www.fortunecourse.c4.fr Open in urlscan Pro
5.135.149.81 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.fortunecourse.c4.fr/
Submission: On October 01 via manual (October 1st 2022, 3:56:05 am UTC) from BF — Scanned from FR

Summary HTTP 95 Redirects Behaviour Indicators

Summary

This website contacted 26 IPs in 5 countries across 25 domains to perform 95 HTTP transactions. The main IP is 5.135.149.81, located in Paris, France and belongs to OVH, FR. The main domain is www.fortunecourse.c4.fr.

This is the only time www.fortunecourse.c4.fr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	5.135.149.81 5.135.149.81	16276 (OVH) (OVH)
10	194.150.236.165 194.150.236.165	44976 (HIWIT_AS) (HIWIT_AS)
12	2a00:1450:400... 2a00:1450:400d:80d::2002	15169 (GOOGLE) (GOOGLE)
1	173.225.100.28 173.225.100.28	19318 (IS-AS-1) (IS-AS-1)
2 4	194.150.236.190 194.150.236.190	44976 (HIWIT_AS) (HIWIT_AS)
1	194.150.236.236 194.150.236.236	44976 (HIWIT_AS) (HIWIT_AS)
6 8	2606:4700:303... 2606:4700:3038::6815:ea1b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	91.121.164.142 91.121.164.142	16276 (OVH) (OVH)
1	194.150.236.5 194.150.236.5	44976 (HIWIT_AS) (HIWIT_AS)
4	185.119.26.1 185.119.26.1	203544 (WEBDEVIIN-AS) (WEBDEVIIN-AS)
20	143.204.215.22 143.204.215.22	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:807::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:400d:806::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:805::2002	15169 (GOOGLE) (GOOGLE)
3 4	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2 4	104.18.18.126 104.18.18.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	185.89.210.141 185.89.210.141	29990 (ASN-APPNEX) (ASN-APPNEX)
5	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
2	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400d:80d::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:804::2004	15169 (GOOGLE) (GOOGLE)
95	26

10 5.135.149.81 (Paris, France)

ASN16276 (OVH, FR)
PTR: web3.venez.net

www.fortunecourse.c4.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.venez.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 194.150.236.165 (France)

ASN44976 (HIWIT_AS, FR)
PTR: ns5.hiwit.net

www.pronoscourse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.levainqueur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:400d:80d::2002 (Ireland)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.225.100.28 (United States)

ASN19318 (IS-AS-1, US)

turftriomphe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 194.150.236.190 (France) 2 redirects

ASN44976 (HIWIT_AS, FR)
PTR: ns30.hiwit.net

www.turfsur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
zetop.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.zetop.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.snprono.powa.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 194.150.236.236 (France)

ASN44976 (HIWIT_AS, FR)
PTR: ns76.hiwit.net

www.biltoturf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:3038::6815:ea1b (United States) 6 redirects

ASN13335 (CLOUDFLARENET, US)

img.root-top.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.121.164.142 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ns360576.ip-91-121-164.eu

nsm05.casimages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 194.150.236.5 (France)

ASN44976 (HIWIT_AS, FR)
PTR: ns.allo-heberge.com

ns.allo-heberge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.119.26.1 (France)

ASN203544 (WEBDEVIIN-AS, FR)
PTR: 1.26.119.185.in-addr.arpa

payment.allopass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.allopass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 143.204.215.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-22.fra53.r.cloudfront.net

www.zone-turf.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80e::2002 (Ireland)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:807::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:400d:806::2001 (Ireland)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:805::2002 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.66 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.18.126 (Shahr, Iran, Islamic Republic Of) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.210.141 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:80d::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:804::2004 (Ireland)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	zone-turf.fr www.zone-turf.fr — Cisco Umbrella Rank: 832193	52 KB
19	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 143	273 KB
10	doubleclick.net 3 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 42 cm.g.doubleclick.net — Cisco Umbrella Rank: 212 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 299	48 KB
9	pronoscourse.com www.pronoscourse.com	402 KB
8	root-top.com 6 redirects img.root-top.com	18 KB
7	venez.fr www.venez.fr	9 KB
5	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 268	100 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 528	3 KB
4	allopass.com payment.allopass.com www.allopass.com	12 KB
3	gstatic.com fonts.gstatic.com	47 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 229	3 KB
3	c4.fr www.fortunecourse.c4.fr	3 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 76 www.google.com — Cisco Umbrella Rank: 2	2 KB
2	casimages.com 1 redirects nsm05.casimages.com	9 KB
2	zetop.info 1 redirects zetop.info www.zetop.info	11 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 41	1 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 191	44 KB
1	google.fr adservice.google.fr — Cisco Umbrella Rank: 30533	792 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 862	640 B
1	allo-heberge.com ns.allo-heberge.com
1	powa.fr 1 redirects www.snprono.powa.fr	237 B
1	biltoturf.com www.biltoturf.com	6 KB
1	turfsur.com www.turfsur.com	11 KB
1	levainqueur.com www.levainqueur.com	28 KB
1	turftriomphe.com turftriomphe.com	77 KB
95	25

	Domain	Requested by
20	www.zone-turf.fr	www.pronoscourse.com
12	pagead2.googlesyndication.com	www.fortunecourse.c4.fr pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
9	www.pronoscourse.com	www.fortunecourse.c4.fr www.pronoscourse.com
8	img.root-top.com	6 redirects www.pronoscourse.com
7	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
7	www.venez.fr	www.fortunecourse.c4.fr www.venez.fr
5	s0.2mdn.net	www.fortunecourse.c4.fr s0.2mdn.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net www.fortunecourse.c4.fr
3	fonts.gstatic.com	fonts.googleapis.com
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	www.allopass.com	www.pronoscourse.com
3	www.fortunecourse.c4.fr	www.fortunecourse.c4.fr
2	googleads4.g.doubleclick.net	www.fortunecourse.c4.fr
2	nsm05.casimages.com	1 redirects www.pronoscourse.com
1	www.google.com	tpc.googlesyndication.com
1	fonts.googleapis.com	s0.2mdn.net
1	www.googletagservices.com	googleads.g.doubleclick.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.fr	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	payment.allopass.com	www.pronoscourse.com
1	ns.allo-heberge.com	www.pronoscourse.com
1	www.snprono.powa.fr	1 redirects
1	www.biltoturf.com	www.pronoscourse.com
1	www.zetop.info	www.pronoscourse.com
1	zetop.info	1 redirects
1	www.turfsur.com	www.pronoscourse.com
1	www.levainqueur.com	www.pronoscourse.com
1	turftriomphe.com	www.pronoscourse.com
95	31

This site contains no links.

Subject Issuer	Validity	Valid
venez.fr R3	`2022-09-26` - `2022-12-25`	3 months	crt.sh
*.allopass.com Gandi Standard SSL CA 2	`2021-10-08` - `2022-10-08`	a year	crt.sh
zone-turf.fr Amazon	`2022-03-18` - `2023-04-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.fr GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh

This page contains 13 frames:

Primary Page: http://www.fortunecourse.c4.fr/
Frame ID: E39BC07878ADC33DDE296426A4895253
Requests: 1 HTTP requests in this frame

Frame: http://www.fortunecourse.c4.fr/barre-fortunecourse.c4.fr.html
Frame ID: 2842BB17DFC74BC3F0CA2EE4B3513EEC
Requests: 12 HTTP requests in this frame

Frame: http://www.pronoscourse.com/turf/fortunecourse/
Frame ID: CECABF3509F762628E941C0FEE8998CA
Requests: 42 HTTP requests in this frame

Frame: http://www.fortunecourse.c4.fr/stats-fortunecourse.c4.fr.html
Frame ID: BD09F585D315976F8AF26392683E0D04
Requests: 1 HTTP requests in this frame

Frame: https://www.venez.fr/alternate-barre.htm
Frame ID: 25FD0C6015AFAAB9E05F35CB9A212101
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220928/r20190131/zrt_lookup.html
Frame ID: E85E849C9200105C8A210012575135DE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5203714787387788&output=html&h=90&slotname=4563536207&adk=2647235303&adf=3604715433&pi=t.ma~as.4563536207&w=970&psa=0&format=970x90&url=http%3A%2F%2Fwww.fortunecourse.c4.fr%2F&ea=0&wgl=1&dt=1664596560236&bpp=5&bdt=378&idt=344&shv=r20220928&mjsv=m202209260101&ptt=9&saldr=aa&correlator=1976520569633&frm=23&ife=1&pv=2&ga_vid=797469459.1664596561&ga_sid=1664596561&ga_hid=1318932707&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=20&ady=0&biw=1600&bih=1200&isw=1600&ish=90&ifk=2509764673&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773746&oid=2&pvsid=3025995298287458&tmod=1106177004&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=o%7Co%7CaeE%7C&abl=NA&pfx=0&fu=4&bc=23&ifi=1&uci=1.168niy7fngxs&fsb=1&dtd=372
Frame ID: 2E9BDC7F3EE1BC8C9D87F159A6DE7304
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCZw2EY16frwgEwAQ&v=APEucNWnqXFX5_-vxQFsChy-G9FbQHCU6WRi9gL2NtB2iOejMpUc_1F76DBQutOSQSSqwo86mUFpotNobuNTGBOCMduL78Xg_4hz6KHkINxl64ihVDzhK3Ugoouz3E6gNm91opYVXfisHpuyak1MG0LJ_gcnTX7d_KhZoHFYtuA1l_-G65kq6XY
Frame ID: 18317FA34B4820A85E0EA39C0862D63D
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CQ-E5tD4mqGH8oroECAkZQRfuADNRmsVElTH6kk0pdYcHJf7V7EddNTvfFCSzZYtvGhH7C2DuIX8tZ37ZqquQ1fvPgtg&cry=1&dbm_d=AKAmf-DcbyMqJVn8bo6KF9u7Goivuyl1ZhAlu464xb81EpNRrpRrGQJLqj9Hu5cjIbmvvOH4HxMWphk0clX0l8_CqW5eNW1RtaoVNCpZnzgSUiGlfv7B1MNoxxRpp3ke3RGQibxlzPPr3PUvxznNKFk41qrHcgHyanBGuzlIaXyYxUF2flWpdaBnf6iCZixgo5mbvyVfOkbxmZ6z2OH3YB0kzKwflZ3kPC4noa1C3AgTHGBd4BbmVnHANJ0nj59KusCW7h3PRT9FH0mpTxEwmibd5SS2wwYDZVi1sFng5eqOz-KdDbK8mtseEYPcBV7JBc6J-DAEtKIOpQXgAbdvnWDPcavW9_pGTesNun_r6bcLGsa2aAn6AnZN3Fd3wENidvfKaz1dGJeIfXGzB6qpJoya0hQ2b3p-IPQlDKXdhb7dJgFtfH5WsMKi4mY15W4dr-8hRkHitPmS15QDkiOQ1GQZDRmy18Qk3QSzrJEZmGKzgVq01UqX8Fl7qEoiHvuWHmKqxCS58_6o9p9k_GWMa3kBGaIs8J5DqSz4shQYYK_WMRahba7l9-dJUvsq_tN2o0twuChfuFr-77dqGblj6HzY8TahHE8FDPxK3c8dINxkmSb_sp3ZuKgp21LKYCObwk2pVYOAxlZm9JwdP7-wAOLZJ83xBLrJEK2dRu3vjOuTSNIbqh8SMu-0uTkcZn9Hixu9mwV5cWjrvhbLTDSlYdNVZPLuUUl5N45f4gP0B9Y9XaVw96hPwJ6v_xihpdw1UKybeVYGpPMQbji0QrOyqWg4K_9cjZ1LJNpdHTdCAuZk3xPk1hFVl0qSjCPeysYN2PSVn5NVDYPmNvN6ufD_ZVRpG6Kd6Wa4OqRcF-AeLf30VdZEY75BDmLhPje4jxxBNbStPllCPsayu3VnPOX73_nV6p_AwEBK5dTVU4MKeP3_TOI4s-O6aJjY4qorWVCkxuxWVk5504PzKEwMfr9jPJ027xpd0S3GhyewiJD2yWWTTfvzkjpCi8dxBX95RKyVMidzrj5h4PbYrzYJLVMjD-azVm9PFlraOc3bvUVIHt7w6EkmBz-NX234YCw1codVSayDrxTfFwqrvX4y-sMWAfAiuZwfIb1Y7Y7ejRRlRbmkO4wioWacOpz0zxPBEMTd9rDftuoCBY4z21zbSC4wDxH2Za1suTT6TyHOz3t94A5eErGWqUNOOLx1bQWxUTrINfK5JPOzZauyVEbZK5bUEOTOZ8-l9mQwlLo5tU6qu_x4Fi0aCdXdXMCqjzds5E-5F7zmsZtTjbWMxOdQGkgLfDpEv6CvDNlhHHkmITBMYyjnrqjwFNxDv89b77EmNIkSJuxLIaZ7WmLYvsOIsJ0C2rDeZueTmKZBcS77OEnKHgQvWalNYJ0ByIi5jsYWgyorgZ7Ero1BHddZSjTtMO9hUR4tFotTtMXH9SZ0A9LJZjXs-Xe9-PLNu9moFikTHt9COIqvpewadJ3n0Ur-cz0Kxf5vmcaXGXvxCxIMoZBxINKZt75N70WoDMeuCRPC49zOeSNoC51HXX81Wrc-FrH0_aeXBvSeY5SVKl_yPOWbsp2kv72V5WoWhIXRtq_3OcTZRam6bpbMQ7MM4urMYrhz2oItboqImcL35NbWMzCWBBIlQ0-iirzT2QdMaSFlxL-_KbrkoBldCYOIsdsxoNXyC9gJksf5Vm0jBL9Y7KgoMxFBvoYPHm_zKp0TiBkHcDcaCMhtqhpLxdtUMaRjOMrtnc2ROZViQUI35UM0L5R6MA2mHkuDTjNv-0pE3v8ANY0ik2IKI0kBfdR2DeauninJlTr-b37NLxUyCKzazV9KK873ax-iy9bYS9S-GMV0GWMmKwLH-hMpKcbj_Ra3NCdBc-2Gw2fXaXsh-GdgFFym_5cy7QeYkSGcgjeBhRF3_J6fsWU15z-g4Y6cUkP_goIB974QriwWHwr320OOwEmhtI2NcEnDODDlUD1GQ6hjBHTf3R6Ae_e5Vk_ZQLgCsdl9CfCca8qrJv2-brUsHA_s_iNToclrni7oXBBVapbNIFYDJgEF0ZIrUPSfIzAGbxoUT7Icp4ZFZa_ILGelKx6fxQnqCK5BbEcfSKiTaW2Ry7oHHzGwOpsMaDd7DQOA39BqH225gvuOZqIQT50zO3m-NObrAuwRpHJqZoHNCMBoCr-lg3xmUNrqZ8lKoyq2WvmuVaQ7dwhEmWdhtA3vfJnteQMA3TFcaT72edfHjgKdRi0kDS8vUjdqrE-hAnTSlH9VE0X2RWNYLL92pAz_UtpD0zfFMwtsy3HHyu2I4ItbS8rlmEYkeHMF-oArm6CiRHnLGWIFZs3dYE4EujFp4K2wpnSZrU0rujEsNp1PSmMGDmv9EoAhv8VTA_63M-6Tl8SUYK4xZ4swnrVT2aHG6aqsS_QjmROtwinkcB1m8JATGg758LoQzsr5-RhbOqNg_Tx9jimOLfnXWDRzm4HH8PWb4ARl6IxwawetSK99shHgph61nl-pFERo9r4HiQUyBbsuE7Nh7B4e2R3cdtjeDVZ4z1EvHQG6S7NL3R-UxgPd9c9rahFysAXvI--NBKOVNed4CuvA3jpJjZ9kr3PDueq194rQ3jNq4PtGa3VpyfUnasEHlAbEPd9LdnDcsSF2xh0ycFg4-CHBOdE8RFmk7xdZFrPgUIEHckFX_Y5yZWDzDMG3XAudHYS74XM1_RAOVUe7YsYbNaMXu4RLZuJBKmEJKHSm6Gxqbq0zbfc7xwpoxDK6luXvQ40wnb6f_jdYac2k_13PrNO1JF-l7MCKeHzzeFgRb6LfHaeVTHpcyn_RK3ueyj1umORF7cNcduqUfCXDfZEghr8a8iP0W9aF3EkF3ABeKTeoZmxzH6TDFAv6Rp6XT6_tyOOctoP5xwUkXHQGnwC_RlwmiyLJ13tS75eWnMiVBsAZqweV18c&cid=CAASBORoSIc&rfl=3%2Chttp%253A%252F%252Fwww.fortunecourse.c4.fr%242%2Chttp%253A%252F%252Fwww.fortunecourse.c4.fr%252F%240
Frame ID: DDC85DAC85A981CAB4D2B881872EFF3D
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 4939CCC4F3E23D49803371E6A1278088
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10196239086468997911/index.html
Frame ID: 1C51D39A4AB381D6AD0F07FEBE914336
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2F5574A5AE6C3263F3B509D1B6E8F9F0
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5B190588B35E7273DCC844CB05B542D6
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FORTUNE COURSE

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Page Statistics

95
Requests

73 %
HTTPS

48 %
IPv6

25
Domains

31
Subdomains

26
IPs

5
Countries

1155 kB
Transfer

1947 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

http://zetop.info/img/logo_zetop.gif HTTP 301
http://www.zetop.info/img/logo_zetop.gif

Request Chain 13

http://img.root-top.com/topsite/ficebook/banner.gif HTTP 301
https://img.root-top.com/topsite/ficebook/banner.gif HTTP 302
http://nsm05.casimages.com/img/2011/10/07/1110070340161338798861456.gif HTTP 301
https://nsm05.casimages.com/img/2011/10/07/1110070340161338798861456.gif

Request Chain 14

http://img.root-top.com/topsite/turfistes/banner.gif HTTP 301
https://img.root-top.com/topsite/turfistes/banner.gif

Request Chain 15

http://img.root-top.com/topsite/turfplus/banner.gif HTTP 301
https://img.root-top.com/topsite/turfplus/banner.gif

Request Chain 16

http://img.root-top.com/topsite/secreturf/banner.gif HTTP 301
https://img.root-top.com/topsite/secreturf/banner.gif HTTP 302
http://www.snprono.powa.fr/secreturf.gif HTTP 302
http://ns.allo-heberge.com/

Request Chain 64

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHsrO1P5zp3CGRm5NAQ8tKQ&google_cver=1

Request Chain 65

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yze6UJB3gIda-reOFWXzAgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECPnxGAuxdLGBvsXiq0EVtU&google_cver=1

Request Chain 66

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHM_8_8NqXeMP9YCmsYxrLo&google_cver=1

Request Chain 67

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjA5MDUyMDIwMjk3NDcxMzA4Mg%3D%3D

95 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.fortunecourse.c4.fr/ 3 KB
1 KB 55ms
25ms Document
text/html 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://www.fortunecourse.c4.fr/
Protocol: HTTP/1.1
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: d7332aeacd02592805490cb97c98ba97944071cc4e3ec315099b6e79286829a0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1096
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 01 Oct 2022 03:55:59 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK barre-fortunecourse.c4.fr.html Show response
www.fortunecourse.c4.fr/ Frame 2842 3 KB
2 KB 113ms
113ms Document
text/html 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://www.fortunecourse.c4.fr/barre-fortunecourse.c4.fr.html
Requested by: Host: www.fortunecourse.c4.fr
URL: http://www.fortunecourse.c4.fr/
Protocol: HTTP/1.1
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: 541be29b007843edffd0457b96273a30fee6f93c2733be81362d19fa0d0ac64f

Request headers

Referer: http://www.fortunecourse.c4.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate post-check=0, pre-check=0
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1503
Content-Type: text/html; charset=ISO-8859-1
Date: Sat, 01 Oct 2022 03:55:59 GMT
Expires: Sat, 01 Oct 2022 03:55:59 GMT
Keep-Alive: timeout=5, max=99
Last-Modified: Sat, 01 Oct 2022 03:55:59 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK / Show response
www.pronoscourse.com/turf/fortunecourse/ Frame CECA 11 KB
12 KB 124ms
86ms Document
text/html 194.150.236.165
HIWIT_AS

General

Check archive.org

Show headers Download Go to

Full URL: http://www.pronoscourse.com/turf/fortunecourse/
Requested by: Host: www.fortunecourse.c4.fr
URL: http://www.fortunecourse.c4.fr/
Protocol: HTTP/1.1
Server: 194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns5.hiwit.net
Software: Apache /
Resource Hash: 6d5cd26e0c4ee637c6e9df3cb1432112a548916d8c4499c5a3eb47a5b3afbc77

Request headers

Referer: http://www.fortunecourse.c4.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html
Date: Sat, 01 Oct 2022 03:55:59 GMT
Keep-Alive: timeout=15, max=100
Server: Apache
Transfer-Encoding: chunked
Vary: Host

GET
H/1.1 200
OK stats-fortunecourse.c4.fr.html Show response
www.fortunecourse.c4.fr/ Frame BD09 0
192 B 125ms
101ms Document
text/html 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://www.fortunecourse.c4.fr/stats-fortunecourse.c4.fr.html
Requested by: Host: www.fortunecourse.c4.fr
URL: http://www.fortunecourse.c4.fr/
Protocol: HTTP/1.1
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.fortunecourse.c4.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 01 Oct 2022 03:55:59 GMT
Keep-Alive: timeout=5, max=100
Server: Apache

GET
H/1.1 200
OK site.js Show response
www.venez.fr/js/ Frame 2842 2 KB
1 KB 110ms
26ms Script
application/javascript 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.venez.fr/js/site.js?www.venez.fr
Requested by: Host: www.fortunecourse.c4.fr
URL: http://www.fortunecourse.c4.fr/barre-fortunecourse.c4.fr.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: 0c91a24c2deb753c963c48cd9c3e5d16ee96128b30bce193c4324e121728c306

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.fortunecourse.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
Content-Encoding: gzip
Last-Modified: Sat, 01 Oct 2022 03:55:59 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 1023
Expires: Sat, 08 Oct 2022 03:55:59 GMT

GET
H/1.1 200
OK separateur90.gif
www.venez.fr/images/ Frame 2842 82 B
388 B 110ms
26ms Image
image/gif 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.venez.fr/images/separateur90.gif
Requested by: Host: www.fortunecourse.c4.fr
URL: http://www.fortunecourse.c4.fr/barre-fortunecourse.c4.fr.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: 3289fc83b622ca0a13683fa81b006a05de135d1938744d6e30e5c9be2f2d782a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.fortunecourse.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
Last-Modified: Thu, 15 Nov 2018 22:11:22 GMT
Server: Apache
ETag: "52-57abb54b25680"
Content-Type: image/gif
Cache-Control: max-age=604800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 82

GET
H/1.1 200
OK adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2842 161 KB
57 KB 126ms
82ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.fortunecourse.c4.fr
URL: http://www.fortunecourse.c4.fr/barre-fortunecourse.c4.fr.html

Protocol

HTTP/1.1

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

19dd4e360485c724ce74227d51b6b572ab458d3855bc31396cb7ba73e768965f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.fortunecourse.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:56:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 16470304786271900383
Vary: Accept-Encoding, Origin
Content-Type: text/javascript; charset=UTF-8
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Timing-Allow-Origin: *
Content-Length: 57582
X-XSS-Protection: 0
Expires: Sat, 01 Oct 2022 03:56:00 GMT

GET
H/1.1 200
OK h1.png
www.pronoscourse.com/turf/fortunecourse/ Frame CECA 27 KB
28 KB 21ms
19ms Image
image/png 194.150.236.165
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.pronoscourse.com/turf/fortunecourse/h1.png
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: HTTP/1.1
Server: 194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns5.hiwit.net
Software: Apache /
Resource Hash: c50a8d7063f0ac813e1ac39f6fbb06861e4d7f8222a16101bf4dbacc3bb806de

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/turf/fortunecourse/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
Last-Modified: Mon, 21 Aug 2017 12:36:03 GMT
Server: Apache
ETag: "194d9dc-6d74-55742b8c612c0"
Vary: Host
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=99
Content-Length: 28020

GET
H/1.1 200
OK header.jpg
www.pronoscourse.com/turf/fortunecourse/ Frame CECA 99 KB
99 KB 57ms
18ms Image
image/jpeg 194.150.236.165
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.pronoscourse.com/turf/fortunecourse/header.jpg
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: HTTP/1.1
Server: 194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns5.hiwit.net
Software: Apache /
Resource Hash: 2680921f3183aefc8e7756602433aeb83fca8d3498d4c2eace0e42da7e68dbe7

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/turf/fortunecourse/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
Last-Modified: Mon, 21 Aug 2017 12:36:09 GMT
Server: Apache
ETag: "194d9df-18a4a-55742b921a040"
Vary: Host
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=98
Content-Length: 100938

GET
H/1.1 200
OK logo2.gif
turftriomphe.com/lien/ Frame CECA 77 KB
77 KB 506ms
91ms Image
image/gif 173.225.100.28
IS-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://turftriomphe.com/lien/logo2.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: HTTP/1.1
Server: 173.225.100.28 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 7adb98959fb28df7c99082b45bbf1f1f75b818282b220ea5c86b667912aa402d

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:56:00 GMT
last-modified: Tue, 03 Nov 2015 11:59:38 GMT
server: LiteSpeed
content-type: image/gif
cache-control: public, max-age=604800
Connection: Keep-Alive
accept-ranges: bytes
Keep-Alive: timeout=5, max=100
content-length: 78622
expires: Sat, 08 Oct 2022 03:56:00 GMT

GET
H/1.1 200
OK logo.gif
www.levainqueur.com/ Frame CECA 28 KB
28 KB 57ms
19ms Image
image/gif 194.150.236.165
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.levainqueur.com/logo.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: HTTP/1.1
Server: 194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns5.hiwit.net
Software: Apache /
Resource Hash: 6270f4fc23be1ddceb334705172b0470d61d28d201fcc23402dbdc8bac85bdc7

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
Last-Modified: Tue, 13 Oct 2015 12:36:31 GMT
Server: Apache
ETag: "e76ccd-70a5-521fbb20911c0"
Vary: Host
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 28837

GET
H/1.1 200
OK logo.gif
www.turfsur.com/img/ Frame CECA 11 KB
11 KB 103ms
18ms Image
image/gif 194.150.236.190
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.turfsur.com/img/logo.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: HTTP/1.1
Server: 194.150.236.190 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns30.hiwit.net
Software: Apache /
Resource Hash: 9bd0c1e96f9d3b63b53ba8c355ada916479d8815034cab0aad1540c3c602d896

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
Last-Modified: Mon, 05 Mar 2018 05:51:23 GMT
Server: Apache
ETag: "878aad-2cb9-566a3ea782cc0"
Vary: Host
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=100
Content-Length: 11449

GET
H/1.1

200
OK

logo_zetop.gif
www.zetop.info/img/ Frame CECA
Redirect Chain

http://zetop.info/img/logo_zetop.gif
http://www.zetop.info/img/logo_zetop.gif

11 KB
11 KB

60ms
18ms

Image
image/gif

194.150.236.190
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.zetop.info/img/logo_zetop.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: HTTP/1.1
Server: 194.150.236.190 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns30.hiwit.net
Software: Apache /
Resource Hash: 7c9a501ff24c88a1c67c41a92315b5c7b94e19bed6381da81631f691e501a8be

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:56:00 GMT
Last-Modified: Thu, 06 Jun 2013 09:17:28 GMT
Server: Apache
ETag: "64570c-2ac9-4de78c87e3a00"
Vary: Host
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=100
Content-Length: 10953

Redirect headers

Location: http://www.zetop.info/img/logo_zetop.gif
Date: Sat, 01 Oct 2022 03:55:59 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=10, max=100
Content-Length: 248
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK logo.gif
www.biltoturf.com/ Frame CECA 6 KB
6 KB 65ms
19ms Image
image/gif 194.150.236.236
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.biltoturf.com/logo.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: HTTP/1.1
Server: 194.150.236.236 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns76.hiwit.net
Software: Apache /
Resource Hash: ead7dff95228a235e92f3cc50bcd67d3e448ccb40cee683514504e8a59aa8f30

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
Last-Modified: Sat, 24 Apr 2021 03:49:26 GMT
Server: Apache
ETag: "2563ddd-165f-5c0afcc7b5d80"
Vary: Host
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 5727

GET
H/1.1

200
OK

1110070340161338798861456.gif
nsm05.casimages.com/img/2011/10/07/ Frame CECA
Redirect Chain

http://img.root-top.com/topsite/ficebook/banner.gif
https://img.root-top.com/topsite/ficebook/banner.gif
http://nsm05.casimages.com/img/2011/10/07/1110070340161338798861456.gif
https://nsm05.casimages.com/img/2011/10/07/1110070340161338798861456.gif

8 KB
9 KB

66ms
14ms

Image
image/gif

91.121.164.142
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nsm05.casimages.com/img/2011/10/07/1110070340161338798861456.gif

Requested by

Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/

Protocol

HTTP/1.1

Server

91.121.164.142 , France, ASN16276 (OVH, FR),

Reverse DNS

ns360576.ip-91-121-164.eu

Software

Apache /

Resource Hash

c208d77e0e089f3e3b6e76a7811758dc5fe21725e55e37d22d54a878cefec06c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 04:07:41 GMT
Strict-Transport-Security: max-age=31556926
Last-Modified: Thu, 14 Jan 2016 06:35:23 GMT
Server: Apache
ETag: "9c6610d-219d-529457dc380c0"
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.casimages.com
Cache-Control: max-age=31536000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 8605
Expires: Sun, 01 Oct 2023 04:07:41 GMT

Redirect headers

Location: https://nsm05.casimages.com/img/2011/10/07/1110070340161338798861456.gif
Date: Sat, 01 Oct 2022 04:07:41 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 280
Content-Type: text/html; charset=iso-8859-1

GET
H2

200

banner.gif
img.root-top.com/topsite/turfistes/ Frame CECA
Redirect Chain

http://img.root-top.com/topsite/turfistes/banner.gif
https://img.root-top.com/topsite/turfistes/banner.gif

10 KB
10 KB

40ms
29ms

Image
image/gif

2606:4700:3038::6815:ea1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.root-top.com/topsite/turfistes/banner.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Server: 2606:4700:3038::6815:ea1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b6049bb33ca3a57d6ef6368c2bf253e98a7fba1c45f173450806fc9fc187d06d

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:56:00 GMT
cf-cache-status: HIT
last-modified: Thu, 29 Sep 2022 20:29:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 113165
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PjmCIYIqhWJc23qk03%2BXc8QTIZf%2Bv0F56V4xakVa4r0Ox1YGE6aE%2BaAlqrFhrOy4EnERMxNQwzpUUp4v2AvN%2BckLV2Obr32Tw55rDwX%2BfToQZuPcU8VCChiNMJKBciz78uWFFs9t9z7OSaQ0OOTD"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 75324413ff9dd676-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9830
expires: Sun, 02 Oct 2022 20:29:54 GMT

Redirect headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
CF-Cache-Status: EXPIRED
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SXjX%2FibW8gf3jotaIwDdpoHz3j3mtitxu8mOBNbotklLbFm%2BU9QWCnN979LgkytgVhIyu8ZoUl8hAFN0%2BOxfHjh8zbVEQ3cERND0dT9RYSS1egHabDDodUg0qKeUkJvcV%2BuyyyVPLpbq4iZUK3ei"}],"group":"cf-nel","max_age":604800}
Location: https://img.root-top.com/topsite/turfistes/banner.gif
Cache-Control: max-age=14400
Connection: keep-alive
CF-RAY: 753244137fead397-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 0

GET
H2

200

banner.gif
img.root-top.com/topsite/turfplus/ Frame CECA
Redirect Chain

http://img.root-top.com/topsite/turfplus/banner.gif
https://img.root-top.com/topsite/turfplus/banner.gif

4 KB
4 KB

125ms
112ms

Image
image/png

2606:4700:3038::6815:ea1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.root-top.com/topsite/turfplus/banner.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Server: 2606:4700:3038::6815:ea1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c89138fe4d60f677872fa14679dd7d6807b9f614bd62beb3ffc112f082442b8d

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:56:00 GMT
cf-cache-status: REVALIDATED
last-modified: Wed, 14 Sep 2011 18:49:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "510718442"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wiIV%2BKVyjUZseaYRHaOkniYaHoKxUYVfeLLfOLmEsenq9GrZ1dfBFf6%2BmyJ8%2FAp0%2FM%2BWCY%2FrhPXt9k%2FZ0wGZ45GpwXys%2BZb2EKR4RqempJwtALmt5a%2BJ%2B1IA285czS07yrV37wvGC214eKZ8Oa5t"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 75324413ff9ad676-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3872
expires: Fri, 16 Sep 2022 08:10:28 GMT

Redirect headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
CF-Cache-Status: EXPIRED
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aVZVO4dxuUb7%2FuJrm23Uf5CCG8NdGEGNJjXGcTDi8QbV39XrD5htVEU4k2qjyhFyf4eS0vlsjuIa8IbKfLAg246GoorNAweM8BzeOsecLCUFb0XkfRP3Msrw8J%2BhpeJrUmo%2FI9ZVCJrn95x721RB"}],"group":"cf-nel","max_age":604800}
Location: https://img.root-top.com/topsite/turfplus/banner.gif
Cache-Control: max-age=14400
Connection: keep-alive
CF-RAY: 753244137a5fd2c1-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 0

GET
H/1.1

200
OK

/
ns.allo-heberge.com/ Frame CECA
Redirect Chain

http://img.root-top.com/topsite/secreturf/banner.gif
https://img.root-top.com/topsite/secreturf/banner.gif
http://www.snprono.powa.fr/secreturf.gif
http://ns.allo-heberge.com/

0
0

70ms
19ms

Image
text/html

194.150.236.5
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ns.allo-heberge.com/
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: HTTP/1.1
Server: 194.150.236.5 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns.allo-heberge.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Redirect headers

Location: http://ns.allo-heberge.com/
Date: Sat, 01 Oct 2022 03:56:00 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=10, max=100
Content-Length: 211
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK Scoop_camille.jpg
www.pronoscourse.com/turf/fortunecourse/ Frame CECA 130 KB
130 KB 24ms
20ms Image
image/jpeg 194.150.236.165
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.pronoscourse.com/turf/fortunecourse/Scoop_camille.jpg
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: HTTP/1.1
Server: 194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns5.hiwit.net
Software: Apache /
Resource Hash: d64984de6507d8ecee4088d57eebe2451b69cd394c4cd0cdba6f2d924763c846

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/turf/fortunecourse/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
Last-Modified: Mon, 21 Aug 2017 12:36:21 GMT
Server: Apache
ETag: "194d9e4-2087c-55742b9d8bb40"
Vary: Host
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 133244

GET
H/1.1 200
OK 162x56.png
payment.allopass.com/static/subscribe/button/fr/ Frame CECA 5 KB
6 KB 197ms
49ms Image
image/png 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.allopass.com/static/subscribe/button/fr/162x56.png
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: 34e7ec58a2f22a541e1e99155fd40117f26c9d180e3ce835ad4e1d3e78a971ef

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:56:00 GMT
Last-Modified: Tue, 16 Nov 2021 13:36:56 GMT
Server: Apache
ETag: "21eb6-1529-5d0e804daee00"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 5417

GET
H/1.1 200
OK cb_top.gif
www.allopass.com/imgweb/script/fr/ Frame CECA 4 KB
4 KB 166ms
41ms Image
image/gif 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.allopass.com/imgweb/script/fr/cb_top.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: 7f38549db9690596f644b7ba991295edbd27d04675e572ab637d99070b8781dc

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:56:00 GMT
Last-Modified: Tue, 26 Nov 2019 14:39:46 GMT
Server: Apache
ETag: "238ef-10e0-59840d9fb3080"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 4320

GET
H/1.1 200
OK /
www.pronoscourse.com/turf/fortunecourse/ Frame CECA 1 KB
1 KB 86ms
84ms Image
text/html 194.150.236.165
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.pronoscourse.com/turf/fortunecourse/
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: HTTP/1.1
Server: 194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns5.hiwit.net
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/turf/fortunecourse/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=15, max=100
Vary: Host
Transfer-Encoding: chunked
Content-Type: text/html

GET
H/1.1 200
OK h2.png
www.pronoscourse.com/turf/fortunecourse/ Frame CECA 27 KB
27 KB 21ms
19ms Image
image/png 194.150.236.165
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.pronoscourse.com/turf/fortunecourse/h2.png
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: HTTP/1.1
Server: 194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns5.hiwit.net
Software: Apache /
Resource Hash: 6faf4e5943d6929526b1ace9839f78382d7bbf8e939937cc0d1d024eaedc43ec

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/turf/fortunecourse/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
Last-Modified: Mon, 21 Aug 2017 12:36:04 GMT
Server: Apache
ETag: "194d9dd-6aee-55742b8d55500"
Vary: Host
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 27374

GET
H/1.1 200
OK puce.png
www.pronoscourse.com/turf/fortunecourse/ Frame CECA 38 KB
39 KB 38ms
20ms Image
image/png 194.150.236.165
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.pronoscourse.com/turf/fortunecourse/puce.png
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: HTTP/1.1
Server: 194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns5.hiwit.net
Software: Apache /
Resource Hash: dbd33fac1eb9ae03922641bf09830249044bc0119042d161c7fe7ccf5c007cc3

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/turf/fortunecourse/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
Last-Modified: Mon, 21 Aug 2017 12:36:17 GMT
Server: Apache
ETag: "194d9e3-9949-55742b99bb240"
Vary: Host
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 39241

GET
H/1.1 200
OK date.png
www.pronoscourse.com/turf/fortunecourse/ Frame CECA 39 KB
39 KB 37ms
19ms Image
image/png 194.150.236.165
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.pronoscourse.com/turf/fortunecourse/date.png
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: HTTP/1.1
Server: 194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns5.hiwit.net
Software: Apache /
Resource Hash: ecc132d445a4321f033bc3b45093bf742f4bd9920f5f633d82d4331f21a0c7b5

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/turf/fortunecourse/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
Last-Modified: Mon, 21 Aug 2017 12:36:00 GMT
Server: Apache
ETag: "194d9da-9b38-55742b8984c00"
Vary: Host
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 39736

GET
H/1.1 200
OK cb_bot.gif
www.allopass.com/img/ Frame CECA 1 KB
1 KB 192ms
46ms Image
image/gif 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.allopass.com/img/cb_bot.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: f0eafb2ce8fb76c316ef690f0e871b1a15ba1ba6b84930c1b48f75f24d51aa86

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:56:00 GMT
Last-Modified: Tue, 26 Nov 2019 14:39:45 GMT
Server: Apache
ETag: "22919-4e1-59840d9ebee40"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 1249

GET
H2 200 module_webmaster.php Show response
www.zone-turf.fr/module/ Frame CECA 20 KB
3 KB 137ms
69ms Script
application/x-javascript 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: 6feb209dd38c042092d0fa4c3bfffae2d3dd60814851542b80d8fa89b5750aa2

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:56:00 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
content-encoding: gzip
x-backend: default
x-amz-cf-pop: FRA53-C1
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
pragma: cache
server: Apache
vary: Accept-Encoding
content-type: application/x-javascript
x-varnish: 576839824
cache-control: max-age=60
x-amz-cf-id: ziBlzgihiw0aOFTmC95-e9zA_gSijq1DJDFFtyx7pnR2g28GDhNa_Q==
expires: Sat, 01 Oct 2022 03:56:59 GMT

GET
H/1.1 200
OK h3.png
www.pronoscourse.com/turf/fortunecourse/ Frame CECA 27 KB
28 KB 19ms
18ms Image
image/png 194.150.236.165
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.pronoscourse.com/turf/fortunecourse/h3.png
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: HTTP/1.1
Server: 194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns5.hiwit.net
Software: Apache /
Resource Hash: 85939c05f88881282d0aa5d48c5289231759f7d31db51ad4aab1698948612bdb

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/turf/fortunecourse/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
Last-Modified: Mon, 21 Aug 2017 12:36:06 GMT
Server: Apache
ETag: "194d9de-6dde-55742b8f3d980"
Vary: Host
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=99
Content-Length: 28126

GET
H/1.1 200
OK bt_ok.png
www.allopass.com/img/ Frame CECA 753 B
991 B 187ms
50ms Image
image/png 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.allopass.com/img/bt_ok.png
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: d1d6b5efe0d6c2540778435a8f7873cbec1eb76a2b107370388a8806cb5dda6a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:56:00 GMT
Last-Modified: Tue, 26 Nov 2019 14:39:46 GMT
Server: Apache
ETag: "23384-2f1-59840d9fb3080"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 753

GET
H/1.1 200
OK alternate-barre.htm Show response
www.venez.fr/ Frame 25FD 2 KB
1 KB 27ms
27ms Document
text/html 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.venez.fr/alternate-barre.htm
Requested by: Host: www.fortunecourse.c4.fr
URL: http://www.fortunecourse.c4.fr/barre-fortunecourse.c4.fr.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: caf05483c5d58dcea0547c8bad298beae9ad0a872c7f60fce1685356ef7d7b36

Request headers

Referer: http://www.fortunecourse.c4.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 872
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 01 Oct 2022 03:55:59 GMT
Keep-Alive: timeout=5, max=99
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK barre90.gif
www.venez.fr/images/ Frame 2842 110 B
416 B 27ms
26ms Image
image/gif 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.venez.fr/images/barre90.gif
Requested by: Host: www.fortunecourse.c4.fr
URL: http://www.fortunecourse.c4.fr/barre-fortunecourse.c4.fr.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: 49d4ba84e10d9d1f2a83956dde4f20625fd11efc01f60a3a4552a9e09a05a74f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.fortunecourse.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
Last-Modified: Thu, 15 Nov 2018 22:06:23 GMT
Server: Apache
ETag: "6e-57abb42dff5c0"
Content-Type: image/gif
Cache-Control: max-age=604800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 110

GET
H/1.1 200
OK 120x60.gif
www.venez.fr/images/ Frame 25FD 4 KB
4 KB 44ms
43ms Image
image/gif 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.venez.fr/images/120x60.gif
Requested by: Host: www.venez.fr
URL: https://www.venez.fr/alternate-barre.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: 7dc792d48132ff15a9ad8c11a139bf26f8e13aa3df30a71582ae406ddffdab4f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.venez.fr/alternate-barre.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
Last-Modified: Wed, 02 Mar 2011 00:16:24 GMT
Server: Apache
ETag: "f4c-49d74d2b9c600"
Content-Type: image/gif
Cache-Control: max-age=604800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 3916

GET
H/1.1 200
OK site.js Show response
www.venez.fr/js/ Frame 25FD 2 KB
1 KB 41ms
40ms Script
application/javascript 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.venez.fr/js/site.js?www.venez.fr
Requested by: Host: www.venez.fr
URL: https://www.venez.fr/alternate-barre.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: 0c91a24c2deb753c963c48cd9c3e5d16ee96128b30bce193c4324e121728c306

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.venez.fr/alternate-barre.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
Content-Encoding: gzip
Last-Modified: Sat, 01 Oct 2022 03:55:59 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 1023
Expires: Sat, 08 Oct 2022 03:55:59 GMT

GET
H2 200 m-offenstadt-8246.gif
www.zone-turf.fr/media/picture/casaque/ Frame CECA 2 KB
3 KB 34ms
28ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/picture/casaque/m-offenstadt-8246.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: 5fb411b535ef05ae2b050af5f641ff148c2e60f8e90bb899ca9ad96b37a844b6

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:09:18 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 249741
x-cache: Hit from cloudfront
x-cache-hist: 191
content-length: 2156
last-modified: Wed, 21 Sep 2022 21:50:42 GMT
server: Apache
etag: "9d2ad86c-86c-5e936efb8faa9"
content-type: image/gif
x-varnish: 1990760158 1971113811
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: vfOwx9wAivliQuGOFkL6WKQ1vlDV8chtKwoqpaIBD9tISjcqQ-x-rA==
expires: Sat, 01 Oct 2022 06:33:39 GMT

GET
H2 200 jp-menville-241512.gif
www.zone-turf.fr/media/picture/casaque/ Frame CECA 2 KB
3 KB 35ms
29ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/picture/casaque/jp-menville-241512.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: 25c5f8dca89b6d4a9cbb94c762e4f0e269ec30c8ab1bc206b8248e3b82f88ef6

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:37:15 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-backend: default
x-amz-cf-pop: FRA53-C1
age: 33467
x-cache: Hit from cloudfront
content-length: 2326
last-modified: Fri, 30 Sep 2022 14:49:19 GMT
server: Apache
etag: "9d30257b-916-5e9e61946bd87"
vary: Accept-Encoding
x-varnish: 576595551 575034653
content-type: image/gif
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: 6y31edkBV3wFivCZSaofclkRAG8HYatMFY6TTGHIFjUtEijiZ9k2Ag==
expires: Mon, 03 Oct 2022 18:38:13 GMT

GET
H2 200 d-monnaies-204230.gif
www.zone-turf.fr/media/picture/casaque/ Frame CECA 2 KB
3 KB 36ms
29ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/picture/casaque/d-monnaies-204230.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: 87209a0a004545c29b37a3fe477b776a04afb8fb006d9be12965c4148475474c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 02:58:47 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-backend: default
x-amz-cf-pop: FRA53-C1
age: 236228
x-cache: Hit from cloudfront
content-length: 2362
last-modified: Thu, 08 Sep 2022 21:50:48 GMT
server: Apache
etag: "9d3dde75-93a-5e8316c1e5d61"
content-type: image/gif
x-varnish: 576743998 558216679
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: NhY8xlpo6k78EuLnfApyJa_0iNZu42Fe0IGHEt1kURF9tZ52WrUzMA==
expires: Sat, 01 Oct 2022 10:18:52 GMT

GET
H2 200 jc-seroul-38963.gif
www.zone-turf.fr/media/picture/casaque/ Frame CECA 2 KB
3 KB 36ms
30ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/picture/casaque/jc-seroul-38963.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: ac8c7082b87411930939d344c0fca9ef954e46d41937050e1c356e7dc958bde8

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:18:20 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-backend: default
x-amz-cf-pop: FRA53-C1
age: 254516
x-cache: Hit from cloudfront
content-length: 2480
last-modified: Sun, 25 Sep 2022 21:48:48 GMT
server: Apache
etag: "9d28f422-9b0-5e98760465c64"
vary: Accept-Encoding
x-varnish: 575846194 561824929
content-type: image/gif
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: xpYCDRw8uTT5TRyNQ4LTolj5WPvX3N2-l-0kIT5cK5oqLculHog1tg==
expires: Sat, 01 Oct 2022 05:14:04 GMT

GET
H2 200 d-xoual-ecurie-bred-to-win-233134.gif
www.zone-turf.fr/media/picture/casaque/ Frame CECA 3 KB
3 KB 45ms
39ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/picture/casaque/d-xoual-ecurie-bred-to-win-233134.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: cbfb8531acc08636eb4c11ac0c4b5560822161db733587173415ea0cc27e007f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:18:20 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-backend: default
x-amz-cf-pop: FRA53-C1
age: 32778
x-cache: Hit from cloudfront
content-length: 2656
last-modified: Fri, 30 Sep 2022 14:49:19 GMT
server: Apache
etag: "9d3d9b5d-a60-5e9e6194a47b5"
vary: Accept-Encoding
x-varnish: 575829353 575770485
content-type: image/gif
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: t1hfZA9z4ZeprHaMw2uXlh2PpyVrJ3AK0gz8TjTBTdh_nGo2LEGFUg==
expires: Mon, 03 Oct 2022 18:49:42 GMT

GET
H2 200 blank.gif
www.zone-turf.fr/media/images/ Frame CECA 43 B
462 B 37ms
31ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/images/blank.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: 1e5e009aca181390b5471d0ea0fb43ef52ab2a5cddc1f5eca3b0539fbeea5a74

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:55:03 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-backend: default
x-amz-cf-pop: FRA53-C1
age: 214862
x-cache: Hit from cloudfront
content-length: 43
last-modified: Thu, 22 Sep 2022 13:56:57 GMT
server: Apache
etag: "4c209c-2b-5e9446f3efc40"
x-varnish: 576597037 560986319
content-type: image/gif
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: yuptUWVbsvSFzpGgow4FT76Q6mUNDYYhdj2KMAsTidHCIEgaxzewCg==
expires: Sat, 01 Oct 2022 16:14:58 GMT

GET
H2 200 ha-pantall-41840.gif
www.zone-turf.fr/media/picture/casaque/ Frame CECA 2 KB
3 KB 40ms
34ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/picture/casaque/ha-pantall-41840.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: a99a75c34801335214a258d6a393f19e81df8b037409cb909ca464c338961f4f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:37:16 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-backend: default
x-amz-cf-pop: FRA53-C1
age: 255099
x-cache: Hit from cloudfront
content-length: 2502
last-modified: Mon, 26 Sep 2022 21:50:44 GMT
server: Apache
etag: "9d2c20bc-9c6-5e99b850beb81"
vary: Accept-Encoding
x-varnish: 571592852 561737782
content-type: image/gif
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: dmct3GSQOpWubIMEze43zy-QXgpAQnqX4wiz9oRTDcpRlunqCvzN3w==
expires: Sat, 01 Oct 2022 05:04:21 GMT

GET
H2 200 fbeguigne-g-goldfarb-478954.gif
www.zone-turf.fr/media/picture/casaque/ Frame CECA 2 KB
3 KB 41ms
35ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/picture/casaque/fbeguigne-g-goldfarb-478954.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: 8df281192249bf8f2df4943d333e4038476188a1eed8e30b81ecc4d767ce4be1

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:05:30 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 25823
x-cache: Hit from cloudfront
x-cache-hist: 32
content-length: 2232
last-modified: Fri, 30 Sep 2022 14:49:19 GMT
server: Apache
etag: "9d0719f1-8b8-5e9e6194ceba7"
content-type: image/gif
x-varnish: 1990752646 1989790749
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: OcchClAl_XEW0fBGmJFPfTeducsDVNGUJPhnZ76HRfX7Pfqi-HvC_Q==
expires: Mon, 03 Oct 2022 20:45:37 GMT

GET
H2 200 ha-attiyah-44029.gif
www.zone-turf.fr/media/picture/casaque/ Frame CECA 2 KB
2 KB 47ms
42ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/picture/casaque/ha-attiyah-44029.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: a7367ca39976bffee6397626303004deec789b7e1fcbdb0d6e8aeeb1b692153a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:18:20 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 233228
x-cache: Hit from cloudfront
x-cache-hist: 23
content-length: 2077
last-modified: Tue, 16 Aug 2022 21:49:00 GMT
server: Apache
etag: "9d2c20b5-81d-5e662b74e97ca"
vary: Accept-Encoding
x-varnish: 1977231560 1972890837
content-type: image/gif
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: jTWY24WyHHksNLC6JkBJ2XJVX6tNS2BarjqgvM43pEpBUAqHvjVA2w==
expires: Sat, 01 Oct 2022 11:08:52 GMT

GET
H2 200 a-lanfranchi-42811.gif
www.zone-turf.fr/media/picture/casaque/ Frame CECA 2 KB
3 KB 42ms
37ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/picture/casaque/a-lanfranchi-42811.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: 1a6e1d886bc9cf38bd82dd0c2934ff4ee4ed49e96f37922ac62aa4d3a2272b75

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:05:54 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 253956
x-cache: Hit from cloudfront
x-cache-hist: 156
content-length: 2479
last-modified: Wed, 14 Sep 2022 21:50:47 GMT
server: Apache
etag: "9d251753-9af-5e8aa1f1c4b0a"
vary: Accept-Encoding
x-varnish: 1990405479 1970877158
content-type: image/gif
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: XHH7dKzbdxycxl9GGLGjrqP3ZHgM8FgSwYPDfDY6lOltsTxF9F6exg==
expires: Sat, 01 Oct 2022 05:23:24 GMT

GET
H2 200 lh-29170.gif
www.zone-turf.fr/media/picture/casaque/ Frame CECA 2 KB
3 KB 60ms
56ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/picture/casaque/lh-29170.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: 308c954bf895a4a82a8f494176e680b6c63692a55d42b0c1b805d0c358391680

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:55:03 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-backend: default
x-amz-cf-pop: FRA53-C1
age: 205206
x-cache: Hit from cloudfront
content-length: 2283
last-modified: Wed, 28 Sep 2022 14:48:46 GMT
server: Apache
etag: "9d34c1d8-8eb-5e9bddb9caa06"
vary: Accept-Encoding
x-varnish: 576620689 561754092
content-type: image/gif
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: aKFHncyMRjigkImTYmsf8SMr1ISovfkICesTZ7p_XdiclUof6k3GFA==
expires: Sat, 01 Oct 2022 18:55:54 GMT

GET
H2 200 l-disaro-5908.gif
www.zone-turf.fr/media/picture/casaque/ Frame CECA 2 KB
2 KB 65ms
60ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/picture/casaque/l-disaro-5908.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: 72f1c52aec900504c11e202204caab73211ca59d50fb1e8ca9d378553d70b7c1

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:41:51 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 167248
x-cache: Hit from cloudfront
x-cache-hist: 77
content-length: 1945
last-modified: Thu, 08 Sep 2022 21:50:37 GMT
server: Apache
etag: "9d2a1282-799-5e8316b75957f"
vary: Accept-Encoding
x-varnish: 1986677396 1978899673
content-type: image/gif
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: rwn2t6iCDeX8twLua5j6pMeqy10hsVa66yId23cCEE8WF1jLI_V4uA==
expires: Sun, 02 Oct 2022 05:28:32 GMT

GET
H2 200 m-baguenaultde-puchesse-442606.gif
www.zone-turf.fr/media/picture/casaque/ Frame CECA 2 KB
3 KB 61ms
57ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/picture/casaque/m-baguenaultde-puchesse-442606.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: 882ea47af252febf6009aecba3ca5b0721476c165173ed8322490c3230f0fcd6

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:41:51 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-backend: default
x-amz-cf-pop: FRA53-C1
age: 154431
x-cache: Hit from cloudfront
content-length: 2355
last-modified: Fri, 02 Sep 2022 21:50:54 GMT
server: Apache
etag: "9d58464b-933-5e7b8b9735375"
vary: Accept-Encoding
x-varnish: 564148574
content-type: image/gif
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: CbiSvBt-BduJgAX2bq-eJxn4ixD_7Zsv-bG22y70gPLkokfiXQjhjQ==
expires: Sun, 02 Oct 2022 09:02:09 GMT

GET
H2 200 g-duca-mme-l-samoun-53264.gif
www.zone-turf.fr/media/picture/casaque/ Frame CECA 3 KB
3 KB 61ms
57ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/picture/casaque/g-duca-mme-l-samoun-53264.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: 07ec7f1a20784f3bb105f3177f62bdb568b855a1c7e7db62588881d96b416ef4

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:41:52 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-backend: default
x-amz-cf-pop: FRA53-C1
age: 14631
x-cache: Hit from cloudfront
content-length: 2681
last-modified: Fri, 30 Sep 2022 21:51:15 GMT
server: Apache
etag: "9d29b35d-a79-5e9ebfe3f77de"
vary: Accept-Encoding
x-varnish: 576707819 576368671
content-type: image/gif
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: eM0WD7QF-a-U7rC-3NeMe2cfui4xzpnZ0Iool25l27JfeUaCRaCTtQ==
expires: Mon, 03 Oct 2022 23:52:09 GMT

GET
H2 200 hm-martinez-433892.gif
www.zone-turf.fr/media/picture/casaque/ Frame CECA 3 KB
3 KB 64ms
61ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/picture/casaque/hm-martinez-433892.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: 6f704e48a273cb2bd73e09fc5e30f4ae59d761f562f79d2a9c6a40f9be6c9ea8

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:21:52 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-backend: default
x-amz-cf-pop: FRA53-C1
age: 26595
x-cache: Hit from cloudfront
content-length: 2588
last-modified: Fri, 30 Sep 2022 14:49:20 GMT
server: Apache
etag: "9d5a7d70-a1c-5e9e6195c9eea"
content-type: image/gif
x-varnish: 576788186 575695058
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: Sux5n6Egm9OqXq4feFOs5FRlp0Jcf7zm_1O7rCHBAvwCn-ASRNMwrg==
expires: Mon, 03 Oct 2022 20:32:45 GMT

GET
H2 200 s-cimba-58708.gif
www.zone-turf.fr/media/picture/casaque/ Frame CECA 2 KB
3 KB 61ms
58ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/picture/casaque/s-cimba-58708.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: 05ac9671885da6ce37cf8e99df86698c78897648a7755247a428f2c238ac1363

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:05:04 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 14631
x-cache: Hit from cloudfront
x-cache-hist: 14
content-length: 2166
last-modified: Fri, 30 Sep 2022 22:01:20 GMT
server: Apache
etag: "9d31d763-876-5e9ec224e8145"
content-type: image/gif
x-varnish: 1990751951 1990372757
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: 1U8ZQAYD8vaZBm42Hdzijipt965tDrmE0c9tnSZAydvHdTpCXt8f1Q==
expires: Mon, 03 Oct 2022 23:52:09 GMT

GET
H2 200 a-jathiere-119644.gif
www.zone-turf.fr/media/picture/casaque/ Frame CECA 2 KB
3 KB 61ms
59ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/picture/casaque/a-jathiere-119644.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: 4f19cef0833e39bae0b563617526236f45ef8b8e12ed5ea89cb47e770d9fd7d5

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:37:17 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-backend: default
x-amz-cf-pop: FRA53-C1
age: 208600
x-cache: Hit from cloudfront
content-length: 2230
last-modified: Mon, 26 Sep 2022 21:50:38 GMT
server: Apache
etag: "9d3949dd-8b6-5e99b84abc2f3"
vary: Accept-Encoding
x-varnish: 570241622 561526887
content-type: image/gif
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: zI25MUmwVAzpw2AdZU--1hzHhUEiQeL65qNtC7PKz85-2bmjlm2PDw==
expires: Sat, 01 Oct 2022 17:59:19 GMT

GET
H2 200 g-schafer-93563.gif
www.zone-turf.fr/media/picture/casaque/ Frame CECA 3 KB
3 KB 62ms
59ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/picture/casaque/g-schafer-93563.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: 3e44695714cb588f45a5c3f06e29de76f92563740fb844cb92e02db3c090199d

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:37:17 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-backend: default
x-amz-cf-pop: FRA53-C1
age: 147342
x-cache: Hit from cloudfront
content-length: 2623
last-modified: Wed, 31 Aug 2022 21:48:57 GMT
server: Apache
etag: "9d3663d1-a3f-5e79076c7349b"
vary: Accept-Encoding
x-varnish: 569437676 564906988
content-type: image/gif
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: St6gj7SS0Wxk9-Gvg5obgHdJY1MxGJp5g3ZdjZXjK8SabtQEcqcGrg==
expires: Sun, 02 Oct 2022 11:00:18 GMT

GET
H2 200 suc-khalid-abdullah-430222.gif
www.zone-turf.fr/media/picture/casaque/ Frame CECA 2 KB
3 KB 62ms
60ms Image
image/gif 143.204.215.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zone-turf.fr/media/picture/casaque/suc-khalid-abdullah-430222.gif
Requested by: Host: www.pronoscourse.com
URL: http://www.pronoscourse.com/turf/fortunecourse/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-22.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: cad8de313fb1d1c56f68a097b2f80bb2a301c733223e867adc67837d71ac34f0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.pronoscourse.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:05:30 GMT
via: 1.1 varnish, 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
x-backend: default
x-amz-cf-pop: FRA53-C1
age: 209711
x-cache: Hit from cloudfront
content-length: 2345
last-modified: Wed, 28 Sep 2022 14:48:49 GMT
server: Apache
etag: "9d1f6648-929-5e9bddbd0cb7b"
vary: Accept-Encoding
x-varnish: 576651815 561441328
content-type: image/gif
cache-control: max-age=259200
accept-ranges: bytes
x-amz-cf-id: GDnill8tnEy2gXd7i1Udf9P_9V_akO7s3K7OnczGUjBMLcEKwvZ1hA==
expires: Sat, 01 Oct 2022 17:40:49 GMT

GET
H/1.1 200
OK barre90.gif
www.venez.fr/images/ Frame 25FD 110 B
416 B 90ms
24ms Image
image/gif 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.venez.fr/images/barre90.gif
Requested by: Host: www.venez.fr
URL: https://www.venez.fr/alternate-barre.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: 49d4ba84e10d9d1f2a83956dde4f20625fd11efc01f60a3a4552a9e09a05a74f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.venez.fr/alternate-barre.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 03:55:59 GMT
Last-Modified: Thu, 15 Nov 2018 22:06:23 GMT
Server: Apache
ETag: "6e-57abb42dff5c0"
Content-Type: image/gif
Cache-Control: max-age=604800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 110

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209260101/ Frame 2842 348 KB
115 KB 215ms
95ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5203714787387788&plah=www.fortunecourse.c4.fr

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

77d5ced9c94df938ace72826853677f63ee2d64284f9cea3fdb4c6fcd4216554

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.fortunecourse.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:56:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117019
x-xss-protection: 0
server: cafe
etag: 16526515246371694896
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 01 Oct 2022 03:56:00 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220928/r20190131/ Frame E85E 10 KB
5 KB 85ms
25ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220928/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.fortunecourse.c4.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 29799
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Sep 2022 19:39:21 GMT
etag: 9671129459699598864
expires: Fri, 14 Oct 2022 19:39:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 2842 209 B
640 B 178ms
68ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.fortunecourse.c4.fr&callback=_gfp_s_&client=ca-pub-5203714787387788

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5203714787387788&plah=www.fortunecourse.c4.fr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

439a96ba4cfcb182f91f87abdaba62ac99f298cbf5cc1979c9fd14000a6c1c6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.fortunecourse.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:56:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 195
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.fr/adsid/ Frame 2842 107 B
792 B 194ms
69ms Script
application/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=www.fortunecourse.c4.fr

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.fortunecourse.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:56:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2842 107 B
549 B 96ms
36ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.fortunecourse.c4.fr

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.fortunecourse.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:56:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2E9B 17 KB
8 KB 168ms
167ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5203714787387788&output=html&h=90&slotname=4563536207&adk=2647235303&adf=3604715433&pi=t.ma~as.4563536207&w=970&psa=0&format=970x90&url=http%3A%2F%2Fwww.fortunecourse.c4.fr%2F&ea=0&wgl=1&dt=1664596560236&bpp=5&bdt=378&idt=344&shv=r20220928&mjsv=m202209260101&ptt=9&saldr=aa&correlator=1976520569633&frm=23&ife=1&pv=2&ga_vid=797469459.1664596561&ga_sid=1664596561&ga_hid=1318932707&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=20&ady=0&biw=1600&bih=1200&isw=1600&ish=90&ifk=2509764673&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773746&oid=2&pvsid=3025995298287458&tmod=1106177004&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=o%7Co%7CaeE%7C&abl=NA&pfx=0&fu=4&bc=23&ifi=1&uci=1.168niy7fngxs&fsb=1&dtd=372

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d040d448b5bbe41d747019d806129c61a1755397e402e8f0df361d8958ddc3e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.fortunecourse.c4.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 7934
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 03:56:00 GMT
expires: Sat, 01 Oct 2022 03:56:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1831 624 B
300 B 37ms
37ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCZw2EY16frwgEwAQ&v=APEucNWnqXFX5_-vxQFsChy-G9FbQHCU6WRi9gL2NtB2iOejMpUc_1F76DBQutOSQSSqwo86mUFpotNobuNTGBOCMduL78Xg_4hz6KHkINxl64ihVDzhK3Ugoouz3E6gNm91opYVXfisHpuyak1MG0LJ_gcnTX7d_KhZoHFYtuA1l_-G65kq6XY

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5203714787387788&output=html&h=90&slotname=4563536207&adk=2647235303&adf=3604715433&pi=t.ma~as.4563536207&w=970&psa=0&format=970x90&url=http%3A%2F%2Fwww.fortunecourse.c4.fr%2F&ea=0&wgl=1&dt=1664596560236&bpp=5&bdt=378&idt=344&shv=r20220928&mjsv=m202209260101&ptt=9&saldr=aa&correlator=1976520569633&frm=23&ife=1&pv=2&ga_vid=797469459.1664596561&ga_sid=1664596561&ga_hid=1318932707&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=20&ady=0&biw=1600&bih=1200&isw=1600&ish=90&ifk=2509764673&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773746&oid=2&pvsid=3025995298287458&tmod=1106177004&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=o%7Co%7CaeE%7C&abl=NA&pfx=0&fu=4&bc=23&ifi=1&uci=1.168niy7fngxs&fsb=1&dtd=372

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5203714787387788&output=html&h=90&slotname=4563536207&adk=2647235303&adf=3604715433&pi=t.ma~as.4563536207&w=970&psa=0&format=970x90&url=http%3A%2F%2Fwww.fortunecourse.c4.fr%2F&ea=0&wgl=1&dt=1664596560236&bpp=5&bdt=378&idt=344&shv=r20220928&mjsv=m202209260101&ptt=9&saldr=aa&correlator=1976520569633&frm=23&ife=1&pv=2&ga_vid=797469459.1664596561&ga_sid=1664596561&ga_hid=1318932707&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=20&ady=0&biw=1600&bih=1200&isw=1600&ish=90&ifk=2509764673&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773746&oid=2&pvsid=3025995298287458&tmod=1106177004&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=o%7Co%7CaeE%7C&abl=NA&pfx=0&fu=4&bc=23&ifi=1&uci=1.168niy7fngxs&fsb=1&dtd=372
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 03:56:00 GMT
expires: Sat, 01 Oct 2022 03:56:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame DDC8 79 KB
33 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CQ-E5tD4mqGH8oroECAkZQRfuADNRmsVElTH6kk0pdYcHJf7V7EddNTvfFCSzZYtvGhH7C2DuIX8tZ37ZqquQ1fvPgtg&cry=1&dbm_d=AKAmf-DcbyMqJVn8bo6KF9u7Goivuyl1ZhAlu464xb81EpNRrpRrGQJLqj9Hu5cjIbmvvOH4HxMWphk0clX0l8_CqW5eNW1RtaoVNCpZnzgSUiGlfv7B1MNoxxRpp3ke3RGQibxlzPPr3PUvxznNKFk41qrHcgHyanBGuzlIaXyYxUF2flWpdaBnf6iCZixgo5mbvyVfOkbxmZ6z2OH3YB0kzKwflZ3kPC4noa1C3AgTHGBd4BbmVnHANJ0nj59KusCW7h3PRT9FH0mpTxEwmibd5SS2wwYDZVi1sFng5eqOz-KdDbK8mtseEYPcBV7JBc6J-DAEtKIOpQXgAbdvnWDPcavW9_pGTesNun_r6bcLGsa2aAn6AnZN3Fd3wENidvfKaz1dGJeIfXGzB6qpJoya0hQ2b3p-IPQlDKXdhb7dJgFtfH5WsMKi4mY15W4dr-8hRkHitPmS15QDkiOQ1GQZDRmy18Qk3QSzrJEZmGKzgVq01UqX8Fl7qEoiHvuWHmKqxCS58_6o9p9k_GWMa3kBGaIs8J5DqSz4shQYYK_WMRahba7l9-dJUvsq_tN2o0twuChfuFr-77dqGblj6HzY8TahHE8FDPxK3c8dINxkmSb_sp3ZuKgp21LKYCObwk2pVYOAxlZm9JwdP7-wAOLZJ83xBLrJEK2dRu3vjOuTSNIbqh8SMu-0uTkcZn9Hixu9mwV5cWjrvhbLTDSlYdNVZPLuUUl5N45f4gP0B9Y9XaVw96hPwJ6v_xihpdw1UKybeVYGpPMQbji0QrOyqWg4K_9cjZ1LJNpdHTdCAuZk3xPk1hFVl0qSjCPeysYN2PSVn5NVDYPmNvN6ufD_ZVRpG6Kd6Wa4OqRcF-AeLf30VdZEY75BDmLhPje4jxxBNbStPllCPsayu3VnPOX73_nV6p_AwEBK5dTVU4MKeP3_TOI4s-O6aJjY4qorWVCkxuxWVk5504PzKEwMfr9jPJ027xpd0S3GhyewiJD2yWWTTfvzkjpCi8dxBX95RKyVMidzrj5h4PbYrzYJLVMjD-azVm9PFlraOc3bvUVIHt7w6EkmBz-NX234YCw1codVSayDrxTfFwqrvX4y-sMWAfAiuZwfIb1Y7Y7ejRRlRbmkO4wioWacOpz0zxPBEMTd9rDftuoCBY4z21zbSC4wDxH2Za1suTT6TyHOz3t94A5eErGWqUNOOLx1bQWxUTrINfK5JPOzZauyVEbZK5bUEOTOZ8-l9mQwlLo5tU6qu_x4Fi0aCdXdXMCqjzds5E-5F7zmsZtTjbWMxOdQGkgLfDpEv6CvDNlhHHkmITBMYyjnrqjwFNxDv89b77EmNIkSJuxLIaZ7WmLYvsOIsJ0C2rDeZueTmKZBcS77OEnKHgQvWalNYJ0ByIi5jsYWgyorgZ7Ero1BHddZSjTtMO9hUR4tFotTtMXH9SZ0A9LJZjXs-Xe9-PLNu9moFikTHt9COIqvpewadJ3n0Ur-cz0Kxf5vmcaXGXvxCxIMoZBxINKZt75N70WoDMeuCRPC49zOeSNoC51HXX81Wrc-FrH0_aeXBvSeY5SVKl_yPOWbsp2kv72V5WoWhIXRtq_3OcTZRam6bpbMQ7MM4urMYrhz2oItboqImcL35NbWMzCWBBIlQ0-iirzT2QdMaSFlxL-_KbrkoBldCYOIsdsxoNXyC9gJksf5Vm0jBL9Y7KgoMxFBvoYPHm_zKp0TiBkHcDcaCMhtqhpLxdtUMaRjOMrtnc2ROZViQUI35UM0L5R6MA2mHkuDTjNv-0pE3v8ANY0ik2IKI0kBfdR2DeauninJlTr-b37NLxUyCKzazV9KK873ax-iy9bYS9S-GMV0GWMmKwLH-hMpKcbj_Ra3NCdBc-2Gw2fXaXsh-GdgFFym_5cy7QeYkSGcgjeBhRF3_J6fsWU15z-g4Y6cUkP_goIB974QriwWHwr320OOwEmhtI2NcEnDODDlUD1GQ6hjBHTf3R6Ae_e5Vk_ZQLgCsdl9CfCca8qrJv2-brUsHA_s_iNToclrni7oXBBVapbNIFYDJgEF0ZIrUPSfIzAGbxoUT7Icp4ZFZa_ILGelKx6fxQnqCK5BbEcfSKiTaW2Ry7oHHzGwOpsMaDd7DQOA39BqH225gvuOZqIQT50zO3m-NObrAuwRpHJqZoHNCMBoCr-lg3xmUNrqZ8lKoyq2WvmuVaQ7dwhEmWdhtA3vfJnteQMA3TFcaT72edfHjgKdRi0kDS8vUjdqrE-hAnTSlH9VE0X2RWNYLL92pAz_UtpD0zfFMwtsy3HHyu2I4ItbS8rlmEYkeHMF-oArm6CiRHnLGWIFZs3dYE4EujFp4K2wpnSZrU0rujEsNp1PSmMGDmv9EoAhv8VTA_63M-6Tl8SUYK4xZ4swnrVT2aHG6aqsS_QjmROtwinkcB1m8JATGg758LoQzsr5-RhbOqNg_Tx9jimOLfnXWDRzm4HH8PWb4ARl6IxwawetSK99shHgph61nl-pFERo9r4HiQUyBbsuE7Nh7B4e2R3cdtjeDVZ4z1EvHQG6S7NL3R-UxgPd9c9rahFysAXvI--NBKOVNed4CuvA3jpJjZ9kr3PDueq194rQ3jNq4PtGa3VpyfUnasEHlAbEPd9LdnDcsSF2xh0ycFg4-CHBOdE8RFmk7xdZFrPgUIEHckFX_Y5yZWDzDMG3XAudHYS74XM1_RAOVUe7YsYbNaMXu4RLZuJBKmEJKHSm6Gxqbq0zbfc7xwpoxDK6luXvQ40wnb6f_jdYac2k_13PrNO1JF-l7MCKeHzzeFgRb6LfHaeVTHpcyn_RK3ueyj1umORF7cNcduqUfCXDfZEghr8a8iP0W9aF3EkF3ABeKTeoZmxzH6TDFAv6Rp6XT6_tyOOctoP5xwUkXHQGnwC_RlwmiyLJ13tS75eWnMiVBsAZqweV18c&cid=CAASBORoSIc&rfl=3%2Chttp%253A%252F%252Fwww.fortunecourse.c4.fr%242%2Chttp%253A%252F%252Fwww.fortunecourse.c4.fr%252F%240

Requested by

Host: www.fortunecourse.c4.fr
URL: http://www.fortunecourse.c4.fr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c120294104b9d0c95c14b702141cea8a677fff54b055ea0177bde66023f2ccd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5203714787387788&output=html&h=90&slotname=4563536207&adk=2647235303&adf=3604715433&pi=t.ma~as.4563536207&w=970&psa=0&format=970x90&url=http%3A%2F%2Fwww.fortunecourse.c4.fr%2F&ea=0&wgl=1&dt=1664596560236&bpp=5&bdt=378&idt=344&shv=r20220928&mjsv=m202209260101&ptt=9&saldr=aa&correlator=1976520569633&frm=23&ife=1&pv=2&ga_vid=797469459.1664596561&ga_sid=1664596561&ga_hid=1318932707&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=20&ady=0&biw=1600&bih=1200&isw=1600&ish=90&ifk=2509764673&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773746&oid=2&pvsid=3025995298287458&tmod=1106177004&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=o%7Co%7CaeE%7C&abl=NA&pfx=0&fu=4&bc=23&ifi=1&uci=1.168niy7fngxs&fsb=1&dtd=372
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 03:56:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33967
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame DDC8 3 KB
1 KB 159ms
47ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2677
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 03:11:23 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame DDC8 17 KB
8 KB 155ms
42ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 02:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4057
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7559
x-xss-protection: 0
server: cafe
etag: 15289875785628835784
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 02:48:23 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DDC8 140 KB
44 KB 223ms
112ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da8438b81e390283f6eb8cc9cf49ccde3d00c954b4fbccdf6372c162c4b58ab2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:56:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44530
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664365478704152"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 01 Oct 2022 03:56:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame DDC8 42 B
63 B 163ms
75ms Image
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C4tMa9vYpQMugpKJ8Oi68elUkvSajJdhWQmJZXkxLm0Wcgt1kxCKZ8qf9zleybZcXd67ftjj0IbWR9ZvJxsCrFHCycMs-40FiXpMzb9Vls2XGq5kk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 03:56:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 1831
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHsrO1P5zp3CGRm5NAQ8tKQ&google_cver=1

43 B
843 B

64ms
47ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHsrO1P5zp3CGRm5NAQ8tKQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCZw2EY16frwgEwAQ&v=APEucNWnqXFX5_-vxQFsChy-G9FbQHCU6WRi9gL2NtB2iOejMpUc_1F76DBQutOSQSSqwo86mUFpotNobuNTGBOCMduL78Xg_4hz6KHkINxl64ihVDzhK3Ugoouz3E6gNm91opYVXfisHpuyak1MG0LJ_gcnTX7d_KhZoHFYtuA1l_-G65kq6XY
Protocol: H3
Server: 104.18.18.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 03:56:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lg7e%2F%2Fmzc%2B2VBxjSnC4tt%2BH3IO1cDWEHUI9R533n3tL3vgyS7SaoasN1vLg869k%2FMDqUgHr0Hck1OFCfE7RBdXzHPpDcwKaWI0gUmPeGJadmrnjuvderQ2YsoyK6aen8KYcrbERbbSU6jg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 7532441a3f37d32b-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 01 Oct 2022 03:56:00 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHsrO1P5zp3CGRm5NAQ8tKQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 1831
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yze6UJB3gIda-reOFWXzAgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECPnxGAuxdLGBvsXiq0EVtU&google_cver=1

43 B
846 B

48ms
47ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECPnxGAuxdLGBvsXiq0EVtU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCZw2EY16frwgEwAQ&v=APEucNWnqXFX5_-vxQFsChy-G9FbQHCU6WRi9gL2NtB2iOejMpUc_1F76DBQutOSQSSqwo86mUFpotNobuNTGBOCMduL78Xg_4hz6KHkINxl64ihVDzhK3Ugoouz3E6gNm91opYVXfisHpuyak1MG0LJ_gcnTX7d_KhZoHFYtuA1l_-G65kq6XY
Protocol: H3
Server: 104.18.18.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 03:56:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=En6AQa4Og0R3hg%2FWqjSIegczzN0YLMrrGr5Dw2DhvktDpxyWiQ4Ik7Tzzf219n6A69q1aq9JhqsFMWcmYXsbBAi%2BSSI3b5fHRabvQXadJPiojetJ%2BdxWCw%2FPFHbYGzF%2F9uQD7X%2BTKRcN7w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 7532441bcff0d32b-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 01 Oct 2022 03:56:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECPnxGAuxdLGBvsXiq0EVtU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 1831
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHM_8_8NqXeMP9YCmsYxrLo&google_cver=1

43 B
1014 B

23ms
23ms

Image
image/gif

185.89.210.141
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHM_8_8NqXeMP9YCmsYxrLo&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCZw2EY16frwgEwAQ&v=APEucNWnqXFX5_-vxQFsChy-G9FbQHCU6WRi9gL2NtB2iOejMpUc_1F76DBQutOSQSSqwo86mUFpotNobuNTGBOCMduL78Xg_4hz6KHkINxl64ihVDzhK3Ugoouz3E6gNm91opYVXfisHpuyak1MG0LJ_gcnTX7d_KhZoHFYtuA1l_-G65kq6XY

Protocol

HTTP/1.1

Server

185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 01 Oct 2022 03:56:00 GMT
AN-X-Request-Uuid: 17ae2bdc-a6c8-4500-9cec-6a166fdb0829
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 37.59.164.96; 37.59.164.96; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 01 Oct 2022 03:56:00 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHM_8_8NqXeMP9YCmsYxrLo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 1831
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjA5MDUyMDIwMjk3NDcxMzA4Mg%3D%3D

170 B
243 B

35ms
35ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjA5MDUyMDIwMjk3NDcxMzA4Mg%3D%3D

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 03:56:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 01 Oct 2022 03:56:00 GMT
AN-X-Request-Uuid: 7a26bf80-9672-4011-a4da-1520b747cd13
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjA5MDUyMDIwMjk3NDcxMzA4Mg%3D%3D
Connection: keep-alive
X-Proxy-Origin: 37.59.164.96; 37.59.164.96; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame DDC8 106 KB
38 KB 98ms
25ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: www.fortunecourse.c4.fr
URL: http://www.fortunecourse.c4.fr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 10:24:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63078
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 01 Oct 2022 10:24:42 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220928/r20110914/elements/html/ Frame DDC8 8 KB
3 KB 60ms
52ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220928/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CQ-E5tD4mqGH8oroECAkZQRfuADNRmsVElTH6kk0pdYcHJf7V7EddNTvfFCSzZYtvGhH7C2DuIX8tZ37ZqquQ1fvPgtg&cry=1&dbm_d=AKAmf-DcbyMqJVn8bo6KF9u7Goivuyl1ZhAlu464xb81EpNRrpRrGQJLqj9Hu5cjIbmvvOH4HxMWphk0clX0l8_CqW5eNW1RtaoVNCpZnzgSUiGlfv7B1MNoxxRpp3ke3RGQibxlzPPr3PUvxznNKFk41qrHcgHyanBGuzlIaXyYxUF2flWpdaBnf6iCZixgo5mbvyVfOkbxmZ6z2OH3YB0kzKwflZ3kPC4noa1C3AgTHGBd4BbmVnHANJ0nj59KusCW7h3PRT9FH0mpTxEwmibd5SS2wwYDZVi1sFng5eqOz-KdDbK8mtseEYPcBV7JBc6J-DAEtKIOpQXgAbdvnWDPcavW9_pGTesNun_r6bcLGsa2aAn6AnZN3Fd3wENidvfKaz1dGJeIfXGzB6qpJoya0hQ2b3p-IPQlDKXdhb7dJgFtfH5WsMKi4mY15W4dr-8hRkHitPmS15QDkiOQ1GQZDRmy18Qk3QSzrJEZmGKzgVq01UqX8Fl7qEoiHvuWHmKqxCS58_6o9p9k_GWMa3kBGaIs8J5DqSz4shQYYK_WMRahba7l9-dJUvsq_tN2o0twuChfuFr-77dqGblj6HzY8TahHE8FDPxK3c8dINxkmSb_sp3ZuKgp21LKYCObwk2pVYOAxlZm9JwdP7-wAOLZJ83xBLrJEK2dRu3vjOuTSNIbqh8SMu-0uTkcZn9Hixu9mwV5cWjrvhbLTDSlYdNVZPLuUUl5N45f4gP0B9Y9XaVw96hPwJ6v_xihpdw1UKybeVYGpPMQbji0QrOyqWg4K_9cjZ1LJNpdHTdCAuZk3xPk1hFVl0qSjCPeysYN2PSVn5NVDYPmNvN6ufD_ZVRpG6Kd6Wa4OqRcF-AeLf30VdZEY75BDmLhPje4jxxBNbStPllCPsayu3VnPOX73_nV6p_AwEBK5dTVU4MKeP3_TOI4s-O6aJjY4qorWVCkxuxWVk5504PzKEwMfr9jPJ027xpd0S3GhyewiJD2yWWTTfvzkjpCi8dxBX95RKyVMidzrj5h4PbYrzYJLVMjD-azVm9PFlraOc3bvUVIHt7w6EkmBz-NX234YCw1codVSayDrxTfFwqrvX4y-sMWAfAiuZwfIb1Y7Y7ejRRlRbmkO4wioWacOpz0zxPBEMTd9rDftuoCBY4z21zbSC4wDxH2Za1suTT6TyHOz3t94A5eErGWqUNOOLx1bQWxUTrINfK5JPOzZauyVEbZK5bUEOTOZ8-l9mQwlLo5tU6qu_x4Fi0aCdXdXMCqjzds5E-5F7zmsZtTjbWMxOdQGkgLfDpEv6CvDNlhHHkmITBMYyjnrqjwFNxDv89b77EmNIkSJuxLIaZ7WmLYvsOIsJ0C2rDeZueTmKZBcS77OEnKHgQvWalNYJ0ByIi5jsYWgyorgZ7Ero1BHddZSjTtMO9hUR4tFotTtMXH9SZ0A9LJZjXs-Xe9-PLNu9moFikTHt9COIqvpewadJ3n0Ur-cz0Kxf5vmcaXGXvxCxIMoZBxINKZt75N70WoDMeuCRPC49zOeSNoC51HXX81Wrc-FrH0_aeXBvSeY5SVKl_yPOWbsp2kv72V5WoWhIXRtq_3OcTZRam6bpbMQ7MM4urMYrhz2oItboqImcL35NbWMzCWBBIlQ0-iirzT2QdMaSFlxL-_KbrkoBldCYOIsdsxoNXyC9gJksf5Vm0jBL9Y7KgoMxFBvoYPHm_zKp0TiBkHcDcaCMhtqhpLxdtUMaRjOMrtnc2ROZViQUI35UM0L5R6MA2mHkuDTjNv-0pE3v8ANY0ik2IKI0kBfdR2DeauninJlTr-b37NLxUyCKzazV9KK873ax-iy9bYS9S-GMV0GWMmKwLH-hMpKcbj_Ra3NCdBc-2Gw2fXaXsh-GdgFFym_5cy7QeYkSGcgjeBhRF3_J6fsWU15z-g4Y6cUkP_goIB974QriwWHwr320OOwEmhtI2NcEnDODDlUD1GQ6hjBHTf3R6Ae_e5Vk_ZQLgCsdl9CfCca8qrJv2-brUsHA_s_iNToclrni7oXBBVapbNIFYDJgEF0ZIrUPSfIzAGbxoUT7Icp4ZFZa_ILGelKx6fxQnqCK5BbEcfSKiTaW2Ry7oHHzGwOpsMaDd7DQOA39BqH225gvuOZqIQT50zO3m-NObrAuwRpHJqZoHNCMBoCr-lg3xmUNrqZ8lKoyq2WvmuVaQ7dwhEmWdhtA3vfJnteQMA3TFcaT72edfHjgKdRi0kDS8vUjdqrE-hAnTSlH9VE0X2RWNYLL92pAz_UtpD0zfFMwtsy3HHyu2I4ItbS8rlmEYkeHMF-oArm6CiRHnLGWIFZs3dYE4EujFp4K2wpnSZrU0rujEsNp1PSmMGDmv9EoAhv8VTA_63M-6Tl8SUYK4xZ4swnrVT2aHG6aqsS_QjmROtwinkcB1m8JATGg758LoQzsr5-RhbOqNg_Tx9jimOLfnXWDRzm4HH8PWb4ARl6IxwawetSK99shHgph61nl-pFERo9r4HiQUyBbsuE7Nh7B4e2R3cdtjeDVZ4z1EvHQG6S7NL3R-UxgPd9c9rahFysAXvI--NBKOVNed4CuvA3jpJjZ9kr3PDueq194rQ3jNq4PtGa3VpyfUnasEHlAbEPd9LdnDcsSF2xh0ycFg4-CHBOdE8RFmk7xdZFrPgUIEHckFX_Y5yZWDzDMG3XAudHYS74XM1_RAOVUe7YsYbNaMXu4RLZuJBKmEJKHSm6Gxqbq0zbfc7xwpoxDK6luXvQ40wnb6f_jdYac2k_13PrNO1JF-l7MCKeHzzeFgRb6LfHaeVTHpcyn_RK3ueyj1umORF7cNcduqUfCXDfZEghr8a8iP0W9aF3EkF3ABeKTeoZmxzH6TDFAv6Rp6XT6_tyOOctoP5xwUkXHQGnwC_RlwmiyLJ13tS75eWnMiVBsAZqweV18c&cid=CAASBORoSIc&rfl=3%2Chttp%253A%252F%252Fwww.fortunecourse.c4.fr%242%2Chttp%253A%252F%252Fwww.fortunecourse.c4.fr%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1733
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3181
x-xss-protection: 0
server: cafe
etag: 10699485926258732851
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 03:27:07 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220928/r20110914/ Frame DDC8 30 KB
11 KB 46ms
42ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220928/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f03f34a896200ac3d36794a86a5b23d054f1982d05740b454078c8526a33b631

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:40:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 918
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11727
x-xss-protection: 0
server: cafe
etag: 4188671789125589074
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 03:40:42 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame DDC8 41 KB
15 KB 42ms
42ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 18:03:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 294769
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Sep 2023 18:03:11 GMT

GET
DATA 200
OK truncated
/ Frame DDC8 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 97ba0989560620a568c0323f8da473d713448bdbe9fb1e41a49c8bb6a9d1c497

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4939 22 KB
8 KB 153ms
44ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 160273
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 07:24:48 GMT
expires: Fri, 29 Sep 2023 07:24:48 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/10196239086468997911/ Frame 1C51 89 KB
21 KB 85ms
31ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10196239086468997911/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d74d225ed3a1ba493176f184c57877252a54ed81fc6031d6908ef70a11d4670

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 142581
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 21272
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 12:19:40 GMT
expires: Fri, 29 Sep 2023 12:19:40 GMT
last-modified: Fri, 18 Feb 2022 17:46:32 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame DDC8 0
622 B 175ms
78ms Ping
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuI4tSN91Wi7gH8vafLG3Rp9Q3u53DJiAsQNQcFm5UIfCo6VlMP8zh9hrOpD2Ze5v-OxChMJom52a4iIMa4cDOwCCOWOJymggc15zrOguWceoIJ5qA6ZZt0ff_D53XcBUlk-V5N3bivttAPPQb7xW_ceOq-wW-zKfRUwLxjwgiaIi3VCzT7n2XfhBC55bemth02XFmj7Lrwzq4a26vI-xFhy_ncdzWMN02ld4RZ8x1aR0BvBUFLUehcDm8tU365fYjvEXOtzLpYQ9rE0ygBsPQHLw5azrL1gT964lOqQIHLHwy-BAdB44bW3wrtWIu95q6nTkQRayft3yQrrBcCDOz6zx-r2lbaP5tVnLpi1C4QA9KsJ1C4Oslr0O1Vy1kcAoDdX93LQ8CpOsxyljIN8Ug4HDaFPchWhzyEVTq0udcfYZhfMlmTg2CAFkSQ_F2rnhPoDgWD7-ldN1Qv68-AgkLJjw8Pq7isAdIqPf-HWYky-Z2uNuMucDIsX3lMPuOY0aROlluogbAU9RbOLnRt8F57qKHuwoqXvxfPizNBh05AbdFZbSfjEPo5lsPfo_g6bCEYRuS8aZsAcquS_Rz98Cf-spVIvOfAhkcoTSzwrYTuU7yaUKJRtnsY6xmqd_bSOaAoo8lk-TVglCxF4RjW-rUnK8x0pssA_CHQPsUttrmt4lyEOLZjgXiszPuf5r2DnJvH6gch285uqX1D5J9DAJlyQmUiCTFO_bcOhZjstzo-cPceEc7_064d1V3k6CgcUbF8I2uTPwPmG7MF0bGFzKLl3wnXeaADQhoAOGMlR_IjDoz3czAt75kjm-mC7oLNfTjnXemR0Ss7KWhLVoxsmSadEf2cZ2xW4kmXgmxqIqmhO9W9Bo9yAAsSDeqN0qMbE1NFeImcAkPm4Xwzo1lWeNbloRSSM0epB4qQl-BdqxzZqE4c0dp0Bb-Ehnfsr7E5pg3qlmnka3TAvGs7ZRaUSAC2G9LxzTaRLUmhPAnKwQuk7f5kXPn3-TMMA9TlF1tXW7c2xUB6Bi7fmC4fYnPXwmiOZw6falv7fddBzA_HHI42qCPGKnX9TIYtwOHcRQaTUXitSDPfu3WRDIsLmxpjAQ14vB4vafmEr7mMD9Jt6JrqJ57VHJHg1w3gXVdm-JTic0UiZKioND2ZWV2sxlZOWK5wgx0CH4JqMOXNwpti3TWz-Y7CDoUgUQ6LZTnoQJJowkledR3c_-5oEj8FEFuKvg&sai=AMfl-YSbpp8LJDEeBrXm42DWD_XjljhRnB2O2E--0wyXAbtB1_CjGIOYZahjV7EW1AMUxOV_P1pxnFa1ar6Zfac1Mq1_vdRp9GzBW_RkpY6GLSbNIlp3fDKsAXOPVvd7-gN20zHG0Un_RA2mhGgOuE2IkWxM82mofQ&sig=Cg0ArKJSzL9-Y5fFK0d2EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=139&cbvp=1&cstd=136&cisv=r20220928.99932&adurl=

Requested by

Host: www.fortunecourse.c4.fr
URL: http://www.fortunecourse.c4.fr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 01 Oct 2022 03:56:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 1C51 8 KB
1 KB 108ms
36ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:500,700,regular,700italic

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10196239086468997911/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c233ce3b2c93066a4fe602720eaee31dba0c23d5b832e7aac994f71d04697325

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 01 Oct 2022 03:56:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 01 Oct 2022 03:56:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 01 Oct 2022 03:56:01 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 1C51 29 KB
10 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10196239086468997911/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10196239086468997911/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 21:22:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23589
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 01 Oct 2022 21:22:52 GMT

GET
H3 200 YrdBSjzfIHcYhYLmavhSyO_EhBrLUWpx5ykdL7H9Kqg.js Show response
pagead2.googlesyndication.com/bg/ Frame 4939 36 KB
16 KB 43ms
43ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YrdBSjzfIHcYhYLmavhSyO_EhBrLUWpx5ykdL7H9Kqg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62b7414a3cdf2077188582e66af852c8efc4841acb516a71e7291d2fb1fd2aa8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 19:21:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203669
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16054
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Sep 2023 19:21:32 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 1C51 15 KB
16 KB 160ms
42ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:500,700,regular,700italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 19:33:08 GMT
x-content-type-options: nosniff
age: 202973
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Sep 2023 19:33:08 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 1C51 15 KB
15 KB 171ms
54ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:500,700,regular,700italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 19:33:00 GMT
x-content-type-options: nosniff
age: 202981
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Sep 2023 19:33:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 1C51 16 KB
16 KB 206ms
89ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:500,700,regular,700italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 19:34:12 GMT
x-content-type-options: nosniff
age: 202909
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Sep 2023 19:34:12 GMT

GET
H3 200 BitdefenderLogo_white-_2_.png
s0.2mdn.net/sadbundle/10196239086468997911/ Frame 1C51 28 KB
28 KB 27ms
27ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10196239086468997911/BitdefenderLogo_white-_2_.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10196239086468997911/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09390420931de1a5876504eb4ebc8af93bd0464e7837af05c971b8afd33f6dbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10196239086468997911/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 13:17:00 GMT
x-content-type-options: nosniff
age: 139141
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28426
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 17:46:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Sep 2023 13:17:00 GMT

GET
H3 200 DIP-728x90.jpg
s0.2mdn.net/sadbundle/10196239086468997911/ Frame 1C51 4 KB
4 KB 26ms
26ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10196239086468997911/DIP-728x90.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10196239086468997911/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e2febd816ca74d843f100c2e7417cef8430cef84f5817d2ac1e5963d62eaff4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10196239086468997911/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 09:57:58 GMT
x-content-type-options: nosniff
age: 323883
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3967
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 17:46:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Sep 2023 09:57:58 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4939 0
20 B 79ms
78ms Image
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B9vZgULo3Y_rRM5Ou3gPnyLTwBgAAAAA4AeAEAg&bg=!dHeldzPNAAYQgTJdMIE7ACkAdvg8WnKUFP_y67rNcGpSbxAT7C5k4yBgIS_3gjXDKicSfWj8AaIiIAIAAABbUgAAAAJoAQeZAxrMBHeUc5Lr89IF4yDZo32gGfuv8fpzYtfzCR5cNTmYuyYmEB1tVAjY1vumHmF2RtZDnNUtHkpbieCja5NMIRLYh_D6uM46YuMDh2qvOoBYOYyHhihPj0MolPW6ey6BDGf2pTS2yPEd2YH92-idHfPDnlNC_Vdb3goSfecRVf1c2h6MMIAvw-g-cu6dmNVa-klLG1b9vaoPDrJaHhx7cUvveU-K2yR-P41Tp6OJRPj8lebjNjgVxh3TGC3zZvHqs7FLym_drHp5hMzrB0r8puLgh_Tk3QwjG1njCV6Ar583CwQ7MZpbqJQnOYwdymVCqjgbLpBN4xJsskr7OkOQiHEwYdkP-tLA6WLLFcyYI8YzfpwrQyIsL6fWYX-EThwKs-ehY4Pa-GWi6QsghQdM9jeLxQOwm-yZhQUBZAJp6bXxeWja8pMTrsKpozae-GKW74ncA8aE9hVL2ZH8dpOL6YO9efwslepcA_xsTxLj-95CE1U97xKoaUEv_Hj6LUFZOQpcc-hItf3le0D650uj8KfJ9sjI8kcaQ0uPrUM0PWgnl17EALlMxTESxJqeU5MKVV0juHETSpGOlhkCRgjXt8dBU3G-kQsAPaF8makBtBMJp9A1jcqVhPcFGYxgkpCh0K-4AjV_7_NIA5G-JoZaC5WfMRiLlo6SKZKol4O3jYHLlQ-d5flDMS2rHU_sTGILkBg-OCswhigtOBGByc356QfiieqUAoXWscIdKs4qo3SwB8TxubQwEUD6RHguuq43yMWqze1ssoOFe8fCRmifL_Ktt8PbpIiRDredQJSkt9hB_Kq0PM0SChMq-_o-aqVKE8JyQm0rUzhlhTNCpvEbSWyFBNDoit2NYVwlASHkQHFVvFaDez44SFFvPQ8Ds1l2AzJPS97AMmTL6gkRMqQcNJmeMeYeO2UgdI81Usgn1vpV9Gozs7I8Sh9V2IThFx2FG4IkISAQDp0StqEmaY33wppSfdopW6eSNoTrgWKREWTc6RiqksNTgci8cElMpzuFXlGJqO3ylI5-5QBXIHT7byQk61t38412zLaSug

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 03:56:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame DDC8 0
26 B 119ms
64ms Ping
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.fortunecourse.c4.fr
URL: http://www.fortunecourse.c4.fr/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:56:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2842 14 KB
11 KB 170ms
82ms XHR
application/json 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220928&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bed01c66d1d15043c87a2f36c1d8e0ae9aa837e63ba897cff554b4c2d00ad9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.fortunecourse.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:56:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11222
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2842 17 KB
6 KB 147ms
146ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.fortunecourse.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:56:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 01 Oct 2022 03:56:01 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2F55 13 KB
5 KB 45ms
44ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.fortunecourse.c4.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 137035
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 13:52:06 GMT
expires: Fri, 29 Sep 2023 13:52:06 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5B19 783 B
1 KB 181ms
70ms Document
text/html 2a00:1450:400d:804::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:804::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0a078839125f8b725ea9bcfcd46cbe6420764cfba49202e7c614f57814dabe72

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-W_aUF3OWuWMmFGE2DMK4Vg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.fortunecourse.c4.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-W_aUF3OWuWMmFGE2DMK4Vg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 03:56:02 GMT
expires: Sat, 01 Oct 2022 03:56:02 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 YrdBSjzfIHcYhYLmavhSyO_EhBrLUWpx5ykdL7H9Kqg.js Show response
pagead2.googlesyndication.com/bg/ Frame 2F55 36 KB
16 KB 43ms
43ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YrdBSjzfIHcYhYLmavhSyO_EhBrLUWpx5ykdL7H9Kqg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62b7414a3cdf2077188582e66af852c8efc4841acb516a71e7291d2fb1fd2aa8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 19:21:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203670
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16054
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Sep 2023 19:21:32 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 2F55 0
10 B 43ms
42ms Image
text/plain 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?K48oBg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 03:56:02 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5B19 0
0 75ms
74ms Image
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220928&jk=3025995298287458&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame DDC8 42 B
64 B 79ms
78ms Fetch
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvdpScNr6ADe7ww5ZOCjOvzaM7bGYNeTd9vteCk2wAVpIm7HgPlLmnB04n2k99lR1TovEW62bR1wkdnnazsBTSIZpQ8Q7kjnPrpvYyXaBEXPvh9IOqWeda6ubWIkSI-K9NDOoW_LA&sai=AMfl-YSU8nuSUTm6uEcBRnNAnYRAhtCEYy01LcAwnEe7h1hTKVULZ18iEvPMS42Fm5LV00Ws5fg0RAV5MNrIioQ&sig=Cg0ArKJSzKMKc6j4c5o6EAE&cid=CAASBORoSIc&id=lidar2&mcvt=1001&p=0,0,90,728&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220928&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2647235303&rs=2&la=0&cr=0&vs=4&r=v&rst=1664596560808&rpt=475&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 03:56:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2842 0
0 79ms
78ms Image
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220928&jk=3025995298287458&bg=!xMelx4PNAAYQgTJdMIE7ACkAdvg8Wm5DFGxTbxYAPjTEDsZfyATLFYoxxklMWnpKm5ndKf0cW4AONAIAAABfUgAAAAdoAQcKAA6xbeHKLI50yIgsJynp7ZkCxR0-Uy1BiV7UqOxgiwPq50HLBsVGCBgMQXb-z-YjZNFyZVecbyZdO1_Or5tH77fq7xPEcAvJvOrTh9IgAlXGbY99k5Bl3meEjQ12CCyoJCWFEB_-PKVx7QU3fyQoiLT_b-pNvERHvjiqxHel1vMu0BGgA6ScauVZ_se723BuQshldC983F4KytMcmW-ytuDClWN5n96dX8I48cjXWrfHNKl5gfAMGece-Bi45j19a1tCwj9xIbUekXxbVIoIaMTXtM5Z_nUQIRPm6JUQ5W0KqJcJcnn6vWRgVAF5qdkCRQwgal0tpkxOCNFr-WMaAz_qcTCEYExZz50vE_MhMiL2Wxr4wdXoxBf7gWulyInjh_ufPM1flvQ4nRmNn9ipbZIi4h608h4Qv-FeqXc-BCzD-Lx7QgOqvgIwnd7w30TpuLSLfuQRn0qJrxD_R_K-8lCSbhH_ypjltXSAr5SalwdEYm7PcZXXT5HxeIoMUm2uVRySoES-75OA0pa1N7LbVqO9sXltRVwkTJEVOu_za_i3xlYmzfhS6lLGYcRcMB5j8DKu_VkCDkgVNMxSYp6dQb5_SRFOgNGZIhAuhFLTpjq_rZOExTaP0HGIL8RfU1KqEyAHHlOxI5aDs6ZadvkP9Z9E47i6YRO0x3piVBiFBXj1I0SWzyEtfKOPjVsXd3jhIQNV3DJTx0fVUZR48uJULaBNKz4ZY-C6DyguBuZmpE0GKyS6zwpZ-1hotzwcGNBxAHylknf3mpa6-IZMHCUvQIcZuWwb0OixSoCxvhn7BS-e_l_yDYmYZnGNXDSszsoIwzrUDfBW5bEepb-f86epcght6HCRW872klqMvH8AdNmkrNdMp7QNZxKylM2OqI4L7_DuoIqztTo9PaH6XoU6rqbkk_FftRBtJ6XRQ6UT-KJkmBqYQ_lxOWgcrC85B_Hhid6DFXTttog
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.fortunecourse.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.c4.fr/	1970-01-20 15:44:52	Name: __gads Value: ID=6cf77f7a62407f69-228e126435ce006a:T=1664596560:RT=1664596560:S=ALNI_MbPfljNluAgRf_1RXPYFA-GY84ITg
.doubleclick.net/	1970-01-20 15:44:52	Name: IDE Value: AHWqTUlmiR5DEAT9Fsp_ZCUMHTCgux5PKo8uDgBvthNRWvEJNeTuW72lOBOHVt8fkIA
.adnxs.com/	1970-01-20 08:32:52	Name: uuid2 Value: 2090520202974713082
.casalemedia.com/	1970-01-20 15:08:52	Name: CMID Value: Yze6UJB3gIda-reOFWXzAgAA
.casalemedia.com/	1970-01-20 08:32:52	Name: CMPS Value: 1106
.casalemedia.com/	1970-01-20 08:32:52	Name: CMPRO Value: 1106
.adnxs.com/	1970-01-20 08:32:52	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVGopj9I!]tbPl1M>e)ZlrFUfJ+tGXxouHsNRSOoW:Z[h-I!YnYIsE7?ZZc?/JYuPcc(3If)y3KL9D3I?+HU8<3W
.casalemedia.com/	1970-01-20 08:32:52	Name: CMTS Value: 1151

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.fr
cm.g.doubleclick.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
img.root-top.com
ns.allo-heberge.com
nsm05.casimages.com
pagead2.googlesyndication.com
partner.googleadservices.com
payment.allopass.com
s0.2mdn.net
tpc.googlesyndication.com
turftriomphe.com
www.allopass.com
www.biltoturf.com
www.fortunecourse.c4.fr
www.google.com
www.googletagservices.com
www.levainqueur.com
www.pronoscourse.com
www.snprono.powa.fr
www.turfsur.com
www.venez.fr
www.zetop.info
www.zone-turf.fr
zetop.info
104.18.18.126
142.250.185.66
143.204.215.22
172.217.18.98
173.225.100.28
185.119.26.1
185.89.210.141
194.150.236.165
194.150.236.190
194.150.236.236
194.150.236.5
2606:4700:3038::6815:ea1b
2a00:1450:4001:802::2002
2a00:1450:4001:806::200a
2a00:1450:4001:808::2002
2a00:1450:4001:828::2006
2a00:1450:400d:804::2004
2a00:1450:400d:805::2002
2a00:1450:400d:806::2001
2a00:1450:400d:807::2002
2a00:1450:400d:80d::2002
2a00:1450:400d:80d::2003
2a00:1450:400d:80e::2002
5.135.149.81
91.121.164.142
05ac9671885da6ce37cf8e99df86698c78897648a7755247a428f2c238ac1363
07ec7f1a20784f3bb105f3177f62bdb568b855a1c7e7db62588881d96b416ef4
09390420931de1a5876504eb4ebc8af93bd0464e7837af05c971b8afd33f6dbf
0a078839125f8b725ea9bcfcd46cbe6420764cfba49202e7c614f57814dabe72
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bed01c66d1d15043c87a2f36c1d8e0ae9aa837e63ba897cff554b4c2d00ad9e
0c91a24c2deb753c963c48cd9c3e5d16ee96128b30bce193c4324e121728c306
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
19dd4e360485c724ce74227d51b6b572ab458d3855bc31396cb7ba73e768965f
1a6e1d886bc9cf38bd82dd0c2934ff4ee4ed49e96f37922ac62aa4d3a2272b75
1e2febd816ca74d843f100c2e7417cef8430cef84f5817d2ac1e5963d62eaff4
1e5e009aca181390b5471d0ea0fb43ef52ab2a5cddc1f5eca3b0539fbeea5a74
25c5f8dca89b6d4a9cbb94c762e4f0e269ec30c8ab1bc206b8248e3b82f88ef6
2680921f3183aefc8e7756602433aeb83fca8d3498d4c2eace0e42da7e68dbe7
308c954bf895a4a82a8f494176e680b6c63692a55d42b0c1b805d0c358391680
3289fc83b622ca0a13683fa81b006a05de135d1938744d6e30e5c9be2f2d782a
34e7ec58a2f22a541e1e99155fd40117f26c9d180e3ce835ad4e1d3e78a971ef
3e44695714cb588f45a5c3f06e29de76f92563740fb844cb92e02db3c090199d
439a96ba4cfcb182f91f87abdaba62ac99f298cbf5cc1979c9fd14000a6c1c6a
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
49d4ba84e10d9d1f2a83956dde4f20625fd11efc01f60a3a4552a9e09a05a74f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4f19cef0833e39bae0b563617526236f45ef8b8e12ed5ea89cb47e770d9fd7d5
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
541be29b007843edffd0457b96273a30fee6f93c2733be81362d19fa0d0ac64f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
5d74d225ed3a1ba493176f184c57877252a54ed81fc6031d6908ef70a11d4670
5fb411b535ef05ae2b050af5f641ff148c2e60f8e90bb899ca9ad96b37a844b6
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6270f4fc23be1ddceb334705172b0470d61d28d201fcc23402dbdc8bac85bdc7
62b7414a3cdf2077188582e66af852c8efc4841acb516a71e7291d2fb1fd2aa8
6d5cd26e0c4ee637c6e9df3cb1432112a548916d8c4499c5a3eb47a5b3afbc77
6f704e48a273cb2bd73e09fc5e30f4ae59d761f562f79d2a9c6a40f9be6c9ea8
6faf4e5943d6929526b1ace9839f78382d7bbf8e939937cc0d1d024eaedc43ec
6feb209dd38c042092d0fa4c3bfffae2d3dd60814851542b80d8fa89b5750aa2
72f1c52aec900504c11e202204caab73211ca59d50fb1e8ca9d378553d70b7c1
77d5ced9c94df938ace72826853677f63ee2d64284f9cea3fdb4c6fcd4216554
7adb98959fb28df7c99082b45bbf1f1f75b818282b220ea5c86b667912aa402d
7c9a501ff24c88a1c67c41a92315b5c7b94e19bed6381da81631f691e501a8be
7dc792d48132ff15a9ad8c11a139bf26f8e13aa3df30a71582ae406ddffdab4f
7f38549db9690596f644b7ba991295edbd27d04675e572ab637d99070b8781dc
85939c05f88881282d0aa5d48c5289231759f7d31db51ad4aab1698948612bdb
86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4
87209a0a004545c29b37a3fe477b776a04afb8fb006d9be12965c4148475474c
882ea47af252febf6009aecba3ca5b0721476c165173ed8322490c3230f0fcd6
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8df281192249bf8f2df4943d333e4038476188a1eed8e30b81ecc4d767ce4be1
97ba0989560620a568c0323f8da473d713448bdbe9fb1e41a49c8bb6a9d1c497
9bd0c1e96f9d3b63b53ba8c355ada916479d8815034cab0aad1540c3c602d896
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a7367ca39976bffee6397626303004deec789b7e1fcbdb0d6e8aeeb1b692153a
a99a75c34801335214a258d6a393f19e81df8b037409cb909ca464c338961f4f
ac8c7082b87411930939d344c0fca9ef954e46d41937050e1c356e7dc958bde8
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6049bb33ca3a57d6ef6368c2bf253e98a7fba1c45f173450806fc9fc187d06d
c120294104b9d0c95c14b702141cea8a677fff54b055ea0177bde66023f2ccd4
c208d77e0e089f3e3b6e76a7811758dc5fe21725e55e37d22d54a878cefec06c
c233ce3b2c93066a4fe602720eaee31dba0c23d5b832e7aac994f71d04697325
c50a8d7063f0ac813e1ac39f6fbb06861e4d7f8222a16101bf4dbacc3bb806de
c89138fe4d60f677872fa14679dd7d6807b9f614bd62beb3ffc112f082442b8d
cad8de313fb1d1c56f68a097b2f80bb2a301c733223e867adc67837d71ac34f0
caf05483c5d58dcea0547c8bad298beae9ad0a872c7f60fce1685356ef7d7b36
cbfb8531acc08636eb4c11ac0c4b5560822161db733587173415ea0cc27e007f
d040d448b5bbe41d747019d806129c61a1755397e402e8f0df361d8958ddc3e8
d1d6b5efe0d6c2540778435a8f7873cbec1eb76a2b107370388a8806cb5dda6a
d64984de6507d8ecee4088d57eebe2451b69cd394c4cd0cdba6f2d924763c846
d7332aeacd02592805490cb97c98ba97944071cc4e3ec315099b6e79286829a0
da8438b81e390283f6eb8cc9cf49ccde3d00c954b4fbccdf6372c162c4b58ab2
dbd33fac1eb9ae03922641bf09830249044bc0119042d161c7fe7ccf5c007cc3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
ead7dff95228a235e92f3cc50bcd67d3e448ccb40cee683514504e8a59aa8f30
ecc132d445a4321f033bc3b45093bf742f4bd9920f5f633d82d4331f21a0c7b5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f03f34a896200ac3d36794a86a5b23d054f1982d05740b454078c8526a33b631
f0eafb2ce8fb76c316ef690f0e871b1a15ba1ba6b84930c1b48f75f24d51aa86
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

www.fortunecourse.c4.fr Open in urlscan Pro 5.135.149.81 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

95 Requests

73 %HTTPS

48 %IPv6

25 Domains

31 Subdomains

26 IPs

5 Countries

1155 kBTransfer

1947 kBSize

8 Cookies

0 Outgoing links

Redirected requests

95 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.fortunecourse.c4.fr Open in urlscan Pro
5.135.149.81 Public Scan

Screenshot
Live screenshot

Full Image

95
Requests

73 %
HTTPS

48 %
IPv6

25
Domains

31
Subdomains

26
IPs

5
Countries

1155 kB
Transfer

1947 kB
Size

8
Cookies

95 HTTP transactions
1 data transactions