559538158bc235f4e539d9bcae203e19fab7c6970aad37b0154348ff

Request headers

Origin: https://ftp.winprizesonline.com
Referer: https://use.fontawesome.com/releases/v5.10.2/css/all.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1423172
cf-ray: 6752575b0e4542db-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 75408
x-amz-id-2: m2DKpdEwMrF3ZuFqiDbrjfExdywFPlWSRaFp6Fqu9vQ4+fnzOeeB/YL5JYQgicqdjphE4hNIEME=
last-modified: Wed, 30 Jun 2021 15:36:28 GMT
server: cloudflare
etag: "d6d8d5da9214dc7d46b297672a602d55"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5WK%2Fakf88bh%2FQoEdKXPttczMjwt3opiit0QCdYA6UBwgdAypJ5B%2FvgZjxYpMktEG6iRHwQlPG7W6KbtsGxCn9nc3YuWIEO2KTqP9ORTNgfLWgGQ%2F4nWSmxklZRpTKueAFrDvQH%2Fgres5xvS1teEwn8Fq"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: W17JMNP9N77J2RMZ
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
content-type: font/woff2

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v17/ 23 KB
23 KB 42ms
12ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ftp.winprizesonline.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 00:16:41 GMT
x-content-type-options: nosniff
age: 6929
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 00:16:41 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ 22 KB
23 KB 48ms
18ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ftp.winprizesonline.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 08:34:22 GMT
x-content-type-options: nosniff
age: 581868
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:12:12 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Jul 2022 08:34:22 GMT

GET
H3-29 200 fa-brands-400.woff2
use.fontawesome.com/releases/v5.10.2/webfonts/ 73 KB
74 KB 33ms
19ms Font
font/woff2 2606:4700:3037::6815:4e07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.10.2/webfonts/fa-brands-400.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.10.2/css/all.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:4e07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 975714c6cb70ba105bfa87d2415df2fddde4a46c1d3ab9d0cf45465e56cba97d

Request headers

Origin: https://ftp.winprizesonline.com
Referer: https://use.fontawesome.com/releases/v5.10.2/css/all.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1423172
cf-ray: 6752575b0e4342db-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 74524
x-amz-id-2: 4AM7Y84N8gb7+PsQPBqSilLGUHUCO6R+G0ihhEs1PtIjTU8TaoJQsUTyLZLUGIA5g2RU2lF4J/c=
last-modified: Wed, 30 Jun 2021 15:36:28 GMT
server: cloudflare
etag: "3e1b2a654a784ceb385157140b4ccd71"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L1dincMGzgw4Lbs6wUnZg8ao7AK3UOgtnfuApFh3JvJkq9LuC4SRZ67NXQ28W0gSGjmbhoKroFbvU5Ll3XhX6v903Zhe%2Fi9ilwyCgc8O3Xo1zKVgmDQsXDPT0My121rDXC6kEgCW1sqLrCEiDoy4dZqB"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: W17ZDQMA4SH24MAS
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
content-type: font/woff2

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_US/ 227 KB
66 KB 14ms
6ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=3caa2cd7e554b4eee9df7b72bbb543ea

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

40f5e8279dfdde81c646fb6bdb3f7f12986ccecc02cd0439b33df36be6cfcb4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://ftp.winprizesonline.com
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: Ugj9D+QeKQ0hHP116qT0ng==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 67618
x-fb-rlafr: 0
x-fb-debug: 8AmBoqWcsDAQRFnbiJkpiBP1RQ0eEjUvCGhoeRUQET6d1Thn8ke/odu8rZgGr6JV0OTv6WpnBcATa9vAU75ILg==
x-fb-content-md5: 41da0da1f7895caa5f36ea3792377f52
x-frame-options: DENY
date: Tue, 27 Jul 2021 02:12:10 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "58a74337eef60dbf4e9f61af81b2298d"
timing-allow-origin: *
priority: u=3,i
expires: Wed, 27 Jul 2022 01:06:10 GMT

GET
H3-29 200 pubads_impl_2021072402.js Show response
securepubads.g.doubleclick.net/gpt/ 328 KB
114 KB 58ms
29ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

ddbe62de5ae24097612d0546735d390e3202e985da76fd4fb2a4fa31c29fd1e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 24 Jul 2021 19:56:14 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117130
x-xss-protection: 0
expires: Tue, 27 Jul 2021 02:12:10 GMT

GET
H3-29 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 82 B
104 B 60ms
30ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

05b4bc74f9c2553603ef6e4ba28c20ecbd991c3312b6f9b4cf0048e0b550552c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 79
x-xss-protection: 0
expires: Tue, 27 Jul 2021 02:12:10 GMT

GET
H3-29 200 416923119254091 Show response
connect.facebook.net/signals/config/ 260 KB
74 KB 62ms
61ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/416923119254091?v=2.9.43&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

21c155aa2b9d450290f1602e53da8a9b5d30ea678d5dc4ea65314b08318f39c3

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: WZLGHxTR1h3ALQhY/UQLyePjynouxpCzsQX4jyXYekAvxfjidPkcCDi6PGGNKZcaXDWFY8jgcwsqu7eTiMacKg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 27 Jul 2021 02:12:10 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 imp.gif Show response
ftp.winprizesonline.com/detroitchicago/ 43 B
128 B 37ms
37ms XHR
image/gif 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A1%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A3%2C%22ad_load_version%22%3A2%2C%22ad_location_ids%22%3A%220%2C34%2C5%2C1%2C30%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A1%2C%22bidder_version%22%3A5%2C%22city%22%3A%22Zurich%22%2C%22country%22%3A%22CH%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A164040%2C%22domain_test_group%22%3A20210303%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A11%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A0%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A1%2C%22page_ad_positions%22%3A%221100%2C1111%2C1112%2C1113%2C1118%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%222283d362-0b07-42c8-50d2-cbc6f00e7718%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%228010%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A56621%2C%22response_time_orig%22%3A810%2C%22serverid%22%3A%223.69.27.52%3A5853%22%2C%22state%22%3A%22ZH%22%2C%22sub_page_ad_positions%22%3A%221100%2C1111%2C1112%2C1113%2C1118%22%2C%22t_epoch%22%3A1627351928%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fftp.winprizesonline.com%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A1244%2C%22worst_bad_word_level%22%3A0%7D
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

:path: /detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A1%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A3%2C%22ad_load_version%22%3A2%2C%22ad_location_ids%22%3A%220%2C34%2C5%2C1%2C30%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A1%2C%22bidder_version%22%3A5%2C%22city%22%3A%22Zurich%22%2C%22country%22%3A%22CH%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A164040%2C%22domain_test_group%22%3A20210303%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A11%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A0%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A1%2C%22page_ad_positions%22%3A%221100%2C1111%2C1112%2C1113%2C1118%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%222283d362-0b07-42c8-50d2-cbc6f00e7718%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%228010%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A56621%2C%22response_time_orig%22%3A810%2C%22serverid%22%3A%223.69.27.52%3A5853%22%2C%22state%22%3A%22ZH%22%2C%22sub_page_ad_positions%22%3A%221100%2C1111%2C1112%2C1113%2C1118%22%2C%22t_epoch%22%3A1627351928%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fftp.winprizesonline.com%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A1244%2C%22worst_bad_word_level%22%3A0%7D
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true; active_template::164040=pub_site.1627351930; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/gif
x-middleton-display: imp_sol
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-length: 47

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
9 KB 22ms
7ms Script
application/javascript 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: gzip
etag: "WhyxmPkT7L77qVDcrjxwGw=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Tue, 03 Aug 2021 02:12:10 GMT

GET
H2 200 ezosuigenerisc.js Show response
g.ezoic.net/ 0
54 B 29ms
29ms Script
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/ezosuigenerisc.js?nogen=1
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
cache-control: max-age=300, private
server: nginx
content-length: 0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8

GET
H2 200 cmbdv2.js Show response
ftp.winprizesonline.com/detroitchicago/ 46 KB
10 KB 39ms
38ms Script
application/javascript 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/detroitchicago/cmbdv2.js?gcb=195-2&cb=03-4y0c-5y18-3y34-15y57-21&cmbcb=20&sj=x03x0cx18x34x57
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 116c0aa19fb4cffdfce3cf9821cb864d2daa38783c8bacf084b9bea88f6f8390

Request headers

:path: /detroitchicago/cmbdv2.js?gcb=195-2&cb=03-4y0c-5y18-3y34-15y57-21&cmbcb=20&sj=x03x0cx18x34x57
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true; active_template::164040=pub_site.1627351930; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 nmash.js
ftp.winprizesonline.com/porpoiseant/ 24 KB
6 KB 36ms
36ms Other
application/javascript 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/nmash.js?v=38
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: dc48161214298afa70fd306b5a0a247f62c6042238e3dcadbd32015adedcc263

Request headers

:path: /porpoiseant/nmash.js?v=38
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true; active_template::164040=pub_site.1627351930; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: same-origin
accept: */*
cache-control: no-cache
sec-fetch-dest: worker
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
last-modified: Mon, 26 Jul 2021 23:31:01 GMT
server: nginx
etag: "60c7-5c80f256cd4b1;5c701b9c2cf40-gzip"
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-robots-tag: noindex

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 25ms
5ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-4084127-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 4871
date: Tue, 27 Jul 2021 00:50:59 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Tue, 27 Jul 2021 02:50:59 GMT

GET
H2 200 greenoaks.gif Show response
ftp.winprizesonline.com/detroitchicago/ 0
104 B 34ms
34ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDctMjcifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjIifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInRfZXBvY2giOjE2MjczNTE5MjgsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInRfZXBvY2giOjE2MjczNTE5MjgsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV9wcmltYXJ5X3N1YnRhZyIsInZhbCI6ImVuIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiZGF0YSI6W3sibmFtZSI6InVuaXZlcnNhbF91c2VyX2lkIiwidmFsIjoiOTVjMTVlZDA0MDVlOWEzODgwMzFiMmU4Y2I3ODdmMzQifV19XQ==
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDctMjcifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjIifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInRfZXBvY2giOjE2MjczNTE5MjgsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInRfZXBvY2giOjE2MjczNTE5MjgsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV9wcmltYXJ5X3N1YnRhZyIsInZhbCI6ImVuIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiZGF0YSI6W3sibmFtZSI6InVuaXZlcnNhbF91c2VyX2lkIiwidmFsIjoiOTVjMTVlZDA0MDVlOWEzODgwMzFiMmU4Y2I3ODdmMzQifV19XQ==
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true; active_template::164040=pub_site.1627351930; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:08 UTC

GET
H2 200 denver.js Show response
ftp.winprizesonline.com/detroitchicago/ 4 KB
1 KB 36ms
35ms Script
application/javascript 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/detroitchicago/denver.js?gcb=2&cb=1
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e45818350fb6700935c0dce924d8317b166845c5516bc391a1dbda39203f143a

Request headers

:path: /detroitchicago/denver.js?gcb=2&cb=1
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true; active_template::164040=pub_site.1627351930; ezouspvv=0; ezouspva=0; ezosuigeneris=95c15ed0405e9a388031b2e8cb787f34
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 1273

GET
H2 200 cl.gif
ftp.winprizesonline.com/detroitchicago/ 43 B
76 B 47ms
47ms Image
image/gif 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ftp.winprizesonline.com/detroitchicago/cl.gif?pvID=2283d362-0b07-42c8-50d2-cbc6f00e7718&dID=164040
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

:path: /detroitchicago/cl.gif?pvID=2283d362-0b07-42c8-50d2-cbc6f00e7718&dID=164040
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true; active_template::164040=pub_site.1627351930; ezouspvv=0; ezouspva=0; ezosuigeneris=95c15ed0405e9a388031b2e8cb787f34; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/gif
x-middleton-display: imp_sol
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-length: 47

GET
H2 200 /
www.facebook.com/tr/ 44 B
251 B 6ms
6ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=427953467260386&ev=fb_page_view&dl=https%3A%2F%2Fftp.winprizesonline.com%2F&rl=&if=false&ts=1627351930263&sw=1600&sh=1200&at=

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 27 Jul 2021 02:12:10 GMT

GET
H2 200 rules-p-31iz6hfFutd16.js Show response
rules.quantcount.com/ 3 B
429 B 118ms
38ms Script
application/javascript 2600:9000:20c8:7000:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c8:7000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 20:13:11 GMT
via: 1.1 6e828213221a8cbea0c54b35955f0008.cloudfront.net (CloudFront)
age: 21540
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 19:50:24 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: MAD50-C1
accept-ranges: bytes
x-amz-cf-id: vhWAQoZwhuzmLgJqWv0MFC_CvQjkSu9qEJBeJQ3wPBtze6lVVqt1ug==

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 26ms
12ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j91&a=794578872&t=pageview&_s=1&dl=https%3A%2F%2Fftp.winprizesonline.com%2F&ul=en-us&de=UTF-8&dt=Sweepstakes%20by%20Winprizes%20Online%20-%20Free%20Online%20Sweepstakes%2C%20Contests%20and%20giveaways%20Listings%20-%20Win%20Free%20Stuff&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1852951614&gjid=582840263&cid=1037067233.1627351930&tid=UA-4084127-1&_gid=1319480630.1627351930&_r=1&gtm=2ou7l1&z=194039039

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 27 Jul 2021 02:12:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://ftp.winprizesonline.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 10ms
9ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j91&a=794578872&t=pageview&_s=2&dl=https%3A%2F%2Fftp.winprizesonline.com%2F&ul=en-us&de=UTF-8&dt=Sweepstakes%20by%20Winprizes%20Online%20-%20Free%20Online%20Sweepstakes%2C%20Contests%20and%20giveaways%20Listings%20-%20Win%20Free%20Stuff&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=4GBAAUABAAAAAC~&jid=&gjid=&cid=1037067233.1627351930&tid=UA-4084127-1&_gid=1319480630.1627351930&gtm=2ou7l1&z=1503592390

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jul 2021 22:08:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 14630
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 10ms
9ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j91&a=794578872&t=event&_s=3&dl=https%3A%2F%2Fftp.winprizesonline.com%2F&ul=en-us&de=UTF-8&dt=Sweepstakes%20by%20Winprizes%20Online%20-%20Free%20Online%20Sweepstakes%2C%20Contests%20and%20giveaways%20Listings%20-%20Win%20Free%20Stuff&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=general&ea=UUID_dimension&_u=4GBAAUABAAAAAC~&jid=&gjid=&cid=1037067233.1627351930&uid=99&tid=UA-4084127-1&_gid=1319480630.1627351930&gtm=2ou7l1&cd2=99&z=976360268

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jul 2021 22:08:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 14630
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 6ms
6ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=416923119254091&ev=PageView&dl=https%3A%2F%2Fftp.winprizesonline.com%2F&rl=&if=false&ts=1627351930334&sw=1600&sh=1200&v=2.9.43&r=stable&ec=0&o=30&fbp=fb.1.1627351930332.523576486&it=1627351930201&coo=false&rqm=GET

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Tue, 27 Jul 2021 02:12:10 GMT

GET
H2 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
853 B 48ms
15ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 35ms
15ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 1 KB
309 B 581ms
580ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1503229515504863&correlator=3336637134421391&output=ldjh&impl=fifs&eid=31062009%2C31061842%2C20211866&vrg=2021072402&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210727&iu_parts=1254144%2Cwinprizesonline_com-box-2%2Cwinprizesonline_com-box-1%2Cwinprizesonline_com-large-billboard-2&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=468x60%2C320x50%7C250x250%7C336x280%7C320x50%7C468x60%7C580x400%7C125x125%7C300x250%7C320x100%7C120x240%7C200x200%7C180x150%7C234x60%2C320x50%7C250x250%7C300x250%7C320x50%7C468x60%7C180x150%7C580x400%7C125x125%7C234x60%7C336x280%7C320x100%7C120x240%7C200x200&fluid=0%2Cheight%2Cheight&prev_scp=a%3D%257C6%257C%26iid18%3D1761844%26eid%3D6307843445959752993%26t%3D134%26d%3D164040%26t1%3D134%26pvc%3D0%26ap%3D1111%26sap%3D1111%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinprizesonline_com-box-2-1761844%26eb_br%3Dc16fac08e79a971524b1c6834f5caad3%26eba%3D1%26ebss%3D10061%26asau%3D2260528807%26bv%3D0%26bvm%3D1%26bvr%3D6%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D280%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C14%2C28%2C67%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C815%2C817%2C899%2C919%2C774%7Ca%3D%257C251%257C%26iid19%3D1832644%26eid%3D4570908922087774802%26t%3D134%26d%3D164040%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinprizesonline_com-box-1-1832644%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10061%26asau%3D2260528807%26bv%3D23%26bvm%3D0%26bvr%3D3%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D450%26br2%3D700%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%2C0%2C28%2C27%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C815%2C817%2C899%2C919%2C774%7Ca%3D%257C3%257C%26iid19%3D1801294%26eid%3D4080719036065783844%26t%3D134%26d%3D164040%26t1%3D134%26pvc%3D0%26ap%3D1113%26sap%3D1113%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dwinprizesonline_com-large-billboard-2-1801294%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10061%26asau%3D2260528807%26bv%3D23%26bvm%3D0%26bvr%3D3%26shp%3D1%26ftsn%3D3%26br1%3D400%26br2%3D600%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%2C774&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1627351930&dt=1627351930420&dlt=1627351929972&idt=371&frm=20&biw=1600&bih=1200&oid=3&adxs=230%2C1074%2C1074&adys=204%2C289%2C576&adks=2013700999%2C1344008380%2C3892968019&ucis=1%7C2%7C3&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fftp.winprizesonline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=468x60%7C300x250%7C300x250&msz=468x60%7C300x250%7C300x250&ga_vid=1037067233.1627351930&ga_sid=1627351930&ga_hid=794578872&ga_fc=false&fws=0%2C0%2C0&ohw=0%2C0%2C0&btvi=0%7C0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e5eb6ee9a13ddbc7640f794e054e6f94c8a53967ecb03a507aa00af7df0ecbeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 279
x-xss-protection: 0
google-lineitem-id: -2,-2,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,-2,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ftp.winprizesonline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1F95 6 KB
3 KB 60ms
14ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ftp.winprizesonline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ftp.winprizesonline.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 27 Jul 2021 02:12:10 GMT
expires: Wed, 27 Jul 2022 02:12:10 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 474 B
279 B 343ms
342ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1503229515504863&correlator=250275234639685&output=ldjh&impl=fifs&eid=31062009%2C31061842%2C20211866&vrg=2021072402&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210727&iu_parts=1254144%2Cwinprizesonline_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&prev_scp=a%3D%257C124%257C%26iid19%3D1816894%26eid%3D8316520980271779298%26t%3D134%26d%3D164040%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dwinprizesonline_com-medrectangle-2-1816894%26eb_br%3Dc5429b6ddd929d0bc40a832a87789a7c%26eba%3D1%26ebss%3D10061%26asau%3D2260528807%26bv%3D21%26bvm%3D0%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D1000%26br2%3D500%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C14%2C28%2C67%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C760%2C761%2C815%2C816%2C817%2C818%2C899%2C919%2C774&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1627351930&dt=1627351930427&dlt=1627351929972&idt=371&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1110&adks=4148406872&ucis=4&ifi=4&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fftp.winprizesonline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&ga_vid=1037067233.1627351930&ga_sid=1627351930&ga_hid=794578872&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

6f16276715b23ab20a4e9609c9a502b9698084abf4f43a497ac4286a8e0fa458

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 249
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ftp.winprizesonline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
439 B 42ms
14ms XHR
text/plain 2a00:1450:400c:c04::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-4084127-1&cid=1037067233.1627351930&jid=1852951614&gjid=582840263&_gid=1319480630.1627351930&_u=YEBAAUAAAAAAAC~&z=1128123935

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 27 Jul 2021 02:12:10 GMT
content-type: text/plain
access-control-allow-origin: https://ftp.winprizesonline.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel;r=525259075;labels=Domain.winprizesonline_com%2CDomainId.164040;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fftp.winprizesonline.com%2F;uht=2;fpan=1;fpa=P0-1967954092-1627351930446;pbcn=u;pbc=;ns...
pixel.quantserve.com/ 35 B
371 B 12ms
10ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=525259075;labels=Domain.winprizesonline_com%2CDomainId.164040;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fftp.winprizesonline.com%2F;uht=2;fpan=1;fpa=P0-1967954092-1627351930446;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=0;ref=;d=winprizesonline.com;je=0;sr=1600x1200x24;dst=1;et=1627351930446;tzo=-120;ogl=type.article%2Csite_name.Winprizes%20Online%20%7C%20Prizetune%2Curl.https%3A%2F%2Fwww%252Ewinprizesonline%252Ecom%2Ctitle.Use%20This%20Sweepstakes%20Directory%20to%20Find%20the%20Prizes%20You%20Want%20to%20Win%2Cdescription.Find%20the%20sweepstakes%20you%20want%20to%20enter%20the%20most%20with%20this%20helpful%20sweepstakes%20di%2Cimage.https%3A%2F%2Fwww%252Ewinprizesonline%252Ecom%2Fpublisher_images%2F229222_th1%252Epng

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 27 Jul 2021 02:12:10 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
311 B 17ms
17ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-4084127-1&cid=1037067233.1627351930&jid=1852951614&_u=YEBAAUAAAAAAAC~&z=785067422

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 27 Jul 2021 02:12:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
522 B 34ms
15ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-4084127-1&cid=1037067233.1627351930&jid=1852951614&_u=YEBAAUAAAAAAAC~&z=785067422

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 27 Jul 2021 02:12:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 greenoaks.gif Show response
ftp.winprizesonline.com/detroitchicago/ 0
42 B 34ms
34ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfcmVxdWVzdCIsInZhbCI6IjgwMSJ9XX1d
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfcmVxdWVzdCIsInZhbCI6IjgwMSJ9XX1d
pragma: no-cache
cookie: PHPSESSID=d09outc1kfoiibksnvpb57ps41; UserGUID=60ff6c20986bd; ezoadgid_164040=-1; ezoref_164040=; ezoab_164040=mod1-c; ezopvc_164040=1; ezepvv=0; ezovid_164040=1619888507; lp_164040=https://ftp.winprizesonline.com/; ezovuuidtime_164040=1627351929; ezovuuid_164040=a7b3ec2d-b507-44d0-4aaa-5559d445e9b1; ezCMPCCS=true; active_template::164040=pub_site.1627351930; ezouspvv=0; ezouspva=0; ezosuigeneris=95c15ed0405e9a388031b2e8cb787f34; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.1037067233.1627351930; _gid=GA1.2.1319480630.1627351930; _gat_gtag_UA_4084127_1=1; _fbp=fb.1.1627351930332.523576486; __qca=P0-1967954092-1627351930446; __gads=ID=714992dec6c16186-2236040b8ec80094:T=1627351930:S=ALNI_Mb8MQWpgmC4gS1cKMrk0iSEOXt_zg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:09 UTC

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 7ms
6ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=416923119254091&ev=Microdata&dl=https%3A%2F%2Fftp.winprizesonline.com%2F&rl=&if=false&ts=1627351930837&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Sweepstakes%20by%20Winprizes%20Online%20-%20Free%20Online%20Sweepstakes%2C%20Contests%20and%20giveaways%20Listings%20-%20Win%20Free%20Stuff%22%2C%22meta%3Adescription%22%3A%22Online%20Sweepstakes%2C%20Contests%20and%20giveaways%20platform%20updated%20daily.%20Find%20more%20free%20stuff%20to%20win%2C%20cash%20prizes%20and%20Instant%20Win%20games.%20Join%20for%20free.%22%2C%22meta%3Akeywords%22%3A%22sweepstakes%2C%20sweepstakes%20directory%2C%20sweeps%2Cfree%20online%20sweepstakes%20and%20giveaways%2C%20instant%20win%2C%20enter%20to%20win%22%7D&cd[OpenGraph]=%7B%22article%3Asection%22%3A%22Winprizes%20Online%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Asite_name%22%3A%22Winprizes%20Online%20%7C%20Prizetune%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.winprizesonline.com%22%2C%22og%3Atitle%22%3A%22Use%20This%20Sweepstakes%20Directory%20to%20Find%20the%20Prizes%20You%20Want%20to%20Win%22%2C%22og%3Adescription%22%3A%22Find%20the%20sweepstakes%20you%20want%20to%20enter%20the%20most%20with%20this%20helpful%20sweepstakes%20directory.%20Focus%20your%20efforts%20and%20win%20more%20of%20the%20prizes%20you%20want%20most!%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.winprizesonline.com%2Fpublisher_images%2F229222_th1.png%22%2C%22article%3Aauthor%22%3A%22https%3A%2F%2Fwww.facebook.com%2FWinPrizesOnline%2F%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.43&r=stable&ec=1&o=30&fbp=fb.1.1627351930332.523576486&it=1627351930201&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:10 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Tue, 27 Jul 2021 02:12:10 GMT

GET
H3-29

200

/
www.facebook.com/login/ Frame 2228
Redirect Chain

https://www.facebook.com/v5.0/plugins/page.php?adapt_container_width=true&app_id=427953467260386&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df10e...
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D427953467260386%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook....

0
0

116ms
116ms

Document
text/html

2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D427953467260386%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df10e22ed843ef0c%2526domain%253Dftp.winprizesonline.com%2526origin%253Dhttps%25253A%25252F%25252Fftp.winprizesonline.com%25252Ff275a760895ded4%2526relation%253Dparent.parent%26container_width%3D300%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252FWinPrizesOnline%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dtrue%26tabs%26width

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=3caa2cd7e554b4eee9df7b72bbb543ea

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com data: blob: 'self';script-src .facebook.com .fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com: attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D427953467260386%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df10e22ed843ef0c%2526domain%253Dftp.winprizesonline.com%2526origin%253Dhttps%25253A%25252F%25252Fftp.winprizesonline.com%25252Ff275a760895ded4%2526relation%253Dparent.parent%26container_width%3D300%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252FWinPrizesOnline%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dtrue%26tabs%26width
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ftp.winprizesonline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: about:blank

Response headers

vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
x-fb-rlafr: 0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy: default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: yxHzWg6pMAa4eG3S4ykoKW5roUN3eeEErykRy8gLrkgY3qwCv5OvlfQ72Vo4pH/qUKt+aPd/fWxWpKZ4/HJPiA==
date: Tue, 27 Jul 2021 02:12:13 GMT
priority: u=3,i
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

Redirect headers

location: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D427953467260386%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df10e22ed843ef0c%2526domain%253Dftp.winprizesonline.com%2526origin%253Dhttps%25253A%25252F%25252Fftp.winprizesonline.com%25252Ff275a760895ded4%2526relation%253Dparent.parent%26container_width%3D300%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252FWinPrizesOnline%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dtrue%26tabs%26width
x-fb-rlafr: 0
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version: v5.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: oh48WTa9CB+kwxbPNha3RqVt+sxrot04369rUzt880ZiU1Zh9UkrYS/lRnSvV31xfDej4QcyL125dhRlz61v7A==
content-length: 0
date: Tue, 27 Jul 2021 02:12:13 GMT
priority: u=3,i
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 37ms
17ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021072402&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

afd535f96f473baa798f259afc49104fc6538bdc583f88f49824ef10928e1383

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8353
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 33ms
13ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Tue, 27 Jul 2021 02:12:13 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 66AB 12 KB
5 KB 19ms
6ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ftp.winprizesonline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ftp.winprizesonline.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Mon, 26 Jul 2021 19:05:01 GMT
expires: Tue, 26 Jul 2022 19:05:01 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 25632
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D156 783 B
814 B 15ms
15ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f824f3764d1d55ec86f61268f66c033473dc1ab7224475367aecd61b2342a732

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Mi3x6GF91GF0WxgvhkNQmg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ftp.winprizesonline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ftp.winprizesonline.com/

Response headers

expires: Tue, 27 Jul 2021 02:12:13 GMT
date: Tue, 27 Jul 2021 02:12:13 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-Mi3x6GF91GF0WxgvhkNQmg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 1F0G3I6YlTVvecGNMd7Bu9yqy2V0Wx21RWer6UJxq00.js Show response
pagead2.googlesyndication.com/bg/ Frame 66AB 35 KB
13 KB 19ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1F0G3I6YlTVvecGNMd7Bu9yqy2V0Wx21RWer6UJxq00.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d45d06dc8e9895356f79c18d31dec1bbdcaacb65745b1db54567abe94271ab4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 10:53:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55153
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13212
x-xss-protection: 0
last-modified: Mon, 19 Jul 2021 15:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Jul 2022 10:53:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 15ms
14ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021072402&jk=1503229515504863&bg=!5uWl5aHNAAb7_-tu-_87ACkAdvg8Wuhnt6sqJjR6LtbGEP0jSAKCDEHkP3pytS2tMJeRlto0cPvetAIAAABzUgAAAApoAQcKAESDLHF8ANrb0lFO-MrYFis3JnOTU3Xh2v2OIWLaR_QSfLM4v0xCbAr-F4wIOeCKpEuH88LzLTXmqG_j2jz4hGEVVegaV5kCenZf6H6wdT2LwKdjM7MsWo1daN_LimNp0h1FczLh6kRxuiTWIoi2bu5QI5P_dxg5Ae0GZSSq1ty_2lptDpuZj81cxYpLvdTbkR7MjZkjFVYzuRjgPh9406wYpa_18YWDT8d6NHYxUs6aFI7Xw8fBZWCP30UG8SiVY2XcXZdK2YQsRVGC9G4AdHy_XahVLD2d1Jkwi9zK-rqV_yCOh2-4Oam5Nl_lKOKkssye8WZBM6e223b7tkp-iEIjUw8eFYjPS-IhPRHlBRN4cl9lDPrgg9pFaPp7Nl6EFjqyZgl3zyoQcAULWgyWrumHsR9qza8MKT-avsryidAHbAWzWGWsopQ4WydBOfRCqBz9-0TTxDqPw9uuXNPZu70hzX3nEsZoC6I16RNQe7fbmCxFLMMG6kNLWTigZjIdHUvLU1M-TAp5u4NjcmW0e3nxDRquLP-0I62g2SUvKnbxdGo8u82nes71u4ErENqAp8wTeRSWOu9dgs4RpMSZ6LGi76sxVJASp6ju4jVEI-Ji9wdLqgPzoJGXppEAxW0S5h2WKrSvU_ThWLBCOqUrIMOIqy9rDFWiUF3hdQmf8d8ay-2mndmd0yv7qb8UWkedpI-0b_74i79rfAUK2ETYXSr8GAkU73rr1GRkYRRpH8IRtfaozVQQoWljxiWH6tB7p1TF4E2sUn-_3eXmbKvRGnalQTY8PuaHnlA7XH5JXP0bepua-HBUdnrHTpxwLHEn07nzfqfTVqhhIb6yTN4m_nWZoQtNVSlD13ji9XmgtglHYHVf-59n7bYlPfuNe96w15yNzQbZLxvCYdBwy5NSugrk_D7yXCcDGno_d7ueDmjELfY

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 27 Jul 2021 02:12:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
165 B 16ms
15ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
15ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 478 B
423 B 2632ms
2631ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1503229515504863&correlator=1252226187859052&output=ldjh&impl=fifs&eid=31062009%2C31061842%2C20211866&vrg=2021072402&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210727&iu_parts=1254144%2Cwinprizesonline_com-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C250x250%7C300x250%7C320x50%7C468x60%7C180x150%7C580x400%7C125x125%7C234x60%7C336x280%7C320x100%7C120x240%7C200x200&fluid=height&ris=3&rcs=1&prev_scp=a%3D%257C3%257C%26iid19%3D1801294%26eid%3D4080719036065783844%26t%3D134%26d%3D164040%26t1%3D134%26pvc%3D0%26ap%3D1113%26sap%3D1113%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dwinprizesonline_com-large-billboard-2-1801294%26eb_br%3D86802a923a1f32517e4c5d3b6d550271%26eba%3D1%26ebss%3D10061%26asau%3D2260528807%26bv%3D23%26bvm%3D0%26bvr%3D3%26shp%3D1%26ftsn%3D3%26br1%3D200%26br2%3D600%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%2C774%2C20%26lb%3D400%26reqt%3D1627351933778&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1627351933&dt=1627351933783&dlt=1627351929972&idt=371&frm=20&biw=1600&bih=1200&oid=3&adxs=1074&adys=576&adks=3892968019&ucis=5&ifi=5&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fftp.winprizesonline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1037067233.1627351930&ga_sid=1627351930&ga_hid=794578872&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

324610f1d401fb0aff89ab20b12dc3d6efb92d55f0a742319f5f76d2ca2f067b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:14 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 245
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ftp.winprizesonline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 466 B
409 B 353ms
353ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1503229515504863&correlator=2751537781339162&output=ldjh&impl=fifs&eid=31062009%2C31061842%2C20211866&vrg=2021072402&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210727&iu_parts=1254144%2Cwinprizesonline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C250x250%7C336x280%7C320x50%7C468x60%7C580x400%7C125x125%7C300x250%7C320x100%7C120x240%7C200x200%7C180x150%7C234x60&fluid=height&ris=3&rcs=1&prev_scp=a%3D%257C251%257C%26iid19%3D1832644%26eid%3D4570908922087774802%26t%3D134%26d%3D164040%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinprizesonline_com-box-1-1832644%26eb_br%3D43aa1607a0c08c74b14a9039e7b909b4%26eba%3D1%26ebss%3D10061%26asau%3D2260528807%26bv%3D23%26bvm%3D0%26bvr%3D3%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D220%26br2%3D700%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%2C0%2C28%2C27%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C815%2C817%2C899%2C919%2C774%2C20%26lb%3D450%26reqt%3D1627351933785&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1627351933&dt=1627351933790&dlt=1627351929972&idt=371&frm=20&biw=1600&bih=1200&oid=3&adxs=1074&adys=289&adks=1344008380&ucis=6&ifi=6&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fftp.winprizesonline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1037067233.1627351930&ga_sid=1627351930&ga_hid=794578872&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

5041aa984c376b44f64cbd8f839f165c88db4cc1913957db251904ff25f57bbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:14 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 235
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ftp.winprizesonline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 465 B
413 B 342ms
341ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1503229515504863&correlator=2279248393850230&output=ldjh&impl=fifs&eid=31062009%2C31061842%2C20211866&vrg=2021072402&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210727&iu_parts=1254144%2Cwinprizesonline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60&ris=3&rcs=1&prev_scp=a%3D%257C6%257C%26iid18%3D1761844%26eid%3D6307843445959752993%26t%3D134%26d%3D164040%26t1%3D134%26pvc%3D0%26ap%3D1111%26sap%3D1111%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinprizesonline_com-box-2-1761844%26eb_br%3D8de2c8ca79e8623e3cb37120a35ebaa2%26eba%3D1%26ebss%3D10061%26asau%3D2260528807%26bv%3D0%26bvm%3D1%26bvr%3D6%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D240%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C14%2C28%2C67%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C815%2C817%2C899%2C919%2C774%2C20%26lb%3D280%26reqt%3D1627351933793&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1627351933&dt=1627351933796&dlt=1627351929972&idt=371&frm=20&biw=1600&bih=1200&oid=3&adxs=230&adys=204&adks=2013700999&ucis=7&ifi=7&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fftp.winprizesonline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=468x60&msz=468x60&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1037067233.1627351930&ga_sid=1627351930&ga_hid=794578872&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

33503f305db201d4c2a3afb8c085ed02065e706cd82334270beb59f0d5b0b6ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:14 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 235
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ftp.winprizesonline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 474 B
796 B 289ms
289ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1503229515504863&correlator=4214953773455130&output=ldjh&impl=fifs&eid=31062009%2C31061842%2C20211866&vrg=2021072402&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210727&iu_parts=1254144%2Cwinprizesonline_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=3&rcs=1&prev_scp=a%3D%257C124%257C%26iid19%3D1816894%26eid%3D8316520980271779298%26t%3D134%26d%3D164040%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dwinprizesonline_com-medrectangle-2-1816894%26eb_br%3D5f2b94bb26a5aa9b1a00e66d30cfd5ec%26eba%3D1%26ebss%3D10061%26asau%3D2260528807%26bv%3D21%26bvm%3D0%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D500%26br2%3D500%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C14%2C28%2C67%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C760%2C761%2C815%2C816%2C817%2C818%2C899%2C919%2C774%26lb%3D1000%26reqt%3D1627351933799&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1627351933&dt=1627351933802&dlt=1627351929972&idt=371&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1110&adks=4148406872&ucis=8&ifi=8&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fftp.winprizesonline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1037067233.1627351930&ga_sid=1627351930&ga_hid=794578872&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

22d90b745bf1d74a3bb0c15cec22d3465dc906de928bbbe53c0a89a69558fe1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:14 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 251
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ftp.winprizesonline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
122 B 30ms
15ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 28ms
14ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 449 B
253 B 2381ms
2380ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1503229515504863&correlator=170750815188144&output=ldjh&impl=fifs&eid=31062009%2C31061842%2C20211866&vrg=2021072402&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210727&iu_parts=1254144%2Cwinprizesonline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C250x250%7C336x280%7C320x50%7C468x60%7C580x400%7C125x125%7C300x250%7C320x100%7C120x240%7C200x200%7C180x150%7C234x60&fluid=height&ris=2&rcs=2&prev_scp=a%3D%257C251%257C%26iid19%3D1832644%26eid%3D4570908922087774802%26t%3D134%26d%3D164040%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinprizesonline_com-box-1-1832644%26eb_br%3Ddfa60cee6e1053fc0c9e607c8047bd28%26eba%3D1%26ebss%3D10061%26asau%3D2260528807%26bv%3D23%26bvm%3D0%26bvr%3D3%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D80%26br2%3D700%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%2C0%2C28%2C27%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C815%2C817%2C899%2C919%2C774%2C20%2C17%2C19%2C20%26lb%3D220%26reqt%3D1627351934293&eri=1&cookie=ID%3D625198380ef21651-22ed4c0c8ec800c7%3AT%3D1627351933%3AS%3DALNI_MaBywK50Hkv6OWNZSGFJmBY66oWBA&bc=31&abxe=1&lmt=1627351935&dt=1627351935298&dlt=1627351929972&idt=371&frm=20&biw=1600&bih=1200&oid=3&adxs=1074&adys=289&adks=1344008380&ucis=9&ifi=9&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fftp.winprizesonline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1037067233.1627351930&ga_sid=1627351930&ga_hid=794578872&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

bcccf70c8ba9acd974a389243d9b7ea1489261027d6d99abe91b227ad20161f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:17 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 222
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ftp.winprizesonline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 448 B
251 B 1414ms
1414ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1503229515504863&correlator=3670799367062448&output=ldjh&impl=fifs&eid=31062009%2C31061842%2C20211866&vrg=2021072402&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210727&iu_parts=1254144%2Cwinprizesonline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60&ris=2&rcs=2&prev_scp=a%3D%257C6%257C%26iid18%3D1761844%26eid%3D6307843445959752993%26t%3D134%26d%3D164040%26t1%3D134%26pvc%3D0%26ap%3D1111%26sap%3D1111%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinprizesonline_com-box-2-1761844%26eb_br%3D86802a923a1f32517e4c5d3b6d550271%26eba%3D1%26ebss%3D10061%26asau%3D2260528807%26bv%3D0%26bvm%3D1%26bvr%3D6%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D200%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C14%2C28%2C67%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C815%2C817%2C899%2C919%2C774%2C20%2C20%26lb%3D240%26reqt%3D1627351934307&eri=1&cookie=ID%3D625198380ef21651-22ed4c0c8ec800c7%3AT%3D1627351933%3AS%3DALNI_MaBywK50Hkv6OWNZSGFJmBY66oWBA&bc=31&abxe=1&lmt=1627351935&dt=1627351935311&dlt=1627351929972&idt=371&frm=20&biw=1600&bih=1200&oid=3&adxs=230&adys=204&adks=2013700999&ucis=a&ifi=10&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fftp.winprizesonline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=468x60&msz=468x60&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1037067233.1627351930&ga_sid=1627351930&ga_hid=794578872&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ae5422cf35cf465f3b2f4ea6b1c6c9fe5312868c95277e54a71d8b3721c0f07d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:16 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 220
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ftp.winprizesonline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 51 KB
12 KB 2155ms
2155ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1503229515504863&correlator=1076486786625165&output=ldjh&impl=fifs&eid=31062009%2C31061842%2C20211866&vrg=2021072402&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210727&iu_parts=1254144%2Cwinprizesonline_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=2&rcs=2&prev_scp=a%3D%257C124%257C%26iid19%3D1816894%26eid%3D8316520980271779298%26t%3D134%26d%3D164040%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dwinprizesonline_com-medrectangle-2-1816894%26eb_br%3D9e0a1ce5b2455cb9b48d5df4c6bf4053%26eba%3D1%26ebss%3D10061%26asau%3D2260528807%26bv%3D21%26bvm%3D0%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D350%26br2%3D500%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C14%2C28%2C67%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C760%2C761%2C815%2C816%2C817%2C818%2C899%2C919%2C774%26lb%3D500%26reqt%3D1627351934308&eri=1&cookie=ID%3D625198380ef21651-22ed4c0c8ec800c7%3AT%3D1627351933%3AS%3DALNI_MaBywK50Hkv6OWNZSGFJmBY66oWBA&bc=31&abxe=1&lmt=1627351935&dt=1627351935317&dlt=1627351929972&idt=371&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1110&adks=4148406872&ucis=b&ifi=11&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fftp.winprizesonline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1037067233.1627351930&ga_sid=1627351930&ga_hid=794578872&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

544c3b92f470cc1b52b69f18c600c658f2f5899f0af4584527d49b63179d8c95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12137
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ftp.winprizesonline.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 56 KB
17 KB 391ms
391ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1503229515504863&correlator=296928108609745&output=ldjh&impl=fifs&eid=31062009%2C31061842%2C20211866&vrg=2021072402&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210727&iu_parts=1254144%2Cwinprizesonline_com-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C250x250%7C300x250%7C320x50%7C468x60%7C180x150%7C580x400%7C125x125%7C234x60%7C336x280%7C320x100%7C120x240%7C200x200&fluid=height&ris=3&rcs=2&prev_scp=a%3D%257C3%257C%26iid19%3D1801294%26eid%3D4080719036065783844%26t%3D134%26d%3D164040%26t1%3D134%26pvc%3D0%26ap%3D1113%26sap%3D1113%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dwinprizesonline_com-large-billboard-2-1801294%26eb_br%3D527e52c10635ac8136a4c84094ee49a8%26eba%3D1%26ebss%3D10061%26asau%3D2260528807%26bv%3D23%26bvm%3D0%26bvr%3D3%26shp%3D1%26ftsn%3D3%26br1%3D70%26br2%3D600%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%2C774%2C20%2C17%2C19%2C20%26lb%3D200%26reqt%3D1627351936420&eri=1&cookie=ID%3Dd5e0954c22efe29d-22228f0b8ec80024%3AT%3D1627351933%3AS%3DALNI_MbbjzKs4I2Xu63OKMYqmmIOcIH7Rg&bc=31&abxe=1&lmt=1627351936&dt=1627351936424&dlt=1627351929972&idt=371&frm=20&biw=1600&bih=1200&oid=3&adxs=1074&adys=576&adks=3892968019&ucis=c&ifi=12&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fftp.winprizesonline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1037067233.1627351930&ga_sid=1627351930&ga_hid=794578872&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

cc36a5778c5bde036dee1af5e870bb6cb59ba4bc27dd815795fa636ea41a7988

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17089
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ftp.winprizesonline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
168 B 275ms
275ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1503229515504863&correlator=660572906567403&output=ldjh&impl=fifs&eid=31062009%2C31061842%2C20211866&vrg=2021072402&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210727&iu_parts=1254144%2Cwinprizesonline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60&ris=1&rcs=3&prev_scp=a%3D%257C6%257C%26iid18%3D1761844%26eid%3D6307843445959752993%26t%3D134%26d%3D164040%26t1%3D134%26pvc%3D0%26ap%3D1111%26sap%3D1111%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinprizesonline_com-box-2-1761844%26eb_br%3D9ae587f95e95c876b7b76fd4c72a3838%26eba%3D1%26ebss%3D10061%26asau%3D2260528807%26bv%3D0%26bvm%3D1%26bvr%3D6%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D180%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C14%2C28%2C67%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C815%2C817%2C899%2C919%2C774%2C20%2C20%2C20%26lb%3D200%26reqt%3D1627351936732&eri=1&cookie=ID%3D625198380ef21651%3AT%3D1627351933%3AS%3DALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ&bc=31&abxe=1&lmt=1627351936&dt=1627351936737&dlt=1627351929972&idt=371&frm=20&biw=1600&bih=1200&oid=3&adxs=230&adys=204&adks=2013700999&ucis=d&ifi=13&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fftp.winprizesonline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=468x60&msz=468x60&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1037067233.1627351930&ga_sid=1627351930&ga_hid=794578872&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8d4d9792eb7e026b9c623e32cff51517b5842e819767082954ab8372d6005887

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:17 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ftp.winprizesonline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A546 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ftp.winprizesonline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ftp.winprizesonline.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 27 Jul 2021 02:12:10 GMT
expires: Wed, 27 Jul 2022 02:12:10 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 6
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 33ms
14ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

727d06f38b813004baa0b6a9c96c24e2bce04b7be4c05f9486499f4250f9a772

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:16 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1627298829912756"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27995
x-xss-protection: 0
expires: Tue, 27 Jul 2021 02:12:16 GMT

GET
H2 200 greenoaks.gif Show response
ftp.winprizesonline.com/detroitchicago/ 0
65 B 35ms
34ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInRfZXBvY2giOjE2MjczNTE5MjgsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6IjIzNSJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiMTQxNSJ9LHsibmFtZSI6InBlcmZfcmVzcF90aW1lIiwidmFsIjoiMjIifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiMjUxIn0seyJuYW1lIjoicGVyZl9jb250ZW50bG9hZGVkIiwidmFsIjoiMjU3In0seyJuYW1lIjoicGVyZl9jb21wbGV0ZSIsInZhbCI6IjMwNDEifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfcGFpbnQiLCJ2YWwiOiIxNTU4In1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiZGF0YSI6W3sibmFtZSI6ImZpcnN0X2NvbnRlbnRmdWxfcGFpbnQiLCJ2YWwiOiIxNTU4In1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fZWZmZWN0aXZlX3R5cGUiLCJ2YWwiOiI0ZyJ9XX1d
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInRfZXBvY2giOjE2MjczNTE5MjgsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6IjIzNSJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiMTQxNSJ9LHsibmFtZSI6InBlcmZfcmVzcF90aW1lIiwidmFsIjoiMjIifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiMjUxIn0seyJuYW1lIjoicGVyZl9jb250ZW50bG9hZGVkIiwidmFsIjoiMjU3In0seyJuYW1lIjoicGVyZl9jb21wbGV0ZSIsInZhbCI6IjMwNDEifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfcGFpbnQiLCJ2YWwiOiIxNTU4In1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiZGF0YSI6W3sibmFtZSI6ImZpcnN0X2NvbnRlbnRmdWxfcGFpbnQiLCJ2YWwiOiIxNTU4In1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fZWZmZWN0aXZlX3R5cGUiLCJ2YWwiOiI0ZyJ9XX1d
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=d5e0954c22efe29d:T=1627351933:S=ALNI_Mb3eIAI1twjzB3sEybvSnqhoZkrlw; ezouspvv=70; ezouspva=1; ezouspvh=70
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:16 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:15 UTC

GET
H2 200 greenoaks.gif Show response
ftp.winprizesonline.com/detroitchicago/ 0
19 B 35ms
35ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjkifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9ydHQiLCJ2YWwiOiIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiZGF0YSI6W3sibmFtZSI6InRpbWVyX2ZpcnN0X2FkX2xvYWQiLCJ2YWwiOiI2ODc2In1dfV0=
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjkifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9ydHQiLCJ2YWwiOiIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiZGF0YSI6W3sibmFtZSI6InRpbWVyX2ZpcnN0X2FkX2xvYWQiLCJ2YWwiOiI2ODc2In1dfV0=
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=d5e0954c22efe29d:T=1627351933:S=ALNI_Mb3eIAI1twjzB3sEybvSnqhoZkrlw; ezouspvv=70; ezouspva=1; ezouspvh=70
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:16 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:15 UTC

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
42 B 34ms
33ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiMyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiI1MjdlNTJjMTA2MzVhYzgxMzZhNGM4NDA5NGVlNDlhOCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDcsImFkX3Bvc2l0aW9uIjoxMTEzLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDA3LCJiaWRfZmxvb3JfcHJldiI6MC4wMDIsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxODAxMjk0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1sYXJnZS1iaWxsYm9hcmQtMi0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMTMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzU1MCwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDQzNTUwIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxODAxMjk0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1sYXJnZS1iaWxsYm9hcmQtMi0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMTMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzU1MCwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiMyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiI1MjdlNTJjMTA2MzVhYzgxMzZhNGM4NDA5NGVlNDlhOCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDcsImFkX3Bvc2l0aW9uIjoxMTEzLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDA3LCJiaWRfZmxvb3JfcHJldiI6MC4wMDIsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxODAxMjk0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1sYXJnZS1iaWxsYm9hcmQtMi0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMTMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzU1MCwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDQzNTUwIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxODAxMjk0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1sYXJnZS1iaWxsYm9hcmQtMi0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMTMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzU1MCwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=d5e0954c22efe29d:T=1627351933:S=ALNI_Mb3eIAI1twjzB3sEybvSnqhoZkrlw; ezouspvv=70; ezouspva=1; ezouspvh=70
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:16 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:21 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
88 B 98ms
32ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/porpoiseant/banger.js?cb=195-2&bv=38&v=51&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 27 Jul 2021 02:12:16 GMT
cache-control: max-age=3600, public
server: nginx
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
19 B 34ms
33ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA3LTI3In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiNCJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiIyIn0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA3LTI3In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiNCJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiIyIn0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=d5e0954c22efe29d:T=1627351933:S=ALNI_Mb3eIAI1twjzB3sEybvSnqhoZkrlw; ezouspvv=70; ezouspva=1; ezouspvh=70
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:16 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:15 UTC

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
19 B 34ms
33ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImF1Y3Rpb25fZXBvY2giOjE2MjczNTE5MzcsImFkX3Bvc2l0aW9uIjoxMTEzLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiYmlkX2Zsb29yX2luaXRpYWwiOjQwMCwiYmlkX2Zsb29yX3ByZXYiOjIwMCwiYmlkX2Zsb29yX2ZpbGxlZCI6NzAsImF1Y3Rpb25fY291bnQiOjMsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjQxNCwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImF1Y3Rpb25fZXBvY2giOjE2MjczNTE5MzcsImFkX3Bvc2l0aW9uIjoxMTEzLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiYmlkX2Zsb29yX2luaXRpYWwiOjQwMCwiYmlkX2Zsb29yX3ByZXYiOjIwMCwiYmlkX2Zsb29yX2ZpbGxlZCI6NzAsImF1Y3Rpb25fY291bnQiOjMsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjQxNCwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=d5e0954c22efe29d:T=1627351933:S=ALNI_Mb3eIAI1twjzB3sEybvSnqhoZkrlw; ezouspvv=70; ezouspva=1; ezouspvh=70
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:16 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:15 UTC

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210720/r20110914/client/ Frame A546 1 KB
857 B 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210720/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com
URL: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 00:58:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4422
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 830
x-xss-protection: 0
server: cafe
etag: 3558876194914413708
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 10 Aug 2021 00:58:34 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame A546 0
0 32ms
32ms Fetch
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cg4O7gGv_YJGqHunFx_APzeOEqAG5s8OcY-KdpP-dDu2Z4bndIhABIPT5xiVg9ZXOgeAEoAHntNvxAsgBBqkC0-pTdV1Ssj7gAgCoAwHIA5sEqgTfAU_QUK3du0Z9Hzg-9jv7qfjaoqPAGsDdsfWxep8EF54LLDLtuIO2CbUVXPvvIRLeDN8JcHHQ7evY5M-S1rpw1YvgCqvkwo9FPMX66ghZH_8Pa-Mz2UifTRR6Uh2l0H2ezPJY0LSH31o2RY_9tTbPWXFUyFCcYw9TXyMbP7usgr1FeuXe9dRM1pweLfVDRb3Ger9picauPdSX_sJUWj9wAUbaWHKLF8LsCUIcHNL7h3_hG5oGQ6ggJHalyQkYzJnf_0v5cTFyWg_C_PHp9-scgXMJVE_lvpn0k0yuHBhYISDABJOJuqvMA-AEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAY3gAeBy6SOAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDdgjXSCAcIgGEQARgd8ggbYWR4LXN1YnN5bi02NTQ5MzIxMjc5MTY4MjkygAoDyAsB2BMNiBQD0BUBmBYBgBcBshcaChgIABIUcHViLTYzOTY4NDQ3NDI0OTcyMDg&sigh=AQJVf4lat1g&template_id=492
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210720/r20110914/ Frame A546 18 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210720/r20110914/abg_lite_fy2019.js

Requested by

Host: 280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com
URL: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7438cd6d98fc8e372c9a87e319ab965229ce2ba37798db808c8408f791db86ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:00:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 689
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7622
x-xss-protection: 0
server: cafe
etag: 16178317465966918049
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 10 Aug 2021 02:00:47 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210720/r20110914/client/ Frame A546 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210720/r20110914/client/window_focus_fy2019.js

Requested by

Host: 280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com
URL: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 01:50:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1325
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 10 Aug 2021 01:50:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A546 124 KB
37 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com
URL: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ee596b76772ac1263c57b05c3d05329db5e875cbcec8e917047b5d221fbb1c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:16 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1627298817379074"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38160
x-xss-protection: 0
expires: Tue, 27 Jul 2021 02:12:16 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210720/r20110914/client/ Frame A546 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210720/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com
URL: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b1a4081a8a32bc714fbb7a2509141683bc3eb707a421c0db556ed856f6d8e99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 01:03:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4152
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6195
x-xss-protection: 0
server: cafe
etag: 10716856519410487149
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 10 Aug 2021 01:03:04 GMT

GET
H2 200 4661e2b537cafc373934756b83790a75.js Show response
www.gstatic.com/mysidia/ Frame A546 26 KB
11 KB 26ms
5ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4661e2b537cafc373934756b83790a75.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com
URL: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d450db79b0f7039b6486a399d93ebe1efa7a81e0f7b1170931b8b3dddf4a31d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 13:07:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 565504
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10780
x-xss-protection: 0
last-modified: Thu, 15 Jul 2021 11:10:31 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 18 Oct 2021 13:07:12 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/6125590185027248101/ Frame A546 2 KB
2 KB 138ms
137ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6125590185027248101/downsize_200k_v1?w=100&h=100

Requested by

Host: 280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com
URL: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c970e666b3e65c1c5392d86e8a47a69162c22dab29621f8c5473afb40df22ff3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:17 GMT
x-content-type-options: nosniff
last-modified: Mon, 12 Jul 2021 08:25:50 GMT
server: sffe
x-dns-prefetch-control: off
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1643
x-xss-protection: 0
expires: Wed, 27 Jul 2022 02:12:17 GMT

GET
DATA 200
OK truncated
/ Frame A546 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ce5ab0260a7860ea167511114f1b2a1a8c5dff2b1a3885e2c2e70fb54c4e7a9

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DB76 1 KB
749 B 10ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com
URL: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 26 Jul 2021 11:56:19 GMT
expires: Tue, 27 Jul 2021 11:56:19 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 51357
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame A546 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d11b307a6c2c96de979f0d5c0d94b4753169604c396a3bc9125d48c4827a2ff4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame DB76 35 B
462 B 12ms
8ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEy3UmGPkS-w9ddsKAzS3iw&google_cver=1&google_push=AYg5qPI8t70c7Vs4StkuDsJkW0jElPXIvRTVQ9LxXD6FduMDldLg59ie2tQr_4eWpyzaVxIiM4i7EDOBfTKogNXSIWjme7re4sVM

Requested by

Host: 280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com
URL: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 27 Jul 2021 02:12:16 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame DB76
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEIAKelzbnFfRb6rmmDJqKiQ&google_push=AYg5qPJwEV-Bt1rLnwTBMxDziutcl37yT4ZT7TieJjKzUetEGnSocFigqb...

170 B
188 B

31ms
31ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEIAKelzbnFfRb6rmmDJqKiQ&google_push=AYg5qPJwEV-Bt1rLnwTBMxDziutcl37yT4ZT7TieJjKzUetEGnSocFigqbu9DEfkSn72NydJ6D_09UfQjhc1RlE5QtCTWW5Wu8cE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 27 Jul 2021 02:12:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 27 Jul 2021 02:12:17 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1627351937.081567,VS0,VE92
x-served-by: cache-fra19183-FRA
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEIAKelzbnFfRb6rmmDJqKiQ&google_push=AYg5qPJwEV-Bt1rLnwTBMxDziutcl37yT4ZT7TieJjKzUetEGnSocFigqbu9DEfkSn72NydJ6D_09UfQjhc1RlE5QtCTWW5Wu8cE
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame DB76
Redirect Chain

https://fksnk.com/cs/google?google_gid=CAESEOPn-qliMjnNZ6uayTiJtsk&google_cver=1&google_push=AYg5qPI_0i5Ydjfjfoa_l7IgVIFPbDoaM2p4bF2zMsKBdT5MvHIQKdhkWkhYXR0ZFzgiatZUoNsQ1X6sdr48QeJvw8L0nUNDEPxp
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=ODJBNUU3Mzk3MTU1NjNFQg==

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=ODJBNUU3Mzk3MTU1NjNFQg==

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 27 Jul 2021 02:12:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=ODJBNUU3Mzk3MTU1NjNFQg==
date: Tue, 27 Jul 2021 02:12:17 GMT
content-language: en-US
content-type: text/html;charset=ISO-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame DB76
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESEBJ93l7uEsunFcOMafzyvTo&google_cver=1&google_push=AYg5qPLdc1CEOUHUEwjhl0CvQJszFC0l3xtHACPgi2BwqFFYkKRm-8fXT6_ESh6D46s9QgYMeddsBzUdL3I424a9RTHduB9g9UaS
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjcwMzUzNTM3NTM0ODM1MTAwMFYxMA%3d%3d&mn_hm=MjcwMzUzNTM3NTM0ODM1MTAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPLdc1CEOUHUEwjhl0CvQJszFC0...

170 B
188 B

57ms
30ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjcwMzUzNTM3NTM0ODM1MTAwMFYxMA%3d%3d&mn_hm=MjcwMzUzNTM3NTM0ODM1MTAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPLdc1CEOUHUEwjhl0CvQJszFC0l3xtHACPgi2BwqFFYkKRm-8fXT6_ESh6D46s9QgYMeddsBzUdL3I424a9RTHduB9g9UaS&gdpr=&gdpr_consent=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 27 Jul 2021 02:12:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 27 Jul 2021 02:12:17 GMT
Server: Apache
P3P: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjcwMzUzNTM3NTM0ODM1MTAwMFYxMA%3d%3d&mn_hm=MjcwMzUzNTM3NTM0ODM1MTAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPLdc1CEOUHUEwjhl0CvQJszFC0l3xtHACPgi2BwqFFYkKRm-8fXT6_ESh6D46s9QgYMeddsBzUdL3I424a9RTHduB9g9UaS&gdpr=&gdpr_consent=
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html
Content-Length: 154
X-MNET-HL2: E
Expires: Tue, 27 Jul 2021 02:12:17 GMT

GET

pixel
cm.g.doubleclick.net/ Frame DB76
Redirect Chain

https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEFAfqZG5TVlBVq_uUUn7MLM&google_cver=1&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iK...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame DB76
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEGQidwiCAZ1v0OgIKrx_GY8&google_cver=1&google_push=AYg5qPItuoraTQmbYEZKoraqvFGPrI9RFfdYLCgRqkfVJtQ8iVjUBnpXBCSBgEfroFsaqoW5OYvBKR...
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPItuoraTQmbYEZKoraqvFGPrI9RFfdYLCgRqkfVJtQ8iVjUBnpXBCSBgEfroFsaqoW5OYvBKRz5oOgJ3Np62mlClEgqD-YI&google_hm=NzgzNTc5MT...

170 B
188 B

48ms
30ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPItuoraTQmbYEZKoraqvFGPrI9RFfdYLCgRqkfVJtQ8iVjUBnpXBCSBgEfroFsaqoW5OYvBKRz5oOgJ3Np62mlClEgqD-YI&google_hm=NzgzNTc5MTcyNTc3MjEyMTIwOQ%3D%3D

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 27 Jul 2021 02:12:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPItuoraTQmbYEZKoraqvFGPrI9RFfdYLCgRqkfVJtQ8iVjUBnpXBCSBgEfroFsaqoW5OYvBKRz5oOgJ3Np62mlClEgqD-YI&google_hm=NzgzNTc5MTcyNTc3MjEyMTIwOQ%3D%3D
date: Tue, 27 Jul 2021 02:12:16 GMT
content-length: 0

GET

pixel
cm.g.doubleclick.net/ Frame DB76
Redirect Chain

https://ads.avads.net/sync/ggl?google_gid=CAESEOdOKDJJvx7ghIkM74yyMA8&google_cver=1&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f
https://ads.avads.net/sync/ggl?google_gid=CAESEOdOKDJJvx7ghIkM74yyMA8&google_cver=1&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f&...
https://ads.avads.net/sync/ggl?google_gid=CAESEOdOKDJJvx7ghIkM74yyMA8&google_cver=1&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G...

0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame DB76 0
253 B 87ms
29ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13ID6gIbs-ozXmG4zb_FvB2OBwcbTPKkAOrTkXsqM7onFsQkLkZ065Y3_e2zaz_7_rw-dFHH7g

Requested by

Host: 280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com
URL: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:17 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012107200040000/ Frame E24E 188 KB
55 KB 29ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107200040000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d51b5c14fd6455affd3baceb0d2015c532566645fd80f645260c803a8b0f1c57

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32630
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55196
x-xss-protection: 0
server: sffe
date: Mon, 26 Jul 2021 17:08:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9a8830a242785ad6"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 17:08:27 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012107200040000/v0/ Frame E24E 13 KB
5 KB 40ms
17ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107200040000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b4f1f72b78c93a6cdf32fbce758cc76e353e589296975f8491a265167cfdb0c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32630
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4808
x-xss-protection: 0
server: sffe
date: Mon, 26 Jul 2021 17:08:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "82cb572e3b54d217"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 17:08:27 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012107200040000/v0/ Frame E24E 87 KB
27 KB 40ms
18ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107200040000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

695be856611d9d209b70e4b7356594bd123af15d79843a3711289bf90e3525b1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32630
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27828
x-xss-protection: 0
server: sffe
date: Mon, 26 Jul 2021 17:08:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "2309f93374d1f64f"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 17:08:27 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012107200040000/v0/ Frame E24E 4 KB
2 KB 41ms
19ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107200040000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0c3f2e5825816bcac42e686f0c3aa76e1aa566f71a437d8768702d4a3a45875

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32630
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1648
x-xss-protection: 0
server: sffe
date: Mon, 26 Jul 2021 17:08:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0ef177dade489237"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 17:08:27 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012107200040000/v0/ Frame E24E 40 KB
13 KB 42ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107200040000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

172ecde3db13e66cf99995d63de308e2d6e3fdeb1a99dfaeec136f4862eb1573

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32630
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12831
x-xss-protection: 0
server: sffe
date: Mon, 26 Jul 2021 17:08:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "896e0bc3d66ccdf5"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 17:08:27 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame E24E 6 KB
765 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 27 Jul 2021 01:17:48 GMT
server: ESF
date: Tue, 27 Jul 2021 02:12:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 27 Jul 2021 02:12:17 GMT

GET
H3-29 200 6592766407814317453
tpc.googlesyndication.com/simgad/7585056219952971289/ Frame E24E 34 KB
34 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7585056219952971289/6592766407814317453

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2021ce8b6633919f07c682ceb6cc4aafb6ae85ebc656bb0b91df9a0ef31398bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 13:10:26 GMT
x-content-type-options: nosniff
age: 46911
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34432
x-xss-protection: 0
last-modified: Mon, 12 Jul 2021 07:59:11 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 13:10:26 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/652503062678389469/ Frame E24E 2 KB
2 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/652503062678389469/downsize_200k_v1?w=100&h=100

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8bff9ec3a2c218db516f668f50f0b70958136d28892dc840bc0544a20ef7d61b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 09:58:35 GMT
x-content-type-options: nosniff
age: 576822
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1911
x-xss-protection: 0
last-modified: Wed, 13 Mar 2019 08:45:00 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Jul 2022 09:58:35 GMT

GET
DATA 200
OK truncated
/ Frame E24E 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame E24E 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8eef2f9e8de713e7de3a005aa33892d0219eedd3b2bcc7e9dd6ff3e87a7ae853

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E24E 2 KB
2 KB 8ms
7ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 26 Jul 2021 15:34:33 GMT
x-content-type-options: nosniff
server: cafe
age: 38264
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 27 Jul 2021 15:34:33 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E24E 295 B
319 B 7ms
7ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 26 Jul 2021 12:37:33 GMT
x-content-type-options: nosniff
server: cafe
age: 48884
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 27 Jul 2021 12:37:33 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame E24E 0
0 39ms
37ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CxDGbgGv_YLjBG474-gb9446wCfeJtbRj0Ia7vvoNuNfvjaQTEAEg9PnGJWD1lc6B4ASgAaSsnMkDyAEJqQLT6lN1XVKyPuACAKgDAcgDCqoE4AFP0Fu23qOAv9zhnTAWpyMSdOTQvDcov3ymhGvpw01WtLxaxvGEsfY5yNdogy6Bnzfh9Sn6I5Hez2yCoHHT3qH6jLd_2FgJhBG7BFVobMlytvxzDLQJ2X_F88i0ONlrOEFA2Vh7QMrqCGhVs3UafUKb3xZonG-9BW-OHOMWJfVpUHCle1rZOm-pEHHTfVLSr83-rYt9I3p6j1KKHprOBnsWqHsaNkTV-1Zj2JEeOwkXqZsj92z4-n_tc3Kkq_af7YpRbWtuPX7tF8H-k5O7CVjjM1QYWs7U0gwxZ_tVdt7Hw8AEr8Hmy4sC4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB8TT4zaoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwUQ-NX_AdIIBwiAYRABGB3yCBthZHgtc3Vic3luLTY1NDkzMjEyNzkxNjgyOTKACgPICwHYEw2IFAHQFQGYFgGAFwGyFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=5qB8mNvkDwY&template_id=484
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
42 B 35ms
34ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgxNjg5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiMyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgxNjg5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiI5ZTBhMWNlNWIyNDU1Y2I5YjQ4ZDVkZjRjNmJmNDA1MyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgxNjg5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMzUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDM1LCJiaWRfZmxvb3JfcHJldiI6MC4wMDUsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxODE2ODk0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4NSwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTg1In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxODE2ODk0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4NSwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgxNjg5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiMyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgxNjg5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiI5ZTBhMWNlNWIyNDU1Y2I5YjQ4ZDVkZjRjNmJmNDA1MyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgxNjg5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMzUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDM1LCJiaWRfZmxvb3JfcHJldiI6MC4wMDUsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxODE2ODk0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4NSwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTg1In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxODE2ODk0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4NSwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=625198380ef21651:T=1627351933:S=ALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ; ezouspvv=420; ezouspva=2; ezouspvh=350
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:17 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:16 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
40 B 33ms
32ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/porpoiseant/banger.js?cb=195-2&bv=38&v=51&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 27 Jul 2021 02:12:17 GMT
cache-control: max-age=3600, public
server: nginx
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
42 B 34ms
33ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgxNjg5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA3LTI3In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiNCJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiIyIn0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgxNjg5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA3LTI3In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiNCJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiIyIn0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=625198380ef21651:T=1627351933:S=ALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ; ezouspvv=420; ezouspva=2; ezouspvh=350
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:17 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:15 UTC

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
19 B 35ms
34ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTgxNjg5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImF1Y3Rpb25fZXBvY2giOjE2MjczNTE5MzcsImFkX3Bvc2l0aW9uIjoxMTAwLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiYmlkX2Zsb29yX2luaXRpYWwiOjEwMDAsImJpZF9mbG9vcl9wcmV2Ijo1MDAsImJpZF9mbG9vcl9maWxsZWQiOjM1MCwiYXVjdGlvbl9jb3VudCI6MywicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6MjE3NCwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTgxNjg5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImF1Y3Rpb25fZXBvY2giOjE2MjczNTE5MzcsImFkX3Bvc2l0aW9uIjoxMTAwLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiYmlkX2Zsb29yX2luaXRpYWwiOjEwMDAsImJpZF9mbG9vcl9wcmV2Ijo1MDAsImJpZF9mbG9vcl9maWxsZWQiOjM1MCwiYXVjdGlvbl9jb3VudCI6MywicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6MjE3NCwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=625198380ef21651:T=1627351933:S=ALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ; ezouspvv=420; ezouspva=2; ezouspvh=350
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:17 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:16 UTC

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame E24E 15 KB
16 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ftp.winprizesonline.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 12:00:01 GMT
x-content-type-options: nosniff
age: 569536
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Jul 2022 12:00:01 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame E24E 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ftp.winprizesonline.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 01:45:21 GMT
x-content-type-options: nosniff
age: 1616
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 01:45:21 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 52 KB
12 KB 1435ms
1435ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1503229515504863&correlator=3745266303776677&output=ldjh&impl=fifs&eid=31062009%2C31061842%2C20211866&vrg=2021072402&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210727&iu_parts=1254144%2Cwinprizesonline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C250x250%7C336x280%7C320x50%7C468x60%7C580x400%7C125x125%7C300x250%7C320x100%7C120x240%7C200x200%7C180x150%7C234x60&fluid=height&ris=2&rcs=3&prev_scp=a%3D%257C251%257C%26iid19%3D1832644%26eid%3D4570908922087774802%26t%3D134%26d%3D164040%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinprizesonline_com-box-1-1832644%26eb_br%3D2e8b8c60843e52e5aaa1e3a52287a2bb%26eba%3D1%26ebss%3D10061%26asau%3D2260528807%26bv%3D23%26bvm%3D0%26bvr%3D3%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D8%26br2%3D700%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%2C0%2C28%2C27%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C815%2C817%2C899%2C919%2C774%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%2C1428%26lb%3D80%26reqt%3D1627351937689&eri=1&cookie=ID%3D625198380ef21651%3AT%3D1627351933%3AS%3DALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ&bc=31&abxe=1&lmt=1627351937&dt=1627351937694&dlt=1627351929972&idt=371&frm=20&biw=1600&bih=1200&oid=3&adxs=1074&adys=289&adks=1344008380&ucis=e&ifi=14&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fftp.winprizesonline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1037067233.1627351930&ga_sid=1627351930&ga_hid=794578872&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

12dcdac6e5888cf653b6f539b52a40d5480d0c745fdb3889b5d19a814bcd34d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11990
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ftp.winprizesonline.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 greenoaks.gif Show response
ftp.winprizesonline.com/detroitchicago/ 0
19 B 35ms
35ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjEzNTA4MCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiI0In0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjIyMjM4MCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfZG9jX2NvdW50IiwidmFsIjoiNCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfcHgiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJ2aWV3cG9ydF9zaXplIiwidmFsIjoiMTYwMHgxMjAwIn0seyJuYW1lIjoidmlld3BvcnRfcHgiLCJ2YWwiOiIxOTIwMDAwIn0seyJuYW1lIjoiZG9jX3B4IiwidmFsIjoiNzM0ODgwMCJ9LHsibmFtZSI6ImRvY19oZWlnaHQiLCJ2YWwiOiI0NTkzIn1dfV0=
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjEzNTA4MCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiI0In0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjIyMjM4MCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfZG9jX2NvdW50IiwidmFsIjoiNCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfcHgiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJ2aWV3cG9ydF9zaXplIiwidmFsIjoiMTYwMHgxMjAwIn0seyJuYW1lIjoidmlld3BvcnRfcHgiLCJ2YWwiOiIxOTIwMDAwIn0seyJuYW1lIjoiZG9jX3B4IiwidmFsIjoiNzM0ODgwMCJ9LHsibmFtZSI6ImRvY19oZWlnaHQiLCJ2YWwiOiI0NTkzIn1dfV0=
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=625198380ef21651:T=1627351933:S=ALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ; ezouspvv=420; ezouspva=2; ezouspvh=350
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:17 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:16 UTC

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A546 42 B
64 B 33ms
19ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu57ctOds4h9dC06c8Ds9rtuoVlHb_4_CDq6iLlqKY7l_4BBdsr2yQELypEcvBJfSYKmnNM7tOWdwrMaX3PkBt6d-aQbhRKTqNPsKOzPHUxJB7SyV3q03QXvZM&sai=AMfl-YSKd2D-Ogtz1yi_KNeBBZ25xhVzDSloav-NvJzL1M0tO8vpHhqF7n5mnf9waRMRaxR5dTY3slYqJOa6Qo2RgMiz4o04883Qnw3JVji6GEFWYvI6rsPTJDIJA1aK&sig=Cg0ArKJSzKO2zJ1TvzQOEAE&cid=CAASFeRoEIoej6d81RDkBen76tV0LJmuVw&id=lidar2&mcvt=1000&p=576,1074,676,1394&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210726&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=3892968019&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1627351936840&dlt=18&rpt=142&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 27 Jul 2021 02:12:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
42 B 34ms
34ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTExMywiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTExMywiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=625198380ef21651:T=1627351933:S=ALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ; ezouspvv=420; ezouspva=2; ezouspvh=350
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:18 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:16 UTC

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
42 B 33ms
33ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIzMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIzMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIxMzMifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE4MTY4OTQiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5wcml6ZXNvbmxpbmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTg1LCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMjQxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIzMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIzMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIxMzMifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE4MTY4OTQiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5wcml6ZXNvbmxpbmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTg1LCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMjQxIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=625198380ef21651:T=1627351933:S=ALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ; ezouspvv=420; ezouspva=2; ezouspvh=350
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:18 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:22 UTC

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
19 B 35ms
35ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjIzMCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMjA0In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjEwNzQifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjI4OSJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE4MDEyOTQiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5wcml6ZXNvbmxpbmVfY29tLWxhcmdlLWJpbGxib2FyZC0yLTAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJhZF9wb3NpdGlvbiI6MTExMywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTUwLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIxMDc0In0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiI1NzYifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxODE2ODk0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4NSwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTEwNCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoidHJ1ZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjIzMCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMjA0In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjEwNzQifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjI4OSJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE4MDEyOTQiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5wcml6ZXNvbmxpbmVfY29tLWxhcmdlLWJpbGxib2FyZC0yLTAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJhZF9wb3NpdGlvbiI6MTExMywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTUwLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIxMDc0In0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiI1NzYifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxODE2ODk0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4NSwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTEwNCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoidHJ1ZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=625198380ef21651:T=1627351933:S=ALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ; ezouspvv=420; ezouspva=2; ezouspvh=350
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:18 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:16 UTC

GET
H3-29 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
168 B 616ms
616ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1503229515504863&correlator=1041205661886851&output=ldjh&impl=fifs&eid=31062009%2C31061842%2C20211866&vrg=2021072402&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210727&iu_parts=1254144%2Cwinprizesonline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60&ris=2&rcs=4&prev_scp=a%3D%257C6%257C%26iid18%3D1761844%26eid%3D6307843445959752993%26t%3D134%26d%3D164040%26t1%3D134%26pvc%3D0%26ap%3D1111%26sap%3D1111%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinprizesonline_com-box-2-1761844%26eb_br%3D3530fcb6bcc13dc3c1712eaef7d92700%26eba%3D1%26ebss%3D10061%26asau%3D2260528807%26bv%3D0%26bvm%3D1%26bvr%3D6%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D160%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C14%2C28%2C67%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C815%2C817%2C899%2C919%2C774%2C20%2C20%2C20%2C17%2C20%26lb%3D180%26reqt%3D1627351937242&eri=1&cookie=ID%3D625198380ef21651%3AT%3D1627351933%3AS%3DALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ&bc=31&abxe=1&lmt=1627351938&dt=1627351938247&dlt=1627351929972&idt=371&frm=20&biw=1600&bih=1200&oid=3&adxs=230&adys=204&adks=2013700999&ucis=f&ifi=15&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fftp.winprizesonline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=468x60&msz=468x60&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1037067233.1627351930&ga_sid=1627351930&ga_hid=794578872&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

d070338215ba7b542d7c58404950819f75ccd3727e8725a02c36aefa0b7559b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:18 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ftp.winprizesonline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
19 B 34ms
33ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMjAsMTAwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMjAsMTAwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgwMTI5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=625198380ef21651:T=1627351933:S=ALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ; ezouspvv=420; ezouspva=2; ezouspvh=350
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:18 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:16 UTC

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame E24E 42 B
64 B 19ms
19ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstFQ9YaReJLf9zP2a40OZL8UZ9R1FWOWdG7lDUYCK3ErhobXe0GayrTHSecCjFaqRIiTTz0IsnUI-cOuD1EddSXe6fV32jgfN4fCWA2ZlIVVdJ415jjvS2nbp5RYRnT6T88n-SVUMfuCcz9rxzTvw&sai=AMfl-YT6cYCNlppOAJOTzbKzG1UiCAEVHYxYCPx01JbbybXNCiQXBwz3hzq94PxJiWaq-dfEmwMCVrHG3AtFNrOQkqj6x3hBE3I96StzBmOBiJGJUfpR1TV_9UKOysQ&sig=Cg0ArKJSzN34-ft9-h_DEAE&cid=CAASFeRoXCIpCGnIU90RVa9sPuDfOxSdRA&id=ampim&o=315,1110&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=78&tls=1078&g=100&h=100&tt=1078&r=v&avms=ampa&adk=4148406872

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 27 Jul 2021 02:12:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
47 B 34ms
34ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgxNjg5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgxNjg5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=625198380ef21651:T=1627351933:S=ALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ; ezouspvv=420; ezouspva=2; ezouspvh=350
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:18 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:17 UTC

GET
H3-29 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
122 B 18ms
17ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
169 B 423ms
422ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1503229515504863&correlator=3508418974866787&output=ldjh&impl=fifs&eid=31062009%2C31061842%2C20211866&vrg=2021072402&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210727&iu_parts=1254144%2Cwinprizesonline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60&ris=1&rcs=5&prev_scp=a%3D%257C6%257C%26iid18%3D1761844%26eid%3D6307843445959752993%26t%3D134%26d%3D164040%26t1%3D134%26pvc%3D0%26ap%3D1111%26sap%3D1111%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinprizesonline_com-box-2-1761844%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10061%26asau%3D2260528807%26bv%3D0%26bvm%3D1%26bvr%3D6%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D140%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C14%2C28%2C67%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C815%2C817%2C899%2C919%2C774%2C20%2C20%2C20%2C17%2C20%2C17%2C20%26lb%3D160%26reqt%3D1627351938873&eri=1&cookie=ID%3D625198380ef21651%3AT%3D1627351933%3AS%3DALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ&bc=31&abxe=1&lmt=1627351938&dt=1627351938878&dlt=1627351929972&idt=371&frm=20&biw=1600&bih=1200&oid=3&adxs=230&adys=204&adks=2013700999&ucis=g&ifi=16&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fftp.winprizesonline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=468x60&msz=468x60&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1037067233.1627351930&ga_sid=1627351930&ga_hid=794578872&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

761b26458cbd0a36a0487cbcc23b5973fa2e643882224fa16f2142e8e04296cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:19 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 140
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ftp.winprizesonline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
65 B 33ms
33ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgxNjg5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils5NzAsOTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxODE2ODk0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4NSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxODE2ODk0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4NSwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIxMjIifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgxNjg5NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils5NzAsOTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxODE2ODk0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4NSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxODE2ODk0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4NSwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIxMjIifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=625198380ef21651:T=1627351933:S=ALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ; ezouspvv=420; ezouspva=2; ezouspvh=350
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:19 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:23 UTC

GET
H3-29 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012107200040000/ Frame 28D5 188 KB
54 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107200040000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d51b5c14fd6455affd3baceb0d2015c532566645fd80f645260c803a8b0f1c57

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32632
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55196
x-xss-protection: 0
server: sffe
date: Mon, 26 Jul 2021 17:08:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9a8830a242785ad6"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 17:08:27 GMT

GET
H3-29 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012107200040000/v0/ Frame 28D5 13 KB
5 KB 31ms
16ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107200040000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b4f1f72b78c93a6cdf32fbce758cc76e353e589296975f8491a265167cfdb0c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32632
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4808
x-xss-protection: 0
server: sffe
date: Mon, 26 Jul 2021 17:08:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "82cb572e3b54d217"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 17:08:27 GMT

GET
H3-29 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012107200040000/v0/ Frame 28D5 87 KB
27 KB 31ms
16ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107200040000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

695be856611d9d209b70e4b7356594bd123af15d79843a3711289bf90e3525b1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32632
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27828
x-xss-protection: 0
server: sffe
date: Mon, 26 Jul 2021 17:08:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "2309f93374d1f64f"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 17:08:27 GMT

GET
H3-29 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012107200040000/v0/ Frame 28D5 4 KB
2 KB 30ms
15ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107200040000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0c3f2e5825816bcac42e686f0c3aa76e1aa566f71a437d8768702d4a3a45875

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32632
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1648
x-xss-protection: 0
server: sffe
date: Mon, 26 Jul 2021 17:08:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0ef177dade489237"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 17:08:27 GMT

GET
H3-29 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012107200040000/v0/ Frame 28D5 40 KB
13 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107200040000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

172ecde3db13e66cf99995d63de308e2d6e3fdeb1a99dfaeec136f4862eb1573

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32632
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12831
x-xss-protection: 0
server: sffe
date: Mon, 26 Jul 2021 17:08:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "896e0bc3d66ccdf5"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 17:08:27 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 28D5 3 KB
578 B 23ms
22ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 27 Jul 2021 01:14:03 GMT
server: ESF
date: Tue, 27 Jul 2021 02:12:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 27 Jul 2021 02:12:19 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 28D5 2 KB
2 KB 6ms
5ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 26 Jul 2021 15:34:33 GMT
x-content-type-options: nosniff
server: cafe
age: 38266
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 27 Jul 2021 15:34:33 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 28D5 295 B
320 B 6ms
6ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 26 Jul 2021 12:37:33 GMT
x-content-type-options: nosniff
server: cafe
age: 48886
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 27 Jul 2021 12:37:33 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/7585056219952971289/ Frame 28D5 31 KB
31 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7585056219952971289/downsize_200k_v1?w=600&h=314

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df51d85599611278accf110769a453f62c2c4b04cb2f7769e9750869e2fa8363

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 10:53:33 GMT
x-content-type-options: nosniff
age: 55126
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31239
x-xss-protection: 0
last-modified: Mon, 12 Jul 2021 07:57:20 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 10:53:33 GMT

GET
DATA 200
OK truncated
/ Frame 28D5 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0cc7088b335b30f7b1fa0903bc8aa143b11cb8408032d62d28d5ab768cc68c88

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 28D5 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a74aec571efc5b9327caff6b96b9e070ce969c1eee876ed0840e6df23a7fd0e1

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 28D5 0
0 33ms
32ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C_BergWv_YNHoLZWX-ga17IXAD_eJtbRj0Ia7vvoNuNfvjaQTEAEg9PnGJWD1lc6B4ASgAaSsnMkDyAEJqQLOYfDlG1KyPuACAKgDAcgDCqoE4QFP0DBKsZ4TnQgqUowFrazALxvJEixJD005JB43pJD5IaH3zwnqDCtsNF-I4XUA84aRQuHoEnIyAQEDarTKxv_gil-DgIgLS2w8eyjkBsop0zSboWXzg0b7dRj-3th1RRdjXp56FPuiOxbSUlzFGExMESGyajHSjvUCn5jm7tIwbOxiqUjriqk4TnU0LS6ZVUnMUttEpazScodPxW4kzUqP7OmwFdijqaWpBvBfPL4_SWk_scpO2tFxVu5ykol7NdvtHBpZXOgO4QTdU7EeC2AJecDfZ1wxVPy5ZeuXLiewb1DABK_B5suLAuAEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfE0-M2qAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEN3KFNIIBwiAYRABGB3yCBthZHgtc3Vic3luLTY1NDkzMjEyNzkxNjgyOTKACgPICwG4E4gn2BMNiBQB0BUBmBYBgBcBshcaChgIABIUcHViLTYzOTY4NDQ3NDI0OTcyMDg&sigh=Dw_vgExiCSE&template_id=5000
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
19 B 40ms
34ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiIyZThiOGM2MDg0M2U1MmU1YWFhMWUzYTUyMjg3YTJiYiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDA4LCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDgsImJpZF9mbG9vcl9wcmV2IjowLjAwMDgsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxODMyNjQ0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTkxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxODMyNjQ0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiIyZThiOGM2MDg0M2U1MmU1YWFhMWUzYTUyMjg3YTJiYiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDA4LCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDgsImJpZF9mbG9vcl9wcmV2IjowLjAwMDgsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxODMyNjQ0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTkxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxODMyNjQ0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=625198380ef21651:T=1627351933:S=ALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ; ezouspvh=350; ezouspvv=428; ezouspva=3
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:19 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:23 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
40 B 38ms
31ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/porpoiseant/banger.js?cb=195-2&bv=38&v=51&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 27 Jul 2021 02:12:19 GMT
cache-control: max-age=3600, public
server: nginx
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
19 B 40ms
34ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA3LTI3In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiNCJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiIyIn0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA3LTI3In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiNCJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiIyIn0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=625198380ef21651:T=1627351933:S=ALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ; ezouspvh=350; ezouspvv=428; ezouspva=3
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:19 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:17 UTC

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
42 B 39ms
34ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImF1Y3Rpb25fZXBvY2giOjE2MjczNTE5MzksImFkX3Bvc2l0aW9uIjoxMTEyLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiYmlkX2Zsb29yX2luaXRpYWwiOjQ1MCwiYmlkX2Zsb29yX3ByZXYiOjgwLCJiaWRfZmxvb3JfZmlsbGVkIjo4LCJhdWN0aW9uX2NvdW50Ijo0LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjoxNDUwLCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0=
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImF1Y3Rpb25fZXBvY2giOjE2MjczNTE5MzksImFkX3Bvc2l0aW9uIjoxMTEyLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiYmlkX2Zsb29yX2luaXRpYWwiOjQ1MCwiYmlkX2Zsb29yX3ByZXYiOjgwLCJiaWRfZmxvb3JfZmlsbGVkIjo4LCJhdWN0aW9uX2NvdW50Ijo0LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjoxNDUwLCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0=
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=625198380ef21651:T=1627351933:S=ALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ; ezouspvh=350; ezouspvv=428; ezouspva=3
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:19 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:20 UTC

GET
H3-29 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 28D5 21 KB
21 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ftp.winprizesonline.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 02:22:18 GMT
x-content-type-options: nosniff
age: 604201
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Jul 2022 02:22:18 GMT

GET
H3-29 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 28D5 21 KB
21 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ftp.winprizesonline.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 13:46:22 GMT
x-content-type-options: nosniff
age: 563157
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Jul 2022 13:46:22 GMT

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 28D5 42 B
64 B 22ms
21ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstw0mv19annZWhQROIvQQG4iE1VzTtatjj9yEfvaNN7N7VOTwPyWuVMUoTXfK9ybwW_dt7e0LNHrYBj98rz737LmsHuuZJx62T8uVNdqjYyQzet03UG8AOw-7zO1lrsuKI0sjAhDVMQVeYeFWbT_A&sai=AMfl-YSoeYKCUKzeMx-Vu-0qk5WVkBLN48oozSGvzzXpYGZKSSNdD-V_GMr5cDMJz83IDurD0s2yJivG3N7pxhDlOCqmnwxH_uWLXARqVfskblJSBYUexxnbCZyJa2A&sig=Cg0ArKJSzJgqhYp-MiLaEAE&cid=CAASFeRoQy2wkYc8soKnrFcyGz2VQluwyw&id=ampim&o=1074,289&d=580,400&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=42&tls=1042&g=90.68965315818787&h=90.68965315818787&tt=1042&r=v&avms=ampa&adk=1344008380

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 27 Jul 2021 02:12:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
65 B 33ms
33ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=625198380ef21651:T=1627351933:S=ALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ; ezouspvh=350; ezouspvv=428; ezouspva=3
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:20 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:18 UTC

GET
H3-29 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
168 B 400ms
400ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1503229515504863&correlator=4218314166414511&output=ldjh&impl=fifs&eid=31062009%2C31061842%2C20211866&vrg=2021072402&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210727&iu_parts=1254144%2Cwinprizesonline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60&ris=2&rcs=6&prev_scp=a%3D%257C6%257C%26iid18%3D1761844%26eid%3D6307843445959752993%26t%3D134%26d%3D164040%26t1%3D134%26pvc%3D0%26ap%3D1111%26sap%3D1111%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinprizesonline_com-box-2-1761844%26eb_br%3D58ef7bddb438af5e257c4377f32c243a%26eba%3D1%26ebss%3D10061%26asau%3D2260528807%26bv%3D0%26bvm%3D1%26bvr%3D6%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D120%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C14%2C28%2C67%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C815%2C817%2C899%2C919%2C774%2C20%2C20%2C20%2C17%2C20%2C17%2C20%2C17%2C20%26lb%3D140%26reqt%3D1627351939390&eri=1&cookie=ID%3D625198380ef21651%3AT%3D1627351933%3AS%3DALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ&bc=31&abxe=1&lmt=1627351940&dt=1627351940394&dlt=1627351929972&idt=371&frm=20&biw=1600&bih=1200&oid=3&adxs=230&adys=204&adks=2013700999&ucis=h&ifi=17&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fftp.winprizesonline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=468x60&msz=468x60&ga_vid=1037067233.1627351930&ga_sid=1627351930&ga_hid=794578872&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

b63a4da21a81ca953f9f391957659a2e3fa04685c2b4f58763546253c8e48a17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ftp.winprizesonline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
19 B 40ms
40ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils1ODAsNDAwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils1ODAsNDAwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTgzMjY0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMjAifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezux_lpl_164040=1627351933033|2283d362-0b07-42c8-50d2-cbc6f00e7718|false; __gads=ID=625198380ef21651:T=1627351933:S=ALNI_MbUBwYcamkfYgCEtTy8pn2AUS9wmQ; ezouspvh=350; ezouspvv=428; ezouspva=3
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:20 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:22 UTC

GET
H2 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
165 B 16ms
15ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
14ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ftp.winprizesonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 27 Jul 2021 02:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 45 KB
11 KB 403ms
403ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1503229515504863&correlator=2340443972043873&output=ldjh&impl=fifs&eid=31062009%2C31061842%2C20211866&vrg=2021072402&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210727&iu_parts=1254144%2Cwinprizesonline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60&ris=1&rcs=7&prev_scp=a%3D%257C6%257C%26iid18%3D1761844%26eid%3D6307843445959752993%26t%3D134%26d%3D164040%26t1%3D134%26pvc%3D0%26ap%3D1111%26sap%3D1111%26as%3Drevenue%26plat%3D1%26bra%3Dmod1-c%26ic%3D8%26at%3Dbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinprizesonline_com-box-2-1761844%26eb_br%3Dzero%26eba%3D1%26ebss%3D10061%26asau%3D2260528807%26bv%3D0%26bvm%3D1%26bvr%3D6%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D0%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C14%2C28%2C67%2C45%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C815%2C817%2C899%2C919%2C774%2C20%2C20%2C20%2C17%2C20%2C17%2C20%2C17%2C20%2C17%2C18%2C19%2C20%2C1428%26lb%3D120%26reqt%3D1627351940897%26ss38%3D1%26ss9%3D1&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1627351940&dt=1627351940901&dlt=1627351929972&idt=371&frm=20&biw=1600&bih=1200&oid=3&adxs=230&adys=204&adks=2013700999&ucis=i&ifi=18&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fftp.winprizesonline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=468x60&msz=468x60&ga_vid=1037067233.1627351930&ga_sid=1627351930&ga_hid=794578872&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

7e1fdcd8cc1bc40f33974a7c5ddaebecd97bcc4c6795cc72f161c40b0364b7a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11096
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ftp.winprizesonline.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012107200040000/ Frame 270B 188 KB
54 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107200040000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d51b5c14fd6455affd3baceb0d2015c532566645fd80f645260c803a8b0f1c57

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32634
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55196
x-xss-protection: 0
server: sffe
date: Mon, 26 Jul 2021 17:08:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9a8830a242785ad6"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 17:08:27 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012107200040000/v0/ Frame 270B 13 KB
5 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107200040000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b4f1f72b78c93a6cdf32fbce758cc76e353e589296975f8491a265167cfdb0c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32634
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4808
x-xss-protection: 0
server: sffe
date: Mon, 26 Jul 2021 17:08:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "82cb572e3b54d217"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 17:08:27 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012107200040000/v0/ Frame 270B 87 KB
27 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107200040000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

695be856611d9d209b70e4b7356594bd123af15d79843a3711289bf90e3525b1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32634
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27828
x-xss-protection: 0
server: sffe
date: Mon, 26 Jul 2021 17:08:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "2309f93374d1f64f"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 17:08:27 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012107200040000/v0/ Frame 270B 4 KB
2 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107200040000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0c3f2e5825816bcac42e686f0c3aa76e1aa566f71a437d8768702d4a3a45875

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32634
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1648
x-xss-protection: 0
server: sffe
date: Mon, 26 Jul 2021 17:08:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0ef177dade489237"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 17:08:27 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012107200040000/v0/ Frame 270B 40 KB
13 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107200040000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

172ecde3db13e66cf99995d63de308e2d6e3fdeb1a99dfaeec136f4862eb1573

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32634
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12831
x-xss-protection: 0
server: sffe
date: Mon, 26 Jul 2021 17:08:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "896e0bc3d66ccdf5"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 17:08:27 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 270B 4 KB
713 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=de

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 27 Jul 2021 01:18:59 GMT
server: ESF
date: Tue, 27 Jul 2021 02:12:21 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 27 Jul 2021 02:12:21 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 270B 4 KB
690 B 24ms
24ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 27 Jul 2021 01:14:30 GMT
server: ESF
date: Tue, 27 Jul 2021 02:12:21 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 27 Jul 2021 02:12:21 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 270B 2 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 26 Jul 2021 15:34:33 GMT
x-content-type-options: nosniff
server: cafe
age: 38268
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 27 Jul 2021 15:34:33 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 270B 295 B
568 B 6ms
6ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072402.js?31062009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 26 Jul 2021 12:37:33 GMT
x-content-type-options: nosniff
server: cafe
age: 48888
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 27 Jul 2021 12:37:33 GMT

GET
DATA 200
OK truncated
/ Frame 270B 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c486476b35b1d7fa316cc13d9ebda9c4e7a7cd3228b03127f1d9cfa32f6d38a6

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/3002619791242860206/ Frame 270B 3 KB
3 KB 148ms
148ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3002619791242860206/downsize_200k_v1?sqp=4sqPyQSSAUKPAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhYIPBA8GAEgAS0AAAA_MDw4PEUAAIA_&rs=AOga4qmMdCKVwv5yv9tJZVMjyssiOzHWEw

Requested by

Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2247277068c6498567cc1c5938fcd478cf368e8e629b77c703b9ead34ca2fbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:21 GMT
x-content-type-options: nosniff
last-modified: Wed, 03 Feb 2021 08:33:40 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2705
x-xss-protection: 0
expires: Wed, 27 Jul 2022 02:12:21 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 270B 0
0 32ms
31ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CDoIohGv_YO_EOsblgAeVqKKgAceio-xj8cX_wKMNrZeDu5QOEAEg9PnGJWD1lc6B4ASgAYmJ9o0DyAEGqQJ1QeCqTc2zPuACAKgDAcgDCqoE3wFP0JNa9ABJa92mUlD6GzkWf13lJlPrswstX-huLXJMWc8fFlmIqX2NUprCvqJTFthObFpxpGGRK4v5KaTxgg7h0cuycfhU6uueYIgxOg66aFJmPfqnV_bmyy9nQuGECjY7utCWPE6ETX153XvNao_xn7qDfGXSJ8g3bLT3wWTVg3cg424V2ic8zB07u42DEyqyrUDeuZIEsgy5liq9wS7HCknYSCl5FwtFgCmYRpRDw8JaEkLRh3mROWO5SJfWbcPEvIOjOb-9sOa6Zp0-oJPJcteDhSvjVmXbujcUsj2lwASM9L65jQPgBAGSBQQIBBgBkgUECAUYBKAGN4AH3_aJcqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDc-wTSCAcIiGEQARgd8ggbYWR4LXN1YnN5bi02NTQ5MzIxMjc5MTY4MjkygAoDyAsB2BMNiBQC0BUBmBYBgBcBshcaChgIABIUcHViLTYzOTY4NDQ3NDI0OTcyMDg&sigh=gIpNhZ9pZ7w&template_id=492
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 204 l
www.google.com/ads/measurement/ Frame 270B 0
0 14ms
13ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQD59DL2vDzQpEiM_TXf-O77Lse1QjwOrFc00zFTyzsbhkzeJN5-zn4nocDAFlwc_hznSL_HT5pkgdAwHU9FXs4yTeUIA
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
19 B 34ms
34ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI4In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxNzYxODQ0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMTEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiemVybyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMTEsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAxMiwic3RhdF9zb3VyY2VfaWQiOjM1LCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MjQ2MTA1ODQyIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxNzYxODQ0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMTEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiI0ODE3NzM1NDIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI4In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxNzYxODQ0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMTEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiemVybyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMTEsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAxMiwic3RhdF9zb3VyY2VfaWQiOjM1LCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MjQ2MTA1ODQyIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxNzYxODQ0IiwiZG9tYWluX2lkIjoiMTY0MDQwIiwidW5pdCI6ImRpdi1ncHQtYWQtd2lucHJpemVzb25saW5lX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyNzM1MTkyOCwiYWRfcG9zaXRpb24iOjExMTEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiI0ODE3NzM1NDIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma: no-cache
cookie: __gads=ID=277d1c2776519ee1-22a0430c8ec80090:T=1627351940:S=ALNI_MbIkILMDQUmWMaCG5RlbUiqSraEGQ; ezouspvv=0; ezouspva=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:21 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:20 UTC

GET
H2 200 4817735420 Show response
g.ezoic.net/dac/ 0
40 B 33ms
32ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/4817735420
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/porpoiseant/banger.js?cb=195-2&bv=38&v=51&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 27 Jul 2021 02:12:21 GMT
cache-control: max-age=3600, public
server: nginx
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
65 B 33ms
33ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDctMjcifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjIifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDctMjcifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjIifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma: no-cache
cookie: __gads=ID=277d1c2776519ee1-22a0430c8ec80090:T=1627351940:S=ALNI_MbIkILMDQUmWMaCG5RlbUiqSraEGQ; ezouspvv=0; ezouspva=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:21 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:19 UTC

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
19 B 34ms
34ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImF1Y3Rpb25fZXBvY2giOjE2MjczNTE5NDEsImFkX3Bvc2l0aW9uIjoxMTExLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiYmlkX2Zsb29yX2luaXRpYWwiOjI4MCwiYmlkX2Zsb29yX3ByZXYiOjEyMCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6OCwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NDMxLCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjB9XQ==
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImF1Y3Rpb25fZXBvY2giOjE2MjczNTE5NDEsImFkX3Bvc2l0aW9uIjoxMTExLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMjI4M2QzNjItMGIwNy00MmM4LTUwZDItY2JjNmYwMGU3NzE4IiwiYmlkX2Zsb29yX2luaXRpYWwiOjI4MCwiYmlkX2Zsb29yX3ByZXYiOjEyMCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6OCwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NDMxLCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjB9XQ==
pragma: no-cache
cookie: __gads=ID=277d1c2776519ee1-22a0430c8ec80090:T=1627351940:S=ALNI_MbIkILMDQUmWMaCG5RlbUiqSraEGQ; ezouspvv=0; ezouspva=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:21 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:20 UTC

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 270B 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=de

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ftp.winprizesonline.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 18:26:24 GMT
x-content-type-options: nosniff
age: 27957
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 18:26:24 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 270B 16 KB
16 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=de

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ftp.winprizesonline.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 17:17:27 GMT
x-content-type-options: nosniff
age: 550494
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Jul 2022 17:17:27 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 270B
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

35ms
16ms

Image
text/html

2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Tue, 27 Jul 2021 02:12:21 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 270B 42 B
518 B 34ms
15ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstDgxlsQuisRs7BX9yUjsaVtk78Dkhh-fRT_eywOGFbesTie21uaTOKyKG-hE5V3I_CdXmtfMiDTKEBWLkOIoi0M-lePTgRMJp6DG2hdmbALRk4fhaipERPLms&sai=AMfl-YQ6NRt51KdCQfZaUK8WLZNSK5mmD_m-NB1tHBQIdt3UsA26N9NQ0XGRBs2SrY0ON4-UL1QHZqarH48zaIi33L7AVyAsvWrnuZoPD_lCRlGP2ihtJTXTF3Vjhpch8N8&sig=Cg0ArKJSzC1WAJDV5-bWEAE&id=ampim&o=230,204&d=468,60&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=119&tls=1119&g=100&h=100&tt=1119&r=v&avms=ampa&adk=2013700999

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 27 Jul 2021 02:12:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
42 B 257ms
257ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTExMSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTExMSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: __gads=ID=277d1c2776519ee1-22a0430c8ec80090:T=1627351940:S=ALNI_MbIkILMDQUmWMaCG5RlbUiqSraEGQ; ezouspvv=0; ezouspva=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:22 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:20 UTC

GET
H2 200 army.gif Show response
ftp.winprizesonline.com/porpoiseant/ 0
19 B 34ms
34ms XHR
text/plain 3.66.136.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ftp.winprizesonline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzQ2OCw2MF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE3NjE4NDQiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5wcml6ZXNvbmxpbmVfY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJhZF9wb3NpdGlvbiI6MTExMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiI3MSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: ftp.winprizesonline.com
URL: https://ftp.winprizesonline.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-4y06-12y07-1y0b-5y0d-10y13-3y17-3y20-3y33-15y52-1y56-21&cmbcb=20&sj=x04x02x06x07x0bx0dx13x17x20x33x52x56
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzQ2OCw2MF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE3NjE4NDQiLCJkb21haW5faWQiOiIxNjQwNDAiLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5wcml6ZXNvbmxpbmVfY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjI3MzUxOTI4LCJhZF9wb3NpdGlvbiI6MTExMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIyMjgzZDM2Mi0wYjA3LTQyYzgtNTBkMi1jYmM2ZjAwZTc3MTgiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTc2MTg0NCIsImRvbWFpbl9pZCI6IjE2NDA0MCIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbnByaXplc29ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjczNTE5MjgsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjIyODNkMzYyLTBiMDctNDJjOC01MGQyLWNiYzZmMDBlNzcxOCIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiI3MSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma: no-cache
cookie: __gads=ID=277d1c2776519ee1-22a0430c8ec80090:T=1627351940:S=ALNI_MbIkILMDQUmWMaCG5RlbUiqSraEGQ; ezouspvv=0; ezouspva=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: ftp.winprizesonline.com
referer: https://ftp.winprizesonline.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://ftp.winprizesonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:12:22 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Mon, 26 Jul 2021 02:12:21 UTC

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZTYxZTRmNjI0YzhiNDRlZjZmM2Q0NmRhZDY1YTIwMjE=&google_push=AYg5qPKtA5dVj3bqTd3UjROQRZElLT3FRSR02oMswWn0IwFiVcBPIMl_t-V7iKVYRVbWu09Wyg4AFt7_GccjY_OcG3WMqu3ZDgJC

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=Y2JhOTJjZjctZjcxOS00MjUzLTlhZWUtNGMyOTM0OTk1MWY5&google_push=AYg5qPKpjXnbgO_kEI4-pJQGfcJYmTcCfwgwCYHPaEMG2yhJ8fRsT4w0t6chCtHCrB6HE-G-x1R5JLfWzbpL8VCs-Cjf5AaSiO9f

Verdicts & Comments Add Verdict or Comment

214 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ftp.winprizesonline.com/	1970-01-20 04:48:07	Name: ezux_lpl_164040 Value: 1627351933033\|2283d362-0b07-42c8-50d2-cbc6f00e7718\|false

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.ampproject.org/rtv/012107200040000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2107200040000 https://ftp.winprizesonline.com/
console-api	info	URL: https://cdn.ampproject.org/rtv/012107200040000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2107200040000 https://ftp.winprizesonline.com/
console-api	info	URL: https://cdn.ampproject.org/rtv/012107200040000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2107200040000 https://ftp.winprizesonline.com/

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

280575fdba709e4294c9a1d1794d14e6.safeframe.googlesyndication.com
adservice.google.ch
adservice.google.com
cdn.ampproject.org
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
code.jquery.com
connect.facebook.net
cs.media.net
fksnk.com
fonts.googleapis.com
fonts.gstatic.com
ftp.winprizesonline.com
g.ezoic.net
go.ezodn.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
pixel.quantserve.com
rules.quantcount.com
secure.quantserve.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
stackpath.bootstrapcdn.com
stats.g.doubleclick.net
sync-tm.everesttech.net
tpc.googlesyndication.com
use.fontawesome.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
cm.g.doubleclick.net
142.250.184.226
142.250.186.162
151.101.14.49
185.86.139.104
2.18.235.93
2001:4de0:ac18::1:a:3b
2600:9000:20c8:7000:6:44e3:f8c0:93a1
2606:4700:3031::6815:496e
2606:4700:3037::6815:4e07
2606:4700::6810:125e
2606:4700::6812:acf
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1450:4001:80e::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2002
2a00:1450:4001:810::2003
2a00:1450:4001:812::2002
2a00:1450:4001:812::2003
2a00:1450:4001:813::2003
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2008
2a00:1450:4001:82f::2004
2a00:1450:4001:830::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::2002
2a00:1450:4001:831::200a
2a00:1450:400c:c04::9c
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
3.66.136.156
34.237.156.120
05b4bc74f9c2553603ef6e4ba28c20ecbd991c3312b6f9b4cf0048e0b550552c
08c57978a59ed422002c1d5f7a33c34271cb746d3f0409729112b525ad32d14c
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cc7088b335b30f7b1fa0903bc8aa143b11cb8408032d62d28d5ab768cc68c88
0ce5ab0260a7860ea167511114f1b2a1a8c5dff2b1a3885e2c2e70fb54c4e7a9
0d17b8a38d3dce6f7357bbc8da105d92c21b6cf1c4b92351ce2b1861b065f2c5
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
116c0aa19fb4cffdfce3cf9821cb864d2daa38783c8bacf084b9bea88f6f8390
12dcdac6e5888cf653b6f539b52a40d5480d0c745fdb3889b5d19a814bcd34d3
147bc6792a52f0122a880cd36f8a99076d5f5eae6826a07b92f7f30438585ca0
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
172ecde3db13e66cf99995d63de308e2d6e3fdeb1a99dfaeec136f4862eb1573
192fd6ce22683359da86d8962256b9b8f851ba4dffebbb538b51d43ae4972677
1b1a4081a8a32bc714fbb7a2509141683bc3eb707a421c0db556ed856f6d8e99
1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
1d984940ff64f50146f8e4b93e9159c397ac4dbdad8262dfb43efb2d6fcd7bb6
1e4a5f448241f3626ea3d6d9d2c447e675c4ba22d8b11bf05aa51a8ec94c03bb
2021ce8b6633919f07c682ceb6cc4aafb6ae85ebc656bb0b91df9a0ef31398bb
210166038b34f2c816152c5d0d3d1f47129a1afa4d0445d3dbe9185bb96d69d9
21c155aa2b9d450290f1602e53da8a9b5d30ea678d5dc4ea65314b08318f39c3
21e951b41d9a2d88e89078726a4bfe1b0a0028c8a2c4b9caee408e82bb4bdf2d
22d90b745bf1d74a3bb0c15cec22d3465dc906de928bbbe53c0a89a69558fe1e
26e2c81392a1283a6043aea0009e5cd3dc66328114bed4e3fcf36c634e45238e
2b13a448945d780a851d6b56dc1afb15cea56d45cce6cea6875410b11d606de4
324610f1d401fb0aff89ab20b12dc3d6efb92d55f0a742319f5f76d2ca2f067b
32a9ee60cea6f692237b70fe9b2d9769574de2bd2869584c2d56931283f561a7
33503f305db201d4c2a3afb8c085ed02065e706cd82334270beb59f0d5b0b6ee
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3be88af8a808338aa389d96fa3fd9cc50152c4a30270c14f01a0bbe55220576a
40f5e8279dfdde81c646fb6bdb3f7f12986ccecc02cd0439b33df36be6cfcb4a
4461a5c2285ded2abf4651e1e1a5bb5d6dfc1f29e062965b1c2b38a3301efc47
44bbe754d5fde04f511bd53d04255192f898a6bc02b94a9825ce5344ce8ada18
4b7b40175f14405be34df25e66e637402d8114d281930b18130a8a18958b3ce9
4d9766c76edf9199da7e1cd4708a1d5ab13eeafcc95be603a87006296df8d4a2
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5031cfe44ca23ba789003524dae330ca6686ef8e6555c7fe281defe3e0fb4c53
5041aa984c376b44f64cbd8f839f165c88db4cc1913957db251904ff25f57bbd
544c3b92f470cc1b52b69f18c600c658f2f5899f0af4584527d49b63179d8c95
54a0b05f718c53b083f2c851f3824c93c8256daf8e36a3e45800b0ce1f84166c
58165b29667efd7ba88d243700082a9850ee8af78a86070dbc11d4ea5eb6c556
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
59b4f4be6661b9557bd42d9daf3532fb22a54163d5f760f964a80cbb0c40ec86
5bd085ae9683aaf57ae67bb6bd1f645359b5a1150b548e79ee0c7be68a2e3a23
5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a
5e82624b9738b32f6fba66700d47b8f18ad2eb85690a4dc8539264a9975d499c
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
63fa5c6bfff2d0628cc40dd79c4d79ae56105eeb75ed2870891c56e0c51b5e25
66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2
695be856611d9d209b70e4b7356594bd123af15d79843a3711289bf90e3525b1
6b4f1f72b78c93a6cdf32fbce758cc76e353e589296975f8491a265167cfdb0c
6d11209d1442b020864f7c35c777ecb20a359c743121536d5e2c0a0c7557c0d6
6f16276715b23ab20a4e9609c9a502b9698084abf4f43a497ac4286a8e0fa458
7132d6ffbbe3f4ff9c71d26e494238a8fdabefb950a3b2b0b1cfeb204a6a9845
727d06f38b813004baa0b6a9c96c24e2bce04b7be4c05f9486499f4250f9a772
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
7438cd6d98fc8e372c9a87e319ab965229ce2ba37798db808c8408f791db86ca
761b26458cbd0a36a0487cbcc23b5973fa2e643882224fa16f2142e8e04296cb
77b0db1f12bb031d1dd668f48ef805c61e99c762a81783f98e03f24ccf2429cc
7e1fdcd8cc1bc40f33974a7c5ddaebecd97bcc4c6795cc72f161c40b0364b7a9
7ee596b76772ac1263c57b05c3d05329db5e875cbcec8e917047b5d221fbb1c3
7f338e9b6da363fd312972a3edadb11dcdfc765f6b79debbdc84492302cce8e5
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80fe90cb559538158bc235f4e539d9bcae203e19fab7c6970aad37b0154348ff
820fba3ff1f9a7261d6589da4b1d722699a87dd220423053cc9b5cfcedb17a58
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8533e5fff8a26696481d22ea01994f8c388f4b4996d251f966bf1c776e85dea0
8661364ee96f78dec114c2bfd907c9b7494380dc60096d8bc9cf615151846ab5
8bff9ec3a2c218db516f668f50f0b70958136d28892dc840bc0544a20ef7d61b
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
8d450db79b0f7039b6486a399d93ebe1efa7a81e0f7b1170931b8b3dddf4a31d
8d4d9792eb7e026b9c623e32cff51517b5842e819767082954ab8372d6005887
8eef2f9e8de713e7de3a005aa33892d0219eedd3b2bcc7e9dd6ff3e87a7ae853
96aff4e52cbf68f66cad54a8952c753d1369c74d5eec460ad69d683eeeb6e963
975714c6cb70ba105bfa87d2415df2fddde4a46c1d3ab9d0cf45465e56cba97d
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b6afc38f068071f51ed07a0bf2d890f8d3a7f8e2a4d99b617bbc87b12643627
9c6f8046b44983cbc5443613c1f4c0582939d3c2989d74c2a8a12143cad2f27a
9d4e51a4c93eac97d86a894f115f69ce50f9b3c48d752db06d0475cc7d411fcc
9d8179af923e93ad7445fb44c74ea90842eef60707dab1c623494d13c1145b16
9e9e99ead2f95e67c53bab08f4e05ed83afb8f91983824b7b048caa127121b2e
a0c3f2e5825816bcac42e686f0c3aa76e1aa566f71a437d8768702d4a3a45875
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a74aec571efc5b9327caff6b96b9e070ce969c1eee876ed0840e6df23a7fd0e1
a8013b1ee724e046342561c77cf313dbc69810573802cc049263759852a77773
a934955830a208d1bf1ca6b99191c39a2d8d4bd899cac238b9df4c02dcbcec3e
a9ca0ebc1f197fff4a210abe61cbe13efca770435cacbe0d1aeaf0e842b8218c
aa3789cf48c93e93ac628879de905e5f72cbf9a8f2131214a863b347cedf86d1
abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340
ac8b6e65d1ac3e054abe73e33df1b67dea28086bb354d365b41e44f4dc9b1ecf
ad677b3f5f43c7055b1e8053d466deaa5ef9f200ea55dd95b1c69799651ad2c7
ae5422cf35cf465f3b2f4ea6b1c6c9fe5312868c95277e54a71d8b3721c0f07d
afd535f96f473baa798f259afc49104fc6538bdc583f88f49824ef10928e1383
b10f2ed2f7d721e860661e69f23036a30467f7c734d745719277af2ce796cd3d
b5c5b01c373d920bb6eebe87518b9c5613f6dee9e06f41bc3db24b173f0d6eeb
b63a4da21a81ca953f9f391957659a2e3fa04685c2b4f58763546253c8e48a17
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012
bbd2283b1602e1e59c8924ca46c72016a971b94e8156f85e8c5c5f680e1e28b9
bcccf70c8ba9acd974a389243d9b7ea1489261027d6d99abe91b227ad20161f3
c1f7087131333ce83273f48d058ce4b7c2327a0a2f6146cd539d855393340a47
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c486476b35b1d7fa316cc13d9ebda9c4e7a7cd3228b03127f1d9cfa32f6d38a6
c68d148a7d87931daf81734fe3cb996ea0f4711373af1dc8c3672ee138a7bf3d
c95acef30f727576f1d6085abebf637ab39f5b6bd3265f3375c156c1ea8c5600
c970e666b3e65c1c5392d86e8a47a69162c22dab29621f8c5473afb40df22ff3
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cc36a5778c5bde036dee1af5e870bb6cb59ba4bc27dd815795fa636ea41a7988
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ccb5febf8ac335a1b768a7a2087fa4362cb3a0a9392e2e451df9d9825e88e5db
ce67cd6665e835604c7a650ea355d41857dcd2284618b61d82d252dca0abfe5d
d070338215ba7b542d7c58404950819f75ccd3727e8725a02c36aefa0b7559b9
d11b307a6c2c96de979f0d5c0d94b4753169604c396a3bc9125d48c4827a2ff4
d1285ef2f563de90e17a26675dd146284a39947af2f610a01cd61c23a6626866
d2247277068c6498567cc1c5938fcd478cf368e8e629b77c703b9ead34ca2fbd
d45d06dc8e9895356f79c18d31dec1bbdcaacb65745b1db54567abe94271ab4d
d51b5c14fd6455affd3baceb0d2015c532566645fd80f645260c803a8b0f1c57
d9a93fe2b8894aabc63e93d6d50068eb09dd7bfed8a0dfe61301c792b18b338a
dc48161214298afa70fd306b5a0a247f62c6042238e3dcadbd32015adedcc263
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
ddbe62de5ae24097612d0546735d390e3202e985da76fd4fb2a4fa31c29fd1e1
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df51d85599611278accf110769a453f62c2c4b04cb2f7769e9750869e2fa8363
e3337e6884e0da050420d2999cf5394330f850785aaabefb1311692d731b202b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e45818350fb6700935c0dce924d8317b166845c5516bc391a1dbda39203f143a
e4b20c06a20b7c958a8ebc8d7dd6766a94be7adfb473f4f68e2217b08620fda4
e5eb6ee9a13ddbc7640f794e054e6f94c8a53967ecb03a507aa00af7df0ecbeb
e70eeb916d84fbbd1439225f77eead8328c0c667e94bd15c4aaa0633a7de61fb
ea4b59de2dc40133435c40e2deeb0282e395be2ab99a1d00bccd683dead15f4a
ed752f771f966bb12f0b6736788057e687da90409f6abc3319897f641f0f8c20
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f242631d2237faba0e67a26fd464c520db763a5bc572270e2697aaf4c2dcf150
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
f824f3764d1d55ec86f61268f66c033473dc1ab7224475367aecd61b2342a732
fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549
fc44ae3954fe82685ce6b1248acf7ef8e0985d43b393d09aa151fce76ed28daf

ftp.winprizesonline.com Open in urlscan Pro 3.66.136.156 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

233 Requests

97 %HTTPS

78 %IPv6

26 Domains

35 Subdomains

29 IPs

5 Countries

1975 kBTransfer

4600 kBSize

1 Cookies

5 Outgoing links

Page URL History

Redirected requests

233 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

ftp.winprizesonline.com Open in urlscan Pro
3.66.136.156 Public Scan

Screenshot
Live screenshot

Full Image

233
Requests

97 %
HTTPS

78 %
IPv6

26
Domains

35
Subdomains

29
IPs

5
Countries

1975 kB
Transfer

4600 kB
Size

1
Cookies

233 HTTP transactions
3 data transactions