turfpmu.fr.gd Open in urlscan Pro
193.238.27.28 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://turfpmu.fr.gd/
Effective URL:
https://turfpmu.fr.gd/
Submission: On January 06 via manual (January 6th 2024, 12:01:38 am UTC) from GA — Scanned from FR

Summary HTTP 267 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 41 IPs in 5 countries across 40 domains to perform 267 HTTP transactions. The main IP is 193.238.27.28, located in Germany and belongs to IPX-AS15598, DE. The main domain is turfpmu.fr.gd.
TLS certificate: Issued by R3 on October 30th 2023. Valid for: 3 months.

This is the only time turfpmu.fr.gd was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	193.238.27.28 193.238.27.28	15598 (IPX-AS15598) (IPX-AS15598)
6	178.162.223.113 178.162.223.113	28753 (LEASEWEB-...) (LEASEWEB-DE-FRA-10)
26	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
5	178.162.223.114 178.162.223.114	28753 (LEASEWEB-...) (LEASEWEB-DE-FRA-10)
3	95.142.100.82 95.142.100.82	47543 (ATOM86-AS) (ATOM86-AS)
1	185.119.26.1 185.119.26.1	203544 (WEBDEVIIN-AS) (WEBDEVIIN-AS)
1	212.83.183.115 212.83.183.115	12876 (Online SAS) (Online SAS)
10	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
1 8	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	108.138.36.22 108.138.36.22	16509 (AMAZON-02) (AMAZON-02)
2 16	2a00:6800:3:a... 2a00:6800:3:a0b::2	42730 (EVANZOAS) (EVANZOAS)
2	2606:4700:303... 2606:4700:3031::ac43:a2c8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
24	2400:52e0:1e0... 2400:52e0:1e00::1081:1	200325 (BUNNYCDN) (BUNNYCDN)
1	2400:52e0:1e0... 2400:52e0:1e00::1080:1	200325 (BUNNYCDN) (BUNNYCDN)
2	178.254.33.33 178.254.33.33	42730 (EVANZOAS) (EVANZOAS)
2	213.239.209.209 213.239.209.209	24940 (HETZNER-AS) (HETZNER-AS)
36	195.90.208.185 195.90.208.185	42730 (EVANZOAS) (EVANZOAS)
2	178.254.36.108 178.254.36.108	42730 (EVANZOAS) (EVANZOAS)
12	2606:4700:20:... 2606:4700:20::ac43:4a81	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:6ea0:c70... 2a02:6ea0:c700::11	60068 (CDN77 ^_^) (CDN77 ^_^)
2	95.211.229.248 95.211.229.248	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
45	2a00:1450:400... 2a00:1450:4001:810::2006	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:6ea0:c70... 2a02:6ea0:c700::21	60068 (CDN77 ^_^) (CDN77 ^_^)
9 12	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
6 12	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6 9	185.89.210.212 185.89.210.212	29990 (ASN-APPNEX) (ASN-APPNEX)
1	34.77.79.66 34.77.79.66	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	104.102.45.165 104.102.45.165	16625 (AKAMAI-AS) (AKAMAI-AS)
6	142.250.184.198 142.250.184.198	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
1	18.223.141.84 18.223.141.84	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:7eaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2400:52e0:1e0... 2400:52e0:1e00::1082:1	200325 (BUNNYCDN) (BUNNYCDN)
1	2600:1f14:50b... 2600:1f14:50b:9a02:7ee3:88d3:161c:de93	16509 (AMAZON-02) (AMAZON-02)
3	109.71.253.87 109.71.253.87	44486 (SYNLINQ s...) (SYNLINQ synlinq.de)
267	41

1 193.238.27.28 (Germany)

ASN15598 (IPX-AS15598, DE)
PTR: fr.gd

turfpmu.fr.gd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 178.162.223.113 (Bonn, Germany)

ASN28753 (LEASEWEB-DE-FRA-10, DE)
PTR: misc.webme.com

wtheme.webme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
theme.webme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 178.162.223.114 (Bonn, Germany)

ASN28753 (LEASEWEB-DE-FRA-10, DE)
PTR: img.webme.com

img.webme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 95.142.100.82 (Netherlands)

ASN47543 (ATOM86-AS, NL)
PTR: ofwallet.bestpaths.net

pubdirecte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkredirect.biz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.119.26.1 (France)

ASN203544 (WEBDEVIIN-AS, FR)
PTR: 1.26.119.185.in-addr.arpa

payment.allopass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.83.183.115 (France)

ASN12876 (Online SAS, FR)
PTR: unanimateur.com

www.allosponsor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

1.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
3.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
4.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
2.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

blogger.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a06:98c1:3120::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.1clic1don.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
admediatex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.36.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-22.muc50.r.cloudfront.net

arc.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:6800:3:a0b::2 (Germany) 2 redirects

ASN42730 (EVANZOAS, DE)

adnade.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-binance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
deliver.adnade.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
billigerscheiss.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
embed.chatlotto.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3031::ac43:a2c8 (United States)

ASN13335 (CLOUDFLARENET, US)

adz2you.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2400:52e0:1e00::1081:1 (Germany)

ASN200325 (BUNNYCDN, SI)

static.arc.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
consent.cookiefirst.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
edge.cookiefirst.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:52e0:1e00::1080:1 (Germany)

ASN200325 (BUNNYCDN, SI)

core.arc.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.254.33.33 (Germany)

ASN42730 (EVANZOAS, DE)
PTR: h115.hubuhost.com

cduspenden.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
deli.misaglam.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.239.209.209 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 213-239-209-209.clients.your-server.de

ad.a-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.a-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 195.90.208.185 (Weyhe, Germany)

ASN42730 (EVANZOAS, DE)
PTR: h109.hubuhost.com

pornito.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.254.36.108 (Germany)

ASN42730 (EVANZOAS, DE)
PTR: h107.hubuhost.com

tool.hubu.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:20::ac43:4a81 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::11 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

a.magsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.211.229.248 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ds03.evo.0x3e.net

s.magsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::21 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

u3y8v8u4.aucdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.181.226 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 172.64.151.101 (United States) 6 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.89.210.212 (Frankfurt am Main, Germany) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.77.79.66 (Brussels, Belgium)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 66.79.77.34.bc.googleusercontent.com

shsorb.zecplus.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.45.165 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-45-165.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.184.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.223.141.84 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-223-141-84.us-east-2.compute.amazonaws.com

warden.arc.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7eaf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:52e0:1e00::1082:1 (Germany)

ASN200325 (BUNNYCDN, SI)

cids.arc.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f14:50b:9a02:7ee3:88d3:161c:de93 (Boardman, United States)

ASN16509 (AMAZON-02, US)

su4hesnyinnwvtk3h2rkauh5ja0qrisq.lambda-url.us-west-2.on.aws	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 109.71.253.87 (Germany)

ASN44486 (SYNLINQ synlinq.de, DE)
PTR: default.reselling.services

l1s.saturn.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
45	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 407	830 KB
41	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 140 tpc.googlesyndication.com — Cisco Umbrella Rank: 185	470 KB
36	pornito.de pornito.de — Cisco Umbrella Rank: 259478	455 KB
26	doubleclick.net 9 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 68 cm.g.doubleclick.net — Cisco Umbrella Rank: 338 ad.doubleclick.net — Cisco Umbrella Rank: 199	109 KB
21	arc.io arc.io — Cisco Umbrella Rank: 27522 static.arc.io — Cisco Umbrella Rank: 40019 core.arc.io — Cisco Umbrella Rank: 47150 tracker.arc.io Failed warden.arc.io — Cisco Umbrella Rank: 40980 cids.arc.io — Cisco Umbrella Rank: 50372	999 KB
12	casalemedia.com 6 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 1194	8 KB
12	ad4m.at ad4m.at — Cisco Umbrella Rank: 11048 as.ad4m.at — Cisco Umbrella Rank: 25279 assets.ad4m.at — Cisco Umbrella Rank: 37488	252 KB
12	adnade.net 1 redirects adnade.net — Cisco Umbrella Rank: 198950 deliver.adnade.net — Cisco Umbrella Rank: 232333	71 KB
11	webme.com wtheme.webme.com theme.webme.com img.webme.com — Cisco Umbrella Rank: 684397	696 KB
10	blogspot.com 1.bp.blogspot.com — Cisco Umbrella Rank: 12021 3.bp.blogspot.com — Cisco Umbrella Rank: 14251 4.bp.blogspot.com — Cisco Umbrella Rank: 16814 2.bp.blogspot.com — Cisco Umbrella Rank: 16626	54 KB
9	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 356	8 KB
7	cookiefirst.com consent.cookiefirst.com — Cisco Umbrella Rank: 37918 edge.cookiefirst.com — Cisco Umbrella Rank: 46318	34 KB
7	1clic1don.fr 1 redirects www.1clic1don.fr — Cisco Umbrella Rank: 163926	66 KB
3	saturn.ms l1s.saturn.ms — Cisco Umbrella Rank: 43656	536 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 271	194 KB
3	magsrv.com a.magsrv.com — Cisco Umbrella Rank: 7857 s.magsrv.com — Cisco Umbrella Rank: 7681	18 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 395	2 KB
2	awin1.com www.awin1.com — Cisco Umbrella Rank: 15485	1 KB
2	hubu.link tool.hubu.link — Cisco Umbrella Rank: 228886	25 KB
2	billigerscheiss.de 1 redirects billigerscheiss.de — Cisco Umbrella Rank: 219326	272 B
2	a-ads.com ad.a-ads.com — Cisco Umbrella Rank: 24533 static.a-ads.com — Cisco Umbrella Rank: 36309	171 KB
2	adz2you.xyz adz2you.xyz — Cisco Umbrella Rank: 183139	796 B
2	linkredirect.biz www.linkredirect.biz	3 KB
1	on.aws su4hesnyinnwvtk3h2rkauh5ja0qrisq.lambda-url.us-west-2.on.aws — Cisco Umbrella Rank: 48276	808 B
1	unpkg.com unpkg.com — Cisco Umbrella Rank: 1326	53 KB
1	google.com www.google.com — Cisco Umbrella Rank: 6	1 KB
1	zecplus.de shsorb.zecplus.de	376 B
1	aucdn.net u3y8v8u4.aucdn.net — Cisco Umbrella Rank: 7887	1 MB
1	misaglam.com deli.misaglam.com	484 B
1	chatlotto.de embed.chatlotto.de — Cisco Umbrella Rank: 219975	533 B
1	cduspenden.de cduspenden.de	531 B
1	cdn-binance.com cdn-binance.com — Cisco Umbrella Rank: 229718	527 B
1	admediatex.net admediatex.net — Cisco Umbrella Rank: 138973	989 B
1	googleusercontent.com blogger.googleusercontent.com — Cisco Umbrella Rank: 10066	12 KB
1	allosponsor.com www.allosponsor.com
1	allopass.com payment.allopass.com	3 KB
1	pubdirecte.com pubdirecte.com	2 KB
1	fr.gd turfpmu.fr.gd	239 KB
0	gambling-affiliation.com Failed www.gambling-affiliation.com Failed
0	Failed function sub() { [native code] }. Failed
267	40

	Domain	Requested by
45	s0.2mdn.net	turfpmu.fr.gd s0.2mdn.net
36	pornito.de	deliver.adnade.net pornito.de
26	pagead2.googlesyndication.com	turfpmu.fr.gd pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com
17	static.arc.io	arc.io core.arc.io static.arc.io
15	tpc.googlesyndication.com	turfpmu.fr.gd tpc.googlesyndication.com pagead2.googlesyndication.com
12	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
12	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net
11	adnade.net	1 redirects www.1clic1don.fr adnade.net deliver.adnade.net
9	ib.adnxs.com	6 redirects googleads.g.doubleclick.net
8	googleads.g.doubleclick.net	pagead2.googlesyndication.com turfpmu.fr.gd
7	www.1clic1don.fr	1 redirects www.linkredirect.biz www.1clic1don.fr
6	ad.doubleclick.net	turfpmu.fr.gd
6	assets.ad4m.at	as.ad4m.at
6	consent.cookiefirst.com	adnade.net consent.cookiefirst.com
5	img.webme.com	turfpmu.fr.gd
5	theme.webme.com	turfpmu.fr.gd
4	ad4m.at	deli.misaglam.com ad4m.at
4	3.bp.blogspot.com	turfpmu.fr.gd
4	1.bp.blogspot.com	turfpmu.fr.gd
3	l1s.saturn.ms	unpkg.com
3	www.googletagservices.com	turfpmu.fr.gd
2	cdnjs.cloudflare.com	static.arc.io
2	www.awin1.com	as.ad4m.at
2	as.ad4m.at	ad4m.at as.ad4m.at
2	s.magsrv.com	a.magsrv.com adnade.net
2	tool.hubu.link	adnade.net tool.hubu.link
2	billigerscheiss.de	1 redirects deliver.adnade.net
2	adz2you.xyz	www.1clic1don.fr
2	www.linkredirect.biz	pubdirecte.com www.linkredirect.biz
1	su4hesnyinnwvtk3h2rkauh5ja0qrisq.lambda-url.us-west-2.on.aws	unpkg.com
1	cids.arc.io	static.arc.io
1	unpkg.com	static.arc.io
1	warden.arc.io	static.arc.io
1	www.google.com	tpc.googlesyndication.com
1	shsorb.zecplus.de	as.ad4m.at
1	u3y8v8u4.aucdn.net	adnade.net
1	a.magsrv.com	pornito.de
1	edge.cookiefirst.com	consent.cookiefirst.com
1	deli.misaglam.com	cduspenden.de
1	embed.chatlotto.de	cdn-binance.com
1	static.a-ads.com	ad.a-ads.com
1	deliver.adnade.net	adnade.net
1	ad.a-ads.com	adnade.net
1	cduspenden.de	adnade.net
1	cdn-binance.com	adnade.net
1	core.arc.io	arc.io
1	admediatex.net	www.1clic1don.fr
1	arc.io	www.1clic1don.fr
1	blogger.googleusercontent.com	turfpmu.fr.gd
1	2.bp.blogspot.com	turfpmu.fr.gd
1	4.bp.blogspot.com	turfpmu.fr.gd
1	www.allosponsor.com	turfpmu.fr.gd
1	payment.allopass.com	turfpmu.fr.gd
1	pubdirecte.com	turfpmu.fr.gd
1	wtheme.webme.com	turfpmu.fr.gd
1	turfpmu.fr.gd
0	tracker.arc.io Failed	static.arc.io
0	www.gambling-affiliation.com Failed	turfpmu.fr.gd
0	Failed	turfpmu.fr.gd
267	59

This site contains links to these domains. Also see Links.

Domain
pubdirecte.com
www.root-top.com
www.fortunepmu.fr.gd
www.turfologie.fr.gd
elvyturf.blogspot.com
www.franckyturf.fr.gd
www.jeugagnant.fr.gd
www.chevalcourse.wixsite.com
www.triotierce.fr.gd
www.basecouple.fr.gd
www.jeupmu.wixsite.com
mariacourse.blogspot.com
yannpmu.blogspot.com
www.ma-page.fr

Subject Issuer	Validity	Valid
fr.gd R3	`2023-10-30` - `2024-01-28`	3 months	crt.sh
misc.webme.com R3	`2023-10-30` - `2024-01-28`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
img.webme.com R3	`2023-10-30` - `2024-01-28`	3 months	crt.sh
pubdirecte.com R3	`2023-11-14` - `2024-02-12`	3 months	crt.sh
*.allopass.com Sectigo RSA Domain Validation Secure Server CA	`2023-10-06` - `2024-10-07`	a year	crt.sh
sd-142034 sd-142034	`2023-12-18` - `2024-12-17`	a year	crt.sh
misc-sni.blogspot.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
1clic1don.fr GTS CA 1P5	`2023-12-13` - `2024-03-12`	3 months	crt.sh
arc.io Amazon RSA 2048 M02	`2023-02-21` - `2024-03-21`	a year	crt.sh
admediatex.net GTS CA 1P5	`2023-11-15` - `2024-02-13`	3 months	crt.sh
adnade.net R3	`2023-12-02` - `2024-03-01`	3 months	crt.sh
adz2you.xyz GTS CA 1P5	`2023-12-02` - `2024-03-01`	3 months	crt.sh
static.arc.io R3	`2023-12-07` - `2024-03-06`	3 months	crt.sh
core.arc.io R3	`2023-12-07` - `2024-03-06`	3 months	crt.sh
cdn-binance.com R3	`2023-12-02` - `2024-03-01`	3 months	crt.sh
*.cookiefirst.com Sectigo RSA Domain Validation Secure Server CA	`2023-12-05` - `2024-12-16`	a year	crt.sh
cduspenden.de R3	`2023-11-14` - `2024-02-12`	3 months	crt.sh
*.a-ads.com Sectigo ECC Domain Validation Secure Server CA	`2023-12-27` - `2025-01-26`	a year	crt.sh
deliver.adnade.net R3	`2023-12-02` - `2024-03-01`	3 months	crt.sh
billigerscheiss.de R3	`2023-12-02` - `2024-03-01`	3 months	crt.sh
pornito.de R3	`2023-12-01` - `2024-02-29`	3 months	crt.sh
embed.chatlotto.de R3	`2023-12-02` - `2024-03-01`	3 months	crt.sh
tool.hubu.link R3	`2023-12-05` - `2024-03-04`	3 months	crt.sh
deli.misaglam.com R3	`2023-11-07` - `2024-02-05`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-07` - `2024-05-06`	a year	crt.sh
magsrv.com R3	`2023-12-18` - `2024-03-17`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
afcdn.net R3	`2023-12-18` - `2024-03-17`	3 months	crt.sh
shsorb.zecplus.de R3	`2023-12-09` - `2024-03-08`	3 months	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
cids.arc.io R3	`2023-12-15` - `2024-03-14`	3 months	crt.sh
*.lambda-url.us-west-2.on.aws Amazon RSA 2048 M03	`2023-12-27` - `2025-01-25`	a year	crt.sh
l1s.saturn.ms ZeroSSL ECC Domain Secure Site CA	`2024-01-03` - `2024-04-02`	3 months	crt.sh

This page contains 38 frames:

Primary Page: https://turfpmu.fr.gd/
Frame ID: 59EE5D9DA81E4206CF59B9734DB223B8
Requests: 39 HTTP requests in this frame

Frame: https://www.linkredirect.biz/b-images/221468_frame.php?url=https%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Fredirect.php%3Furl%3Dhttps%253A%252F%252Fa.movingfwd.co%252Fredirect%252Fl%252F57922347-f3a9-48d4-b0b3-1e6f8dc1a00c%252F9fee8966-4422-4909-aa02-14467e575996%252F1984%253Ft1%253D132893-221468-%255BP_ID_CLICK%255D-624665703-45567-18-d--r-2023%2526subid%253D58974%26said%3D132893%26cp%3D45567%26id%3D38712128%26s%3D24120%26bann%3D221468&sid=58974&said=132893&suid=24102172&tracker=132893-221468-%5BP_ID_CLICK%5D-624665703-45567&cp=45567&url2=https%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Fredirect.php%3Furl%3Dhttps%253A%252F%252Fa.movingfwd.co%252Fredirect%252Fl%252F57922347-f3a9-48d4-b0b3-1e6f8dc1a00c%252F9fee8966-4422-4909-aa02-14467e575996%252F1984%253Ft1%253D132893-221468-%255BP_ID_CLICK%255D-624665703-45567-18-d--r-2024%2526subid%253D58974%26said%3D132893%26cp%3D45567%26id%3D38712128%26s%3D24120%26bann%3D221468&url3=https%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Fredirect.php%3Furl%3Dhttps%253A%252F%252Fa.movingfwd.co%252Fredirect%252Fl%252F57922347-f3a9-48d4-b0b3-1e6f8dc1a00c%252F9fee8966-4422-4909-aa02-14467e575996%252F1984%253Ft1%253D132893-221468-%255BP_ID_CLICK%255D-624665703-45567-18-d--r-2025%2526subid%253D58974%26said%3D132893%26cp%3D45567%26id%3D38712128%26s%3D24120%26bann%3D221468&urlclick=http%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Flink.php%3Furl%3Dm9en1NmfaJHHkZ%252Bl2MzQoJbYmZDGopSlmcbKq5iYrWifkmibn5drlZqaX5yVxJtmZJmZlpCVlZVnj5KeaZtxnZaUlJSWyGibzMiXbpuZmGZklWeUkGeeY22PwppjZ2ZqZ5dpm8uacJefnGhlk5yabW%252FVZp%252BUZpdrbZWOa2VmbW9rkI60xa59wamve3mtwI9vYpVrmJhqlWZhlpZuaWxmamuQl5GT12aUlpVlXNXYxKKUnmqanGqZ&urlclick2=http%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Flink.php%3Furl%3Dm9en1NmfaJHHkZ%252Bl2MzQoJbYmZDGopSlmcbKq5iYrWifkmibn5drlZqaX5yVxJtmZJmZlpCVlZVnj5KeaZtxnZaUlJSWyGibzMiXbpuZmGZklWeUkGeeY22PwppjZ2ZqZ5dpm8uacJefnGhlk5yabW%252FVZp%252BUZpdrbZWOa2VmbW9rkI60xa59wamve3mtwI9vYpVrmJhqlWZhlpZuaWxmamuQl5GT12aUlpVmXNXYxKKUnmqanGqZ&urlclick3=http%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Flink.php%3Furl%3Dm9en1NmfaJHHkZ%252Bl2MzQoJbYmZDGopSlmcbKq5iYrWifkmibn5drlZqaX5yVxJtmZJmZlpCVlZVnj5KeaZtxnZaUlJSWyGibzMiXbpuZmGZklWeUkGeeY22PwppjZ2ZqZ5dpm8uacJefnGhlk5yabW%252FVZp%252BUZpdrbZWOa2VmbW9rkI60xa59wamve3mtwI9vYpVrmJhqlWZhlpZuaWxmamuQl5GT12aUlpVnXNXYxKKUnmqanGqZ
Frame ID: C124B78CF17486CE685E434434D001CA
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240103/r20190131/zrt_lookup_fy2021.html
Frame ID: 590E58ED5B4F8F24B5A03DA8FD05E9D6
Requests: 1 HTTP requests in this frame

Frame: https://www.1clic1don.fr/tagpdis.php
Frame ID: 04F36D7DD401B9A13F59A20BC730F2F4
Requests: 23 HTTP requests in this frame

Frame: https://adnade.net/ptp/?user=pas30
Frame ID: DE93A9FE92113FF63AC239012F4A97DD
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7875785440405840&output=html&adk=1812271804&adf=3025194257&lmt=1704499293&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=308x1080_l%7C260x1080_r&format=0x0&url=https%3A%2F%2Fturfpmu.fr.gd%2F%23&ea=0&host=ca-host-pub-1483906849246906&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704499292827&bpp=3&bdt=194&idt=298&shv=r20240103&mjsv=m202401030101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=846637050771&frm=20&pv=2&ga_vid=638129887.1704499293&ga_sid=1704499293&ga_hid=1817525140&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C95320239%2C31079714%2C31080235%2C95320869%2C95321252&oid=2&pvsid=680737627759872&tmod=1983467773&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=308
Frame ID: 768098DE700C3E959E04CB9BF2F0EA99
Requests: 1 HTTP requests in this frame

Frame: https://adz2you.xyz/serve/show.php?a=33&b=468x15
Frame ID: 2ED5DC17207BFC8898A8E5EC0C4B2BCB
Requests: 1 HTTP requests in this frame

Frame: https://adz2you.xyz/serve/show.php?a=33&b=236x15
Frame ID: 586C6DD8618A18E005C6D5F414BA17DB
Requests: 1 HTTP requests in this frame

Frame: https://www.1clic1don.fr/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
Frame ID: 443179F77B9902DE815360579932B97F
Requests: 2 HTTP requests in this frame

Frame: https://core.arc.io/broker.html?76bc4f3
Frame ID: 0D90565B9565A77CEF90923237A623B7
Requests: 7 HTTP requests in this frame

Frame: https://cduspenden.de/partner/
Frame ID: A08AE37FCCF71599638F49A879DD66BD
Requests: 1 HTTP requests in this frame

Frame: https://ad.a-ads.com/2276544?size=468x60&background_color=618cb8&text_color=000000&title_color=ffffff&title_hover_color=dadada&link_color=d8f15e&link_hover_color=ff0000
Frame ID: F6C1709E1A0B470C08E17EF3CC28FF69
Requests: 3 HTTP requests in this frame

Frame: https://deliver.adnade.net/?id=vYzSK63cWB7Z7Gg2nAuLTHYNoaHq2Ma9ABrFYo02m0IZNjERmLOEls75KrGsxCm4&d=fRZQDSX8nrgx9HOlK5WTiTXIyzjvfaZv
Frame ID: 4FD465B5B0D7B423A0F87934ED7E0939
Requests: 2 HTTP requests in this frame

Frame: https://billigerscheiss.de/?t=1704499293&ln=1
Frame ID: F13A691B81BC59DCAD38B8DB0544159B
Requests: 1 HTTP requests in this frame

Frame: https://pornito.de/
Frame ID: 4B7EA66791A7FC9FAC79C7DCAC0BB4BD
Requests: 42 HTTP requests in this frame

Frame: https://embed.chatlotto.de/?chatroom=3dff73d260d07f70
Frame ID: B359BBF19184E68CC35F5EACF044CA13
Requests: 1 HTTP requests in this frame

Frame: https://deli.misaglam.com/prepare/channel/?chilli=tiktok
Frame ID: C7C9EA26AD43A40A56D4B64AD76D756E
Requests: 3 HTTP requests in this frame

Frame: https://ad4m.at/cookie-frame.html
Frame ID: DF50DBAAA53CE3C153366614730BB0B8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240103/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 4E434F57264A16200A8437CE7037E3B6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240103/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 3C56238950DB50E1A4C1022132C5E320
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240103/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: E5B2BD32B4852D214A8EB622EEC58E96
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UYqeTEmAEwAQ&v=APEucNWk5he4PrZkRTckdSHqPFOHTmgxd9ZN7DbNzqxQbpVXTyjrXD8bkT_wEByr3G8SXMKJZnfe81adOlaowDBqMpxWGg2bIQG5gWrs4tU56q7g2dxS8azLdltZXigNjnp2VsOreja8NifR0w7-yx9gqySoNP6D-x2H4Os2m7iMkghU94-VRPA
Frame ID: 7EB425E1224C01A1B633BB4157F834FA
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Frame ID: 0F64B4F54A930DACDAE7738A43AB6545
Requests: 12 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=517451%2C19769%2C191668&b=bGVmhQfZf2dxqaYHbHztKt3KeGfbS3tMdEHJ%2CYAqkcrf3fYG9tVH9HetQtRdkTkSWtd92ur%2CbGVmhQfZf5gY1hYHbHztKtDwMKUbS3tMdEHJ&f=3r48Upf4f9ZBVF7HrHAtXC2PzAaPSztKZwCd%2CqxgqhmfWfpgbfZHgHDtRCX9ETeS3tJDxC3%2C3r48Upf4fX63dc7HrHAtXCr9wPTPSztKZwCd&c=300&d=250&e=&g=d18243bfa2950b7f865d2ac411a0005d%2F6857293066795638964&i=197676%2C21630%2C75452&j=52%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=Influencer_TT_advancedad_300x250&r=1704499293834&y=1&s=&z=0
Frame ID: 00F14A05304C8303493F292D3FECC442
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UYqeTEmAEwAQ&v=APEucNWtp8GzpDt6mmjVXg3sluTxHJG4uh0dc7QD9QmeLPvavCwJFAz90YvkJqHnMFQCSY02pGwuL_AtlF9s4aopN--DGczlFTiJljf4Wqp3Xr42yvK_n3OI2i_kz_vTpMKCJyyIz-ZX8vsrqz_XFqm0xB6WJ_tNG0jC1JRGj_tb1a_Mz7wh4l8
Frame ID: 2FD3DDFADE93C84CF2CE137CB5DDC434
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Frame ID: A8623BC43ACD00A24935F432BA054D61
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UY_OrEmAEwAQ&v=APEucNXvHQqB0Ar5ttuuYT7575bXy5M9wugxrrFhalz4PhKfiGILo7DlGHyIX-aCMis95gmqBRmEHEZygigv5Y6_3636WyGRnE4u714tS2Wcpza81S5hHJj0Ql17NpyG_qT7RFZ-uXJQFDY1AETQxAxyl6NSDSIZ-vuNVel5id6p8t9NFH7xPEo
Frame ID: 58A16E1B3778EAB9AD72DB6781A3EA61
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Frame ID: 84DBD3223613863C9FDBDA92E9454CA0
Requests: 12 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
Frame ID: 1CCAE0A337E652C5DA2C706476AD1667
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: A91AEC83E881351C0C059181EBF12DBC
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 8216287979A964A37B9077D036D466BA
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: ADBE04761FD2203DFD41E527DC6BBB7C
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
Frame ID: 842BC7BF82A87351EB6C942BB9402DA8
Requests: 14 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250
Frame ID: 4D7260F7DED14872CBC6EC184AE6ECCA
Requests: 14 HTTP requests in this frame

Frame: https://static.arc.io/widget/css/widget.css?76bc4f3
Frame ID: 8EDACEB38ADFDE880E677527703C3A8B
Requests: 3 HTTP requests in this frame

Frame: https://static.arc.io/widget/css/widget.css?76bc4f3
Frame ID: DEF59FE6D2E3520BA03ABB0FDE67CBAC
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: AD2102861FE864F40DCB9F3BD8E6F4C6
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: DCEF76B428E7C848875D4115C67A2391
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

TURFPMU - ACCUEIL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Mautic (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

[^a-z]mtc.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

267
Requests

93 %
HTTPS

50 %
IPv6

40
Domains

59
Subdomains

41
IPs

5
Countries

6825 kB
Transfer

13820 kB
Size

21
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://pubdirecte.com/?said=132893&id=132893
Title: Votre pub ici avec Pubdirecte.com

Search URL Search Domain Scan URL

URL: http://www.root-top.com/topsite/sitespmu/in.php?ID=9

Search URL Search Domain Scan URL

URL: http://www.fortunepmu.fr.gd/

Search URL Search Domain Scan URL

URL: http://www.turfologie.fr.gd/

Search URL Search Domain Scan URL

URL: https://elvyturf.blogspot.com/

Search URL Search Domain Scan URL

URL: http://www.franckyturf.fr.gd/

Search URL Search Domain Scan URL

URL: http://www.jeugagnant.fr.gd/

Search URL Search Domain Scan URL

URL: http://www.chevalcourse.wixsite.com/chevalcourse

Search URL Search Domain Scan URL

URL: http://www.triotierce.fr.gd/

Search URL Search Domain Scan URL

URL: http://www.basecouple.fr.gd/

Search URL Search Domain Scan URL

URL: http://www.jeupmu.wixsite.com/pmufr

Search URL Search Domain Scan URL

URL: https://mariacourse.blogspot.com/

Search URL Search Domain Scan URL

URL: https://yannpmu.blogspot.com/

Search URL Search Domain Scan URL

URL: https://www.ma-page.fr/?c=4000&utm_source=selfpromotion&utm_campaign=overlay&utm_medium=footer
Title: Ce site web a été créé gratuitement avec Ma-page.fr. Tu veux aussi ton propre site web ? S'inscrire gratuitement

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

https://www.1clic1don.fr/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://www.1clic1don.fr/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

Request Chain 73

https://adnade.net/surfbar/?p=1 HTTP 302
https://billigerscheiss.de/?g=0 HTTP 302
https://pornito.de/

Request Chain 162

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIT-zZS7dTxKuqLcfFj41Wk&google_cver=1

Request Chain 163

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZiYXlwJcn5ZcWIariJRKwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDaIaLItDhf5HI26Fa2_0QI&google_cver=1

Request Chain 164

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEEiD9zCF1_xpnagV9JSJatU&google_cver=1

Request Chain 165

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTM4NTUwMTUwMDUxMDY5ODIxMA%3D%3D

Request Chain 176

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECdvHaNyjqkhYSYB8u4FDS8&google_cver=1

Request Chain 177

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZiYXlwJcn5ZcWIariJRKwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDaIaLItDhf5HI26Fa2_0QI&google_cver=1

Request Chain 178

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEO31s4_GqALo5MJtWrdIfxg&google_cver=1

Request Chain 179

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTM4NTUwMTUwMDUxMDY5ODIxMA%3D%3D

Request Chain 183

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDaIaLItDhf5HI26Fa2_0QI&google_cver=1

Request Chain 184

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZiYXjsyNev1t-M37E5xjAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDaIaLItDhf5HI26Fa2_0QI&google_cver=1

Request Chain 185

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECk4v_tItC9JVzl9ujtfch4&google_cver=1

Request Chain 186

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzgxOTAyNTI1MTU3MTE3NTExNQ%3D%3D

267 HTTP transactions
17 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
turfpmu.fr.gd/ 377 KB
239 KB 302ms
105ms Document
text/html 193.238.27.28
IPX-AS15598

General

Check archive.org

Show headers Download Go to

Full URL: https://turfpmu.fr.gd/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.238.27.28 , Germany, ASN15598 (IPX-AS15598, DE),
Reverse DNS: fr.gd
Software: nginx /
Resource Hash: 03146b321da29afb9e3baf359d91c3046585f832bcb78ad48b4ec73973bfdc0b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Accept-Ranges: bytes
Age: 0
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=ISO-8859-15
Date: Sat, 06 Jan 2024 00:01:32 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx
Transfer-Encoding: chunked
Vary: User-Agent,Accept-Encoding
Via: 1.1 varnish-v4
X-Varnish: 375865307
X-wm-1: b5c15a4f00826b560de2380c0e08f5b7
X-wm-VIP: 193.238.27.28
X-wm-req.backend: SitesGET
X-wm-req.backend.healthy: true
X-wm-req.restarts: 0

GET
H/1.1 200
OK snow2.js Show response
wtheme.webme.com/designs/globals/ 3 KB
2 KB 143ms
24ms Script
application/x-javascript 178.162.223.113
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://wtheme.webme.com/designs/globals/snow2.js
Requested by: Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.162.223.113 Bonn, Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: misc.webme.com
Software: nginx /
Resource Hash: 72853f2308c487532cb505ff7fec1df99dca4cbfd22c5b36ce42408d8a0cfbac

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Sat, 06 Jan 2024 00:01:32 GMT
Via: 1.1 varnish-v4, 1.1 varnish-v4
Content-Encoding: gzip
Last-Modified: Tue, 20 May 2014 07:37:44 GMT
Server: nginx
X-wm-VIP: 193.238.27.17
Age: 45309
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Varnish: 293347113, 161996516 135946441
Cache-Control: max-age=3628800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1140
Expires: Fri, 16 Feb 2024 11:26:23 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 146 KB
50 KB 139ms
76ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7875785440405840&host=ca-host-pub-1483906849246906

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e433154269640d4406564936982e98152c37ec2bbaffc22e9ce7b852ee4d1045

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://turfpmu.fr.gd/
Origin: https://turfpmu.fr.gd
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51098
x-xss-protection: 0
server: cafe
etag: 10654148651967434731
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Sat, 06 Jan 2024 00:01:32 GMT

GET
H/1.1 200
OK head.gif
theme.webme.com/designs/butterfly/images_gelb/ 55 B
467 B 180ms
23ms Image
image/gif 178.162.223.113
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://theme.webme.com/designs/butterfly/images_gelb/head.gif
Requested by: Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.162.223.113 Bonn, Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: misc.webme.com
Software: nginx /
Resource Hash: c1028557934275fefa71b3860b6bb33797343a5fdc8d734119fb5374dc0a91fa

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Sat, 06 Jan 2024 00:01:32 GMT
Via: 1.1 varnish-v4, 1.1 varnish-v4
Last-Modified: Tue, 20 May 2014 07:37:44 GMT
Server: nginx
X-wm-VIP: 193.238.27.17
Age: 9445
Content-Type: image/gif
X-Varnish: 363955278, 155737919 159338169
Cache-Control: max-age=3628800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 55
Expires: Fri, 16 Feb 2024 21:24:07 GMT

GET
H/1.1 200
OK chevaux.jpg
img.webme.com/pic/t/turfpmu/ 4 KB
4 KB 159ms
32ms Image
image/jpeg 178.162.223.114
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.webme.com/pic/t/turfpmu/chevaux.jpg
Requested by: Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.162.223.114 Bonn, Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: img.webme.com
Software: nginx /
Resource Hash: 1855fefe02102472065e0d98d2fcc8faed8c106ac8269aba472ff044942b409b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Sat, 06 Jan 2024 00:01:32 GMT
Via: 1.1 varnish-v4, 1.1 varnish-v4
Last-Modified: Fri, 26 Dec 2014 19:43:17 GMT
Server: nginx
X-wm-VIP: 193.238.27.18
Age: 6733
ETag: "549dba55-f0e"
X-Varnish: 365593857, 155737917 162602455
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3854

GET
H/1.1 200
OK banniere.php Show response
pubdirecte.com/script/ 3 KB
2 KB 141ms
62ms Script
application/javascript 95.142.100.82
ATOM86-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pubdirecte.com/script/banniere.php?said=132893
Requested by: Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.142.100.82 , Netherlands, ASN47543 (ATOM86-AS, NL),
Reverse DNS: ofwallet.bestpaths.net
Software: Apache /
Resource Hash: 6cc44d0e11fa922fc41e655921e338fabcaa9d6b7d5001872669c74de8038e00

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Jan 2024 23:59:37 GMT
Content-Encoding: gzip
Server: Apache
X-ssl: 1
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Length: 1063
Expires: Sun, 01 Jan 2014 00:00:00 GMT

GET
H/1.1 200
OK creditcard.gif
payment.allopass.com/images/common/logos/large/ 3 KB
3 KB 156ms
27ms Image
image/gif 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.allopass.com/images/common/logos/large/creditcard.gif
Requested by: Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: de7a53bd6dd86a48393788feb7c5bd0940346d7641c5bf83a7ac740745332bd0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Sat, 06 Jan 2024 00:01:32 GMT
Last-Modified: Mon, 21 Aug 2023 10:50:26 GMT
Server: Apache
ETag: "20695-cab-6036ca55dc080"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 3243

GET
H/1.1 200
OK bitcoin0.png
img.webme.com/pic/t/turfpmu/ 398 KB
398 KB 184ms
57ms Image
image/png 178.162.223.114
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.webme.com/pic/t/turfpmu/bitcoin0.png
Requested by: Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.162.223.114 Bonn, Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: img.webme.com
Software: nginx /
Resource Hash: 4c1b3e1f2427be52ddd1ce67e385d4edb0e1f77085d5ad0c76711aa41ec82533

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Sat, 06 Jan 2024 00:01:32 GMT
Via: 1.1 varnish-v4, 1.1 varnish-v4
Last-Modified: Wed, 05 Sep 2018 04:37:40 GMT
Server: nginx
X-wm-VIP: 193.238.27.18
Age: 43901
ETag: "5b8f5d94-63784"
X-Varnish: 303301534, 161996518 161517041
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 407428

GET
H/1.1 200
OK Bitcoin5.jpg
img.webme.com/pic/t/turfpmu/ 218 KB
218 KB 214ms
55ms Image
image/jpeg 178.162.223.114
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.webme.com/pic/t/turfpmu/Bitcoin5.jpg
Requested by: Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.162.223.114 Bonn, Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: img.webme.com
Software: nginx /
Resource Hash: 449902b23f3a9b228798443448460461023e4332932bc0d2445249241c755eae

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Sat, 06 Jan 2024 00:01:32 GMT
Via: 1.1 varnish-v4, 1.1 varnish-v4
Last-Modified: Wed, 05 Sep 2018 03:45:58 GMT
Server: nginx
X-wm-VIP: 193.238.27.18
Age: 43901
ETag: "5b8f5176-3686a"
X-Varnish: 297132632, 161996522 161292814
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 223338

GET
H/1.1 404
Not Found iframe_sponsor.eur
www.allosponsor.com/cgi-bin/ 0
0 375ms
21ms Script
text/html 212.83.183.115
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.allosponsor.com/cgi-bin/iframe_sponsor.eur?num_site_aff=88241&type=1&popinto=1&s=1
Requested by: Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.83.183.115 , France, ASN12876 (Online SAS, FR),
Reverse DNS: unanimateur.com
Software: /
Resource Hash

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H2 200 1.gif
1.bp.blogspot.com/-BD5RmPbbXEw/WePsXr6sfZI/AAAAAAAAAHk/xA9VeXE9njYRxTLmxU5vhYzFYaaXiscKACLcBGAs/s1600/ 12 KB
12 KB 346ms
283ms Image
image/gif 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-BD5RmPbbXEw/WePsXr6sfZI/AAAAAAAAAHk/xA9VeXE9njYRxTLmxU5vhYzFYaaXiscKACLcBGAs/s1600/1.gif

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

841daeb38076ca3b8f1023b2ed02d28409b48ed9613eebf2f739dc7d2183f93b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="1.gif"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11928
x-xss-protection: 0
server: fife
etag: "v7b"
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 07 Jan 2024 00:01:33 GMT

GET
H2 200 7-Fortunepmu.jpg
3.bp.blogspot.com/-0buXtmhM_Bo/WeP0sRgGFcI/AAAAAAAAAIY/ejgorUHYluc3_liBj-el_lynYZCeFmeCQCLcBGAs/s1600/ 7 KB
7 KB 447ms
384ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3.bp.blogspot.com/-0buXtmhM_Bo/WeP0sRgGFcI/AAAAAAAAAIY/ejgorUHYluc3_liBj-el_lynYZCeFmeCQCLcBGAs/s1600/7-Fortunepmu.jpg

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

0ff70c3d9aedd4f0ca4024d40c709184fc5f3376ed65e14dd3bb6fb047d6b26a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
x-content-type-options: nosniff
server: fife
etag: "v8b"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="7-Fortunepmu.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7373
x-xss-protection: 0
expires: Sun, 07 Jan 2024 00:01:33 GMT

GET
H2 200 3-Turfologie.jpg
3.bp.blogspot.com/-zwjuKdNa14s/WePvg3gSBwI/AAAAAAAAAH8/ES_tMDYbmLApyDXZo_3gPkl_lQz_C5IngCLcBGAs/s1600/ 7 KB
8 KB 371ms
308ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3.bp.blogspot.com/-zwjuKdNa14s/WePvg3gSBwI/AAAAAAAAAH8/ES_tMDYbmLApyDXZo_3gPkl_lQz_C5IngCLcBGAs/s1600/3-Turfologie.jpg

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b85d577c9372317faa6365a789a52e6217c407d61e1c637ecb088e7b075e39ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
x-content-type-options: nosniff
server: fife
etag: "v80"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="3-Turfologie.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7655
x-xss-protection: 0
expires: Sun, 07 Jan 2024 00:01:33 GMT

GET
H2 200 5-Elvyturf.jpg
4.bp.blogspot.com/-zrp7AJ5IDIo/WeP0rYo67SI/AAAAAAAAAIM/4MkNeX01eYsxKBq1gbW-YQ-omLlsm1IdACLcBGAs/s1600/ 4 KB
4 KB 263ms
196ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://4.bp.blogspot.com/-zrp7AJ5IDIo/WeP0rYo67SI/AAAAAAAAAIM/4MkNeX01eYsxKBq1gbW-YQ-omLlsm1IdACLcBGAs/s1600/5-Elvyturf.jpg

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

dd694ce4f5c42e852c4fefe654d7e946e3febca32a9b225f0d2533c4c09a7af4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="5-Elvyturf.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3846
x-xss-protection: 0
server: fife
etag: "v8b"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 07 Jan 2024 00:01:33 GMT

GET
H2 200 11-Franckyturf.jpg
1.bp.blogspot.com/-jwvAv4AQ6os/WeP1RzULVCI/AAAAAAAAAIk/SucIVZUNs4cWJi8bPNrJeOGNGx6BdqALgCLcBGAs/s1600/ 3 KB
3 KB 484ms
433ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-jwvAv4AQ6os/WeP1RzULVCI/AAAAAAAAAIk/SucIVZUNs4cWJi8bPNrJeOGNGx6BdqALgCLcBGAs/s1600/11-Franckyturf.jpg

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

aa420362f766c5ef90bd60b72610df9dcb600728866f887d8dd1ed76134e6ed3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="11-Franckyturf.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3154
x-xss-protection: 0
server: fife
etag: "v8b"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 07 Jan 2024 00:01:33 GMT

GET
H2 200 9-Jeugagnant.jpg
1.bp.blogspot.com/-mm4blhBro28/WeP1R9wSsSI/AAAAAAAAAIg/GNdkb8XyBJA7poDE6cyOsiHs3k4Kpw_5wCLcBGAs/s1600/ 3 KB
3 KB 468ms
417ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-mm4blhBro28/WeP1R9wSsSI/AAAAAAAAAIg/GNdkb8XyBJA7poDE6cyOsiHs3k4Kpw_5wCLcBGAs/s1600/9-Jeugagnant.jpg

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5fe6d6f3586a8cd3eb4854532649dadd38d5c783ebc54e18f4ee53760cdea049

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="9-Jeugagnant.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3360
x-xss-protection: 0
server: fife
etag: "v8b"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 07 Jan 2024 00:01:33 GMT

GET
H2 200 2.jpg
1.bp.blogspot.com/-5vVMQdatzKE/WePtEHIzIII/AAAAAAAAAHo/BscQJqA2JGY622rB36fO-nn9FMs74_jXACLcBGAs/s1600/ 7 KB
7 KB 258ms
208ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-5vVMQdatzKE/WePtEHIzIII/AAAAAAAAAHo/BscQJqA2JGY622rB36fO-nn9FMs74_jXACLcBGAs/s1600/2.jpg

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e9ce2ffeea5b16b30a437724a8e2d62c3fb24c79946ee6b2b9dd04e5f925ee27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="2.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7042
x-xss-protection: 0
server: fife
etag: "v7b"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 07 Jan 2024 00:01:33 GMT

GET
H2 200 8-Triotierce.jpg
3.bp.blogspot.com/-HkOXoFzsoJY/WeP0sqqvUuI/AAAAAAAAAIc/mbH6RHcOD8YzeCAts9mos3esNLkTtfgSwCLcBGAs/s1600/ 3 KB
3 KB 449ms
399ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3.bp.blogspot.com/-HkOXoFzsoJY/WeP0sqqvUuI/AAAAAAAAAIc/mbH6RHcOD8YzeCAts9mos3esNLkTtfgSwCLcBGAs/s1600/8-Triotierce.jpg

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7ff761f2ba0d8641eed5cbd75d0d86f2c82e1171c6b85db25b9f0e56da21e4be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
x-content-type-options: nosniff
server: fife
etag: "v8b"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="8-Triotierce.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3489
x-xss-protection: 0
expires: Sun, 07 Jan 2024 00:01:33 GMT

GET
H2 200 10-Basecouple.jpg
3.bp.blogspot.com/-59og58k-L8k/WeP1Rw8OqzI/AAAAAAAAAIo/OM9CRBd6BGsgFMWLYjEAfL0eh7odAfLugCLcBGAs/s1600/ 3 KB
3 KB 423ms
395ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3.bp.blogspot.com/-59og58k-L8k/WeP1Rw8OqzI/AAAAAAAAAIo/OM9CRBd6BGsgFMWLYjEAfL0eh7odAfLugCLcBGAs/s1600/10-Basecouple.jpg

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d25c183a7ea5847b7502fdec80211907a7dd9dbb824461c1592809e467a2c64c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
x-content-type-options: nosniff
server: fife
etag: "v8b"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="10-Basecouple.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2914
x-xss-protection: 0
expires: Sun, 07 Jan 2024 00:01:33 GMT

GET
H2 200 4-Jeupmu.jpg
2.bp.blogspot.com/-xq2Gpuafdug/WeP0ri4QeTI/AAAAAAAAAIU/I74QvrB3ZhAlUYl7VlbsnR7u0nW_Pe0swCLcBGAs/s1600/ 3 KB
3 KB 359ms
358ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://2.bp.blogspot.com/-xq2Gpuafdug/WeP0ri4QeTI/AAAAAAAAAIU/I74QvrB3ZhAlUYl7VlbsnR7u0nW_Pe0swCLcBGAs/s1600/4-Jeupmu.jpg

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

66ca37fff82b4c704deedd773e690c7a0a3a0d28014376b00fe5222fda4ee688

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="4-Jeupmu.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2672
x-xss-protection: 0
server: fife
etag: "v8b"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 07 Jan 2024 00:01:33 GMT

GET
H2 200 AVvXsEjWiXAdxHXRsuyhdLWYAvcmHgSayhi7lWQXbhhMpnlqz03dMFqA_jiHg5OLR01x_da6mVmelcUJb5H1FaWg_y05HtXDohlYhEZ9YHveypUU5Eglv2pH5Wd9CcDtUU5ha7ZQv31wYlv3u-ZyalnS6PZqpLQUDuytRgNUS-jyWOY6tG5iHxIyJ8AtG0zi=s175
blogger.googleusercontent.com/img/a/ 12 KB
12 KB 669ms
609ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/a/AVvXsEjWiXAdxHXRsuyhdLWYAvcmHgSayhi7lWQXbhhMpnlqz03dMFqA_jiHg5OLR01x_da6mVmelcUJb5H1FaWg_y05HtXDohlYhEZ9YHveypUU5Eglv2pH5Wd9CcDtUU5ha7ZQv31wYlv3u-ZyalnS6PZqpLQUDuytRgNUS-jyWOY6tG5iHxIyJ8AtG0zi=s175

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

65138a48b724e8ab3a71783ad462dc20ebe73578473396fd8e67034014f98d34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
x-content-type-options: nosniff
server: fife
etag: "v37d"
vary: Origin
content-type: image/jpeg
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="YANNPMU1.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11922
x-xss-protection: 0
expires: Sun, 07 Jan 2024 00:01:33 GMT

GET
H/1.1 200
OK 221468_frame.php Show response
www.linkredirect.biz/b-images/ Frame C124 3 KB
1 KB 108ms
26ms Document
text/html 95.142.100.82
ATOM86-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.linkredirect.biz/b-images/221468_frame.php?url=https%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Fredirect.php%3Furl%3Dhttps%253A%252F%252Fa.movingfwd.co%252Fredirect%252Fl%252F57922347-f3a9-48d4-b0b3-1e6f8dc1a00c%252F9fee8966-4422-4909-aa02-14467e575996%252F1984%253Ft1%253D132893-221468-%255BP_ID_CLICK%255D-624665703-45567-18-d--r-2023%2526subid%253D58974%26said%3D132893%26cp%3D45567%26id%3D38712128%26s%3D24120%26bann%3D221468&sid=58974&said=132893&suid=24102172&tracker=132893-221468-%5BP_ID_CLICK%5D-624665703-45567&cp=45567&url2=https%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Fredirect.php%3Furl%3Dhttps%253A%252F%252Fa.movingfwd.co%252Fredirect%252Fl%252F57922347-f3a9-48d4-b0b3-1e6f8dc1a00c%252F9fee8966-4422-4909-aa02-14467e575996%252F1984%253Ft1%253D132893-221468-%255BP_ID_CLICK%255D-624665703-45567-18-d--r-2024%2526subid%253D58974%26said%3D132893%26cp%3D45567%26id%3D38712128%26s%3D24120%26bann%3D221468&url3=https%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Fredirect.php%3Furl%3Dhttps%253A%252F%252Fa.movingfwd.co%252Fredirect%252Fl%252F57922347-f3a9-48d4-b0b3-1e6f8dc1a00c%252F9fee8966-4422-4909-aa02-14467e575996%252F1984%253Ft1%253D132893-221468-%255BP_ID_CLICK%255D-624665703-45567-18-d--r-2025%2526subid%253D58974%26said%3D132893%26cp%3D45567%26id%3D38712128%26s%3D24120%26bann%3D221468&urlclick=http%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Flink.php%3Furl%3Dm9en1NmfaJHHkZ%252Bl2MzQoJbYmZDGopSlmcbKq5iYrWifkmibn5drlZqaX5yVxJtmZJmZlpCVlZVnj5KeaZtxnZaUlJSWyGibzMiXbpuZmGZklWeUkGeeY22PwppjZ2ZqZ5dpm8uacJefnGhlk5yabW%252FVZp%252BUZpdrbZWOa2VmbW9rkI60xa59wamve3mtwI9vYpVrmJhqlWZhlpZuaWxmamuQl5GT12aUlpVlXNXYxKKUnmqanGqZ&urlclick2=http%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Flink.php%3Furl%3Dm9en1NmfaJHHkZ%252Bl2MzQoJbYmZDGopSlmcbKq5iYrWifkmibn5drlZqaX5yVxJtmZJmZlpCVlZVnj5KeaZtxnZaUlJSWyGibzMiXbpuZmGZklWeUkGeeY22PwppjZ2ZqZ5dpm8uacJefnGhlk5yabW%252FVZp%252BUZpdrbZWOa2VmbW9rkI60xa59wamve3mtwI9vYpVrmJhqlWZhlpZuaWxmamuQl5GT12aUlpVmXNXYxKKUnmqanGqZ&urlclick3=http%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Flink.php%3Furl%3Dm9en1NmfaJHHkZ%252Bl2MzQoJbYmZDGopSlmcbKq5iYrWifkmibn5drlZqaX5yVxJtmZJmZlpCVlZVnj5KeaZtxnZaUlJSWyGibzMiXbpuZmGZklWeUkGeeY22PwppjZ2ZqZ5dpm8uacJefnGhlk5yabW%252FVZp%252BUZpdrbZWOa2VmbW9rkI60xa59wamve3mtwI9vYpVrmJhqlWZhlpZuaWxmamuQl5GT12aUlpVnXNXYxKKUnmqanGqZ
Requested by: Host: pubdirecte.com
URL: https://pubdirecte.com/script/banniere.php?said=132893
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.142.100.82 , Netherlands, ASN47543 (ATOM86-AS, NL),
Reverse DNS: ofwallet.bestpaths.net
Software: Apache /
Resource Hash: 297eb4b72cc7f085d06f2fbc5a61c8bbca3848e8077fd489d4ee57a329195fcf

Request headers

Referer: https://turfpmu.fr.gd/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Connection: close
Content-Encoding: gzip
Content-Length: 833
Content-Type: text/html; charset=UTF-8
Date: Fri, 05 Jan 2024 23:59:37 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
X-ssl: 1

GET moz-screenshot-3.jpg
/C:/Users/DARIUS~1/AppData/Local/Temp/ 0
0

GET moz-screenshot.jpg
/C:/Users/DARIUS~1/AppData/Local/Temp/ 0
0

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44260867bddea6dbd4e4cad76ddc27cbb117382dfec087853087df27bc0ab594

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 16 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 401462f0c5d5280a2c9368df4627350893799f5fc63f8224ff9f60ae62d03a48

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H/1.1 200
OK arrplan.jpg
img.webme.com/pic/t/turfpmu/ 14 KB
14 KB 194ms
62ms Image
image/jpeg 178.162.223.114
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.webme.com/pic/t/turfpmu/arrplan.jpg
Requested by: Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.162.223.114 Bonn, Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: img.webme.com
Software: nginx /
Resource Hash: 5538ae8d49ed505cc5b0d6c242cb2d4ae66ccff64f4b8031c2fe97549700268f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Sat, 06 Jan 2024 00:01:32 GMT
Via: 1.1 varnish-v4, 1.1 varnish-v4
Last-Modified: Fri, 26 Dec 2014 19:43:18 GMT
Server: nginx
X-wm-VIP: 193.238.27.18
Age: 6732
ETag: "549dba56-3632"
X-Varnish: 364801604, 161996520 162602478
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13874

GET
H/1.1 200
OK turfpmu.jpg
img.webme.com/pic/t/turfpmu/ 21 KB
22 KB 200ms
70ms Image
image/jpeg 178.162.223.114
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.webme.com/pic/t/turfpmu/turfpmu.jpg
Requested by: Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.162.223.114 Bonn, Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: img.webme.com
Software: nginx /
Resource Hash: db56d38a70b5e4aa3b1f567279fe9ba7b21525e5001f8080bf1a5b6fcaeffc40

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Sat, 06 Jan 2024 00:01:32 GMT
Via: 1.1 varnish-v4, 1.1 varnish-v4
Last-Modified: Fri, 26 Dec 2014 19:43:17 GMT
Server: nginx
X-wm-VIP: 193.238.27.18
Age: 32952
ETag: "549dba55-55be"
X-Varnish: 318135366, 155737921 162241365
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21950

GET
H/1.1 200
OK headline_bg.gif
theme.webme.com/designs/butterfly/images/ 7 KB
7 KB 189ms
26ms Image
image/gif 178.162.223.113
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://theme.webme.com/designs/butterfly/images/headline_bg.gif
Requested by: Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.162.223.113 Bonn, Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: misc.webme.com
Software: nginx /
Resource Hash: 1c55b41959563971bf06bb948fa2ddf094f68fab24127dce3a6caae6bf8942fc

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Sat, 06 Jan 2024 00:01:32 GMT
Via: 1.1 varnish-v4, 1.1 varnish-v4
Last-Modified: Tue, 20 May 2014 07:37:44 GMT
Server: nginx
X-wm-VIP: 193.238.27.17
Age: 50508
Content-Type: image/gif
X-Varnish: 289054628, 161996526 159835719
Cache-Control: max-age=3628800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7077
Expires: Fri, 16 Feb 2024 09:59:44 GMT

GET
H/1.1 200
OK navi.gif
theme.webme.com/designs/butterfly/images/ 216 B
630 B 177ms
30ms Image
image/gif 178.162.223.113
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://theme.webme.com/designs/butterfly/images/navi.gif
Requested by: Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.162.223.113 Bonn, Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: misc.webme.com
Software: nginx /
Resource Hash: 21d2c4a337fb0df27376038630a9c87d292ecf4bcb10d4fc7f4151601b76afd6

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Sat, 06 Jan 2024 00:01:32 GMT
Via: 1.1 varnish-v4, 1.1 varnish-v4
Last-Modified: Tue, 20 May 2014 07:37:44 GMT
Server: nginx
X-wm-VIP: 193.238.27.17
Age: 29450
Content-Type: image/gif
X-Varnish: 322121883, 161996524 161019369
Cache-Control: max-age=3628800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 216
Expires: Fri, 16 Feb 2024 15:50:42 GMT

GET
H/1.1 200
OK category_bg.gif
theme.webme.com/designs/butterfly/images_gelb/ 22 KB
22 KB 215ms
47ms Image
image/gif 178.162.223.113
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://theme.webme.com/designs/butterfly/images_gelb/category_bg.gif
Requested by: Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.162.223.113 Bonn, Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: misc.webme.com
Software: nginx /
Resource Hash: a8f896757199dafc7487174ae544878f525a1580b59cac5f6daa859c257d6c58

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Sat, 06 Jan 2024 00:01:32 GMT
Via: 1.1 varnish-v4, 1.1 varnish-v4
Last-Modified: Tue, 20 May 2014 07:37:44 GMT
Server: nginx
X-wm-VIP: 193.238.27.17
Age: 6994
Content-Type: image/gif
X-Varnish: 364885333, 161996528 164889783
Cache-Control: max-age=3628800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 22149
Expires: Fri, 16 Feb 2024 22:04:58 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401030101/ 401 KB
136 KB 149ms
95ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401030101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7875785440405840&plah=turfpmu.fr.gd&bust=31080235

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7875785440405840&host=ca-host-pub-1483906849246906

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfa308fad7980f1f2df59e13a7ffe2816742da7aa50150ccf680eaf296b34e56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139118
x-xss-protection: 0
server: cafe
etag: 16511833432174172337
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 06 Jan 2024 00:01:32 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240103/r20190131/ Frame 590E 9 KB
4 KB 88ms
26ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240103/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7875785440405840&host=ca-host-pub-1483906849246906

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://turfpmu.fr.gd/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 29884
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 05 Jan 2024 15:43:28 GMT
etag: 9219409622527106327
expires: Fri, 19 Jan 2024 15:43:28 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK logo_120.png
www.linkredirect.biz/image/ Frame C124 2 KB
2 KB 92ms
23ms Image
image/png 95.142.100.82
ATOM86-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.linkredirect.biz/image/logo_120.png
Requested by: Host: www.linkredirect.biz
URL: https://www.linkredirect.biz/b-images/221468_frame.php?url=https%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Fredirect.php%3Furl%3Dhttps%253A%252F%252Fa.movingfwd.co%252Fredirect%252Fl%252F57922347-f3a9-48d4-b0b3-1e6f8dc1a00c%252F9fee8966-4422-4909-aa02-14467e575996%252F1984%253Ft1%253D132893-221468-%255BP_ID_CLICK%255D-624665703-45567-18-d--r-2023%2526subid%253D58974%26said%3D132893%26cp%3D45567%26id%3D38712128%26s%3D24120%26bann%3D221468&sid=58974&said=132893&suid=24102172&tracker=132893-221468-%5BP_ID_CLICK%5D-624665703-45567&cp=45567&url2=https%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Fredirect.php%3Furl%3Dhttps%253A%252F%252Fa.movingfwd.co%252Fredirect%252Fl%252F57922347-f3a9-48d4-b0b3-1e6f8dc1a00c%252F9fee8966-4422-4909-aa02-14467e575996%252F1984%253Ft1%253D132893-221468-%255BP_ID_CLICK%255D-624665703-45567-18-d--r-2024%2526subid%253D58974%26said%3D132893%26cp%3D45567%26id%3D38712128%26s%3D24120%26bann%3D221468&url3=https%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Fredirect.php%3Furl%3Dhttps%253A%252F%252Fa.movingfwd.co%252Fredirect%252Fl%252F57922347-f3a9-48d4-b0b3-1e6f8dc1a00c%252F9fee8966-4422-4909-aa02-14467e575996%252F1984%253Ft1%253D132893-221468-%255BP_ID_CLICK%255D-624665703-45567-18-d--r-2025%2526subid%253D58974%26said%3D132893%26cp%3D45567%26id%3D38712128%26s%3D24120%26bann%3D221468&urlclick=http%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Flink.php%3Furl%3Dm9en1NmfaJHHkZ%252Bl2MzQoJbYmZDGopSlmcbKq5iYrWifkmibn5drlZqaX5yVxJtmZJmZlpCVlZVnj5KeaZtxnZaUlJSWyGibzMiXbpuZmGZklWeUkGeeY22PwppjZ2ZqZ5dpm8uacJefnGhlk5yabW%252FVZp%252BUZpdrbZWOa2VmbW9rkI60xa59wamve3mtwI9vYpVrmJhqlWZhlpZuaWxmamuQl5GT12aUlpVlXNXYxKKUnmqanGqZ&urlclick2=http%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Flink.php%3Furl%3Dm9en1NmfaJHHkZ%252Bl2MzQoJbYmZDGopSlmcbKq5iYrWifkmibn5drlZqaX5yVxJtmZJmZlpCVlZVnj5KeaZtxnZaUlJSWyGibzMiXbpuZmGZklWeUkGeeY22PwppjZ2ZqZ5dpm8uacJefnGhlk5yabW%252FVZp%252BUZpdrbZWOa2VmbW9rkI60xa59wamve3mtwI9vYpVrmJhqlWZhlpZuaWxmamuQl5GT12aUlpVmXNXYxKKUnmqanGqZ&urlclick3=http%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Flink.php%3Furl%3Dm9en1NmfaJHHkZ%252Bl2MzQoJbYmZDGopSlmcbKq5iYrWifkmibn5drlZqaX5yVxJtmZJmZlpCVlZVnj5KeaZtxnZaUlJSWyGibzMiXbpuZmGZklWeUkGeeY22PwppjZ2ZqZ5dpm8uacJefnGhlk5yabW%252FVZp%252BUZpdrbZWOa2VmbW9rkI60xa59wamve3mtwI9vYpVrmJhqlWZhlpZuaWxmamuQl5GT12aUlpVnXNXYxKKUnmqanGqZ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.142.100.82 , Netherlands, ASN47543 (ATOM86-AS, NL),
Reverse DNS: ofwallet.bestpaths.net
Software: Apache /
Resource Hash: 5ae7a1adba46f58f5d59595820d30f22673c04f6f3b54ae1f220a4a49cc7ec6c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.linkredirect.biz/b-images/221468_frame.php?url=https%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Fredirect.php%3Furl%3Dhttps%253A%252F%252Fa.movingfwd.co%252Fredirect%252Fl%252F57922347-f3a9-48d4-b0b3-1e6f8dc1a00c%252F9fee8966-4422-4909-aa02-14467e575996%252F1984%253Ft1%253D132893-221468-%255BP_ID_CLICK%255D-624665703-45567-18-d--r-2023%2526subid%253D58974%26said%3D132893%26cp%3D45567%26id%3D38712128%26s%3D24120%26bann%3D221468&sid=58974&said=132893&suid=24102172&tracker=132893-221468-%5BP_ID_CLICK%5D-624665703-45567&cp=45567&url2=https%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Fredirect.php%3Furl%3Dhttps%253A%252F%252Fa.movingfwd.co%252Fredirect%252Fl%252F57922347-f3a9-48d4-b0b3-1e6f8dc1a00c%252F9fee8966-4422-4909-aa02-14467e575996%252F1984%253Ft1%253D132893-221468-%255BP_ID_CLICK%255D-624665703-45567-18-d--r-2024%2526subid%253D58974%26said%3D132893%26cp%3D45567%26id%3D38712128%26s%3D24120%26bann%3D221468&url3=https%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Fredirect.php%3Furl%3Dhttps%253A%252F%252Fa.movingfwd.co%252Fredirect%252Fl%252F57922347-f3a9-48d4-b0b3-1e6f8dc1a00c%252F9fee8966-4422-4909-aa02-14467e575996%252F1984%253Ft1%253D132893-221468-%255BP_ID_CLICK%255D-624665703-45567-18-d--r-2025%2526subid%253D58974%26said%3D132893%26cp%3D45567%26id%3D38712128%26s%3D24120%26bann%3D221468&urlclick=http%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Flink.php%3Furl%3Dm9en1NmfaJHHkZ%252Bl2MzQoJbYmZDGopSlmcbKq5iYrWifkmibn5drlZqaX5yVxJtmZJmZlpCVlZVnj5KeaZtxnZaUlJSWyGibzMiXbpuZmGZklWeUkGeeY22PwppjZ2ZqZ5dpm8uacJefnGhlk5yabW%252FVZp%252BUZpdrbZWOa2VmbW9rkI60xa59wamve3mtwI9vYpVrmJhqlWZhlpZuaWxmamuQl5GT12aUlpVlXNXYxKKUnmqanGqZ&urlclick2=http%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Flink.php%3Furl%3Dm9en1NmfaJHHkZ%252Bl2MzQoJbYmZDGopSlmcbKq5iYrWifkmibn5drlZqaX5yVxJtmZJmZlpCVlZVnj5KeaZtxnZaUlJSWyGibzMiXbpuZmGZklWeUkGeeY22PwppjZ2ZqZ5dpm8uacJefnGhlk5yabW%252FVZp%252BUZpdrbZWOa2VmbW9rkI60xa59wamve3mtwI9vYpVrmJhqlWZhlpZuaWxmamuQl5GT12aUlpVmXNXYxKKUnmqanGqZ&urlclick3=http%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Flink.php%3Furl%3Dm9en1NmfaJHHkZ%252Bl2MzQoJbYmZDGopSlmcbKq5iYrWifkmibn5drlZqaX5yVxJtmZJmZlpCVlZVnj5KeaZtxnZaUlJSWyGibzMiXbpuZmGZklWeUkGeeY22PwppjZ2ZqZ5dpm8uacJefnGhlk5yabW%252FVZp%252BUZpdrbZWOa2VmbW9rkI60xa59wamve3mtwI9vYpVrmJhqlWZhlpZuaWxmamuQl5GT12aUlpVnXNXYxKKUnmqanGqZ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Fri, 05 Jan 2024 23:59:37 GMT
Last-Modified: Fri, 29 Dec 2017 18:02:08 GMT
Server: Apache
ETag: "407bf5a1-7bf-5617e6e4f0800"
X-ssl: 1
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 1983

GET
H2 200 tagpdis.php Show response
www.1clic1don.fr/ Frame 04F3 6 KB
3 KB 142ms
75ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.1clic1don.fr/tagpdis.php

Requested by

Host: www.linkredirect.biz
URL: https://www.linkredirect.biz/b-images/221468_frame.php?url=https%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Fredirect.php%3Furl%3Dhttps%253A%252F%252Fa.movingfwd.co%252Fredirect%252Fl%252F57922347-f3a9-48d4-b0b3-1e6f8dc1a00c%252F9fee8966-4422-4909-aa02-14467e575996%252F1984%253Ft1%253D132893-221468-%255BP_ID_CLICK%255D-624665703-45567-18-d--r-2023%2526subid%253D58974%26said%3D132893%26cp%3D45567%26id%3D38712128%26s%3D24120%26bann%3D221468&sid=58974&said=132893&suid=24102172&tracker=132893-221468-%5BP_ID_CLICK%5D-624665703-45567&cp=45567&url2=https%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Fredirect.php%3Furl%3Dhttps%253A%252F%252Fa.movingfwd.co%252Fredirect%252Fl%252F57922347-f3a9-48d4-b0b3-1e6f8dc1a00c%252F9fee8966-4422-4909-aa02-14467e575996%252F1984%253Ft1%253D132893-221468-%255BP_ID_CLICK%255D-624665703-45567-18-d--r-2024%2526subid%253D58974%26said%3D132893%26cp%3D45567%26id%3D38712128%26s%3D24120%26bann%3D221468&url3=https%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Fredirect.php%3Furl%3Dhttps%253A%252F%252Fa.movingfwd.co%252Fredirect%252Fl%252F57922347-f3a9-48d4-b0b3-1e6f8dc1a00c%252F9fee8966-4422-4909-aa02-14467e575996%252F1984%253Ft1%253D132893-221468-%255BP_ID_CLICK%255D-624665703-45567-18-d--r-2025%2526subid%253D58974%26said%3D132893%26cp%3D45567%26id%3D38712128%26s%3D24120%26bann%3D221468&urlclick=http%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Flink.php%3Furl%3Dm9en1NmfaJHHkZ%252Bl2MzQoJbYmZDGopSlmcbKq5iYrWifkmibn5drlZqaX5yVxJtmZJmZlpCVlZVnj5KeaZtxnZaUlJSWyGibzMiXbpuZmGZklWeUkGeeY22PwppjZ2ZqZ5dpm8uacJefnGhlk5yabW%252FVZp%252BUZpdrbZWOa2VmbW9rkI60xa59wamve3mtwI9vYpVrmJhqlWZhlpZuaWxmamuQl5GT12aUlpVlXNXYxKKUnmqanGqZ&urlclick2=http%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Flink.php%3Furl%3Dm9en1NmfaJHHkZ%252Bl2MzQoJbYmZDGopSlmcbKq5iYrWifkmibn5drlZqaX5yVxJtmZJmZlpCVlZVnj5KeaZtxnZaUlJSWyGibzMiXbpuZmGZklWeUkGeeY22PwppjZ2ZqZ5dpm8uacJefnGhlk5yabW%252FVZp%252BUZpdrbZWOa2VmbW9rkI60xa59wamve3mtwI9vYpVrmJhqlWZhlpZuaWxmamuQl5GT12aUlpVmXNXYxKKUnmqanGqZ&urlclick3=http%3A%2F%2Fwww.linkredirect.biz%2Fscript%2Flink.php%3Furl%3Dm9en1NmfaJHHkZ%252Bl2MzQoJbYmZDGopSlmcbKq5iYrWifkmibn5drlZqaX5yVxJtmZJmZlpCVlZVnj5KeaZtxnZaUlJSWyGibzMiXbpuZmGZklWeUkGeeY22PwppjZ2ZqZ5dpm8uacJefnGhlk5yabW%252FVZp%252BUZpdrbZWOa2VmbW9rkI60xa59wamve3mtwI9vYpVrmJhqlWZhlpZuaWxmamuQl5GT12aUlpVnXNXYxKKUnmqanGqZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78e7bc13894404b1ba54e53b54236055db3e003b84ba222a6fb70b8a53a7ed28

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.linkredirect.biz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 840fafe51add2a40-CDG
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 06 Jan 2024 00:01:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uc6Eku130xrzuFYcydffZYNMKWves2TTk5SYFbZ%2F4LrlebKBEAujU3G5POXeio6lIHMcisDOdZPgmxZ%2BWW02y4QGUfnnwXD5zF5LOETsvobrPFGLwA37tgGgY4V39SuI9QU62MTfF%2Bz7ae4tq0AA"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15768000

GET
H2 200 widget.min.js Show response
arc.io/ Frame 04F3 7 KB
3 KB 124ms
34ms Script
application/javascript 108.138.36.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arc.io/widget.min.js

Requested by

Host: www.1clic1don.fr
URL: https://www.1clic1don.fr/tagpdis.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.36.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-36-22.muc50.r.cloudfront.net

Software

Resource Hash

30396828f2c2fb5e4e4d9c26b0286552cf17243411ac0d5d8b97e1fd9a7595c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.1clic1don.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 23:10:46 GMT
content-encoding: br
via: 1.1 f52fb277cecd3d7de14d996c1f683de2.cloudfront.net (CloudFront)
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Wed, 03 Jan 2024 18:03:16 GMT
x-amz-cf-pop: MUC50-P2
age: 3047
etag: "6595a164-b86"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=864000
content-length: 2950
x-amz-cf-id: oBxcafkwwOi4kwILPmaoTfUX5r29SCj3S_LaFxVOQwqYRd0EuhJClQ==

GET
H2 200 style.css
www.1clic1don.fr/style/ Frame 04F3 163 KB
26 KB 41ms
40ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.1clic1don.fr/style/style.css

Requested by

Host: www.1clic1don.fr
URL: https://www.1clic1don.fr/tagpdis.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2cbc3a472cb47beaa472ef9445e776bb6f053b311318948d7ebbffda0e02bfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.1clic1don.fr/tagpdis.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
strict-transport-security: max-age=15768000
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 12 Jul 2019 15:22:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7042
etag: W/"28b20-58d7d7a8c8304"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rVX03zn6K1w40wSwRktHiRqA4Eg0SeYWRMgwsYwvSvaSyxH7q21gNO3YSvUgQfNF1AxKnXall%2FfOl6%2BcllUx05g4RDNYPw8phb0KpJA%2FvKNLXI7Vi3tkxHqoCdjuB9LL04UEn65bt5Q34%2BV7CjiQ"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 840fafe59b582a40-CDG
alt-svc: h3=":443"; ma=86400

GET
H2 200 bootstrap.min.js Show response
www.1clic1don.fr/js/ Frame 04F3 36 KB
10 KB 30ms
30ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.1clic1don.fr/js/bootstrap.min.js

Requested by

Host: www.1clic1don.fr
URL: https://www.1clic1don.fr/tagpdis.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.1clic1don.fr/tagpdis.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
strict-transport-security: max-age=15768000
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 06 Jun 2019 23:32:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5458
etag: W/"9004-58ab0224731cb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hjK5Kb5PAT9Bl7LF%2Fdov7ojnmTZ6DTd3m3JYOqOcnUJOxZWtfA%2FKJylSyFZE%2F6NTnmMYg9%2BFG%2Fq7X%2FCypk2TeeuAPvHO07ju7gOMDFhRyCtIj076Pal2PHvweCbYtsjvNWzNFRnzFWaQTfv%2F%2Fw4u"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 840fafe59b592a40-CDG
alt-svc: h3=":443"; ma=86400

GET
H2 200 ads.js Show response
admediatex.net/serve/ Frame 04F3 1 KB
989 B 81ms
27ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://admediatex.net/serve/ads.js
Requested by: Host: www.1clic1don.fr
URL: https://www.1clic1don.fr/tagpdis.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d012cfa1d2f449adb90718ea5189ff71ba01da8e271e2d14af1969d6aa8d9423

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.1clic1don.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 127038
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 31 Dec 2023 15:38:35 GMT
server: cloudflare
etag: W/"65918afb-449"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UGPvB4sCGRggDSM8QgC4hwNx3Ayh6AzqqPi2U%2BSx0woIyO%2FlJksTSoa13adgUK5xQ0g4rZuo9vUkNcfOL9pbESYIz4%2BL1HhovDgsvXaprJ2olohHMSY1QynnwgghiAprltcJ4GXhNIt0RWRBQg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 840fafe5e9626ed9-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 / Show response
adnade.net/ptp/ Frame DE93 8 KB
3 KB 111ms
33ms Document
text/html 2a00:6800:3:a0b::2
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: https://adnade.net/ptp/?user=pas30
Requested by: Host: www.1clic1don.fr
URL: https://www.1clic1don.fr/tagpdis.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:6800:3:a0b::2 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 103e1603570a5c02fec6089f08c3909aa9a42f00b2e969f23d726b191d4f653b

Request headers

Referer: https://www.1clic1don.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 06 Jan 2024 00:01:33 GMT
referrer-policy: no-referrer-when-downgrade
server: nginx
vary: Accept-Encoding

GET
H3 200 charlevoixpro-bold-webfont.woff2
www.1clic1don.fr/fonts/ Frame 04F3 22 KB
23 KB 27ms
27ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.1clic1don.fr/fonts/charlevoixpro-bold-webfont.woff2

Requested by

Host: www.1clic1don.fr
URL: https://www.1clic1don.fr/style/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f96bf06d27816ef7237fe7998dab7276e073559337e0f3e8a55514f7f1046307

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.1clic1don.fr/style/style.css
Origin: https://www.1clic1don.fr
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
strict-transport-security: max-age=15768000
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5460
alt-svc: h3=":443"; ma=86400
content-length: 22524
last-modified: Thu, 06 Jun 2019 23:14:59 GMT
server: cloudflare
etag: "57fc-58aafe2079f9a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lJBNYHfd1DP9vZvItAQyPViPqtD5bzSDszpIi27clzjBLUlDNUhYabzBR%2BHurRwZ%2F1vIEIJlsNIHNcPkGMeCFv1y3z%2FZ7XwYmDpehZ7kHf602WniNn10MJwA7GheTZZUYBk4Xmeb3zanmKScmQ%2FP"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 840fafe5ed506edb-CDG

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7680 405 KB
89 KB 503ms
503ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7875785440405840&output=html&adk=1812271804&adf=3025194257&lmt=1704499293&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=308x1080_l%7C260x1080_r&format=0x0&url=https%3A%2F%2Fturfpmu.fr.gd%2F%23&ea=0&host=ca-host-pub-1483906849246906&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704499292827&bpp=3&bdt=194&idt=298&shv=r20240103&mjsv=m202401030101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=846637050771&frm=20&pv=2&ga_vid=638129887.1704499293&ga_sid=1704499293&ga_hid=1817525140&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C95320239%2C31079714%2C31080235%2C95320869%2C95321252&oid=2&pvsid=680737627759872&tmod=1983467773&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=308

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401030101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7875785440405840&plah=turfpmu.fr.gd&bust=31080235

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d409d094ae5ddbd68925759dfa8655ddc9709693dc0906e4dfe6ff588d837511

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://turfpmu.fr.gd/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 91106
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 00:01:33 GMT
expires: Sat, 06 Jan 2024 00:01:33 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 show.php Show response
adz2you.xyz/serve/ Frame 2ED5 10 B
303 B 382ms
327ms Document
text/html 2606:4700:3031::ac43:a2c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://adz2you.xyz/serve/show.php?a=33&b=468x15
Requested by: Host: www.1clic1don.fr
URL: https://www.1clic1don.fr/tagpdis.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:a2c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: 887ee4fd5820088063e31ee2e61869155c1438e27e9f1b116d8fe3bf60829ea7

Request headers

Referer: https://www.1clic1don.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 840fafe68c076f27-CDG
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 06 Jan 2024 00:01:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fhv0d05nsu2NSYR9CaLDSPZ9ytnyHAf%2B7dZEL3ys8IbtiFKpuGlOTzoG400ZPA23ucJGHMhozOLCg%2By0zIPdqo03%2BwRTQwfeZAGFbHE%2B2c%2BZod06ZIEqHQ9ZVW6diO3u9fFrV3NH2XU3sA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/5.6.40

GET
H2 200 show.php Show response
adz2you.xyz/serve/ Frame 586C 10 B
493 B 245ms
190ms Document
text/html 2606:4700:3031::ac43:a2c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://adz2you.xyz/serve/show.php?a=33&b=236x15
Requested by: Host: www.1clic1don.fr
URL: https://www.1clic1don.fr/tagpdis.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:a2c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: 887ee4fd5820088063e31ee2e61869155c1438e27e9f1b116d8fe3bf60829ea7

Request headers

Referer: https://www.1clic1don.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 840fafe68c096f27-CDG
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 06 Jan 2024 00:01:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C54G4bunrkE7DqqsgPmeqzjd3HJ2dqYxZTUFjA1iCgnR92GLf9mFOmPNVbtGAEIeUgRPTWMOGnkuNuRE7a7lAtCYnMQ0fgedb4Qc0OHQrqKpvHQoAZlzfw%2B4%2BDC0vM1nJyW72K44ZN09ig%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/5.6.40

GET
H3

200

main.js Show response
www.1clic1don.fr/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/ Frame 4431
Redirect Chain

https://www.1clic1don.fr/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://www.1clic1don.fr/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

7 KB
4 KB

25ms
25ms

Script
application/javascript

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.1clic1don.fr/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

Requested by

Host: www.1clic1don.fr
URL: https://www.1clic1don.fr/tagpdis.php

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a69e10afec2b721579567e7e6297569846984eb67dffe3a803444e4453077f13

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3XXvzJwQ1G0TVTVcNX1gjZjVLJwRZiY8qWUg3masv18GIvaEOpW1Ja7AQBjm71HjppZkb07tnySbKjXkn0edKKuNncgIOAILKP9J%2FPPvqaWd8pl5Vkb%2BNPdx7FwPNOks6GCQSmrXMZ%2FytdNjsOzE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 840fafe66e016edb-CDG
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Sat, 06 Jan 2024 00:01:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7J7lr7AkJ20z3TpV7RWfbRy7mF%2F0VIKBC3VAdgv0e5etB2G%2FAcN7jWiEaflsP3FR0oSyk3H4evR1Y9GnfMcPOY9Mu1By5dTcIG192rZxYCCyjB99JDas5GL7HBxBK3D%2BkvY473O2Y9djqKD0Fq0B"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
cache-control: max-age=300, public
cf-ray: 840fafe63dc06edb-CDG
alt-svc: h3=":443"; ma=86400

GET flash.php
www.gambling-affiliation.com/tracking/ 0
0

GET
DATA 200
OK truncated
/ 233 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e8e59257cc797123383f4dea6d1a72f6fb729342e3b23b75f311b70f0dc1ef96

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H/1.1 200
OK headline_bg.gif
theme.webme.com/designs/butterfly/images// 7 KB
7 KB 24ms
24ms Image
image/gif 178.162.223.113
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://theme.webme.com/designs/butterfly/images//headline_bg.gif
Requested by: Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.162.223.113 Bonn, Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: misc.webme.com
Software: nginx /
Resource Hash: 1c55b41959563971bf06bb948fa2ddf094f68fab24127dce3a6caae6bf8942fc

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Sat, 06 Jan 2024 00:01:33 GMT
Via: 1.1 varnish-v4, 1.1 varnish-v4
Last-Modified: Tue, 20 May 2014 07:37:44 GMT
Server: nginx
X-wm-VIP: 193.238.27.17
Age: 29449
Content-Type: image/gif
X-Varnish: 323337515, 155737931 162030079
Cache-Control: max-age=3628800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7077
Expires: Fri, 16 Feb 2024 15:50:43 GMT

GET
H2 200 core.js Show response
static.arc.io/widget/js/ Frame 04F3 310 KB
104 KB 108ms
26ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/js/core.js?76bc4f3
Requested by: Host: arc.io
URL: https://arc.io/widget.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: cdd2c81aadd2f0eeb770acc7652cf1c421271c05886f0ef337264c6fada0e142

Request headers

Referer
Origin: https://www.1clic1don.fr
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: 84H5Q0PRTFWMFCBH
x-amz-server-side-encryption: AES256
cdn-cachedat: 01/03/2024 19:10:40
cdn-pullzone: 786569
x-amz-id-2: mpCaAwlRr9RTvSWc/fMd30v0iKgP+j3JdUxqhlqAyByPto962Rhtjyn3w2c/z4Fv/imGKhjXHNQ=
last-modified: Wed, 03 Jan 2024 18:03:34 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"eccc534be4c6f4d98fcd62e2d4fd5a4e"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000, stale-while-revalidate=864000
access-control-max-age: 86400
cdn-requestid: ccbca4564d72ec01a8796cd0ff94a0b6
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 broker.html Show response
core.arc.io/ Frame 0D90 2 KB
1 KB 97ms
26ms Document
text/html 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://core.arc.io/broker.html?76bc4f3

Requested by

Host: arc.io
URL: https://arc.io/widget.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1080 /

Resource Hash

fba7b9242113390e99277bd207daba9b5b1bf029ae5a5867472cf0d8c589b05d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.1clic1don.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

access-control-allow-origin: *
cache-control: public, max-age=2592000
cdn-cache: HIT
cdn-cachedat: 01/03/2024 19:10:38
cdn-edgestorageid: 1080
cdn-proxyver: 1.04
cdn-pullzone: 786568
cdn-requestcountrycode: FR
cdn-requestid: 6628270581783c5526b4c7e2a56c4a8e
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-status: 200
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
content-encoding: br
content-type: text/html
date: Sat, 06 Jan 2024 00:01:33 GMT
etag: W/"64331d06-612"
expires: Fri, 02 Feb 2024 19:10:38 GMT
last-modified: Sun, 09 Apr 2023 20:16:06 GMT
server: BunnyCDN-DE1-1080
strict-transport-security: max-age=15724800; includeSubDomains
vary: Accept-Encoding

POST
H3 200 840fafe51add2a40 Show response
www.1clic1don.fr/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 4431 0
560 B 38ms
38ms XHR
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.1clic1don.fr/cdn-cgi/challenge-platform/h/g/jsd/r/840fafe51add2a40
Requested by: Host: www.1clic1don.fr
URL: https://www.1clic1don.fr/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9CQEbHG5hrUidMWIZa8UEcsl2atFxPYBVA5QRZVzq5X6uts0xcy%2FM5d1x20zg1YxgnDuIYnfaB1cz5u6JuaFFwXKxExNRf3%2B%2FZfE1cyJJbzWoJ%2FcEuefyjxnTmc80wXtGSZeFgH04z4ySdVeY%2B%2B%2B"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 840fafe6ff436edb-CDG
alt-svc: h3=":443"; ma=86400

GET
H2 200 logo.png
adnade.net/images/ Frame DE93 21 KB
21 KB 57ms
57ms Image
image/png 2a00:6800:3:a0b::2
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adnade.net/images/logo.png
Requested by: Host: adnade.net
URL: https://adnade.net/ptp/?user=pas30
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:6800:3:a0b::2 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS
Software: nginx /
Resource Hash: d0963e266a793bcf10ba3e5e75fd4a8f3cce1eab2d2899cbb741079edbdcdb18

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://adnade.net/ptp/?user=pas30
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Jan 2024 00:01:33 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 14 Dec 2023 03:50:38 GMT
server: nginx
etag: "657a7b8e-543e"
content-type: image/png
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 21566
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 ptp.png
adnade.net/ptp/ Frame DE93 343 B
581 B 58ms
57ms Image
image/png 2a00:6800:3:a0b::2
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adnade.net/ptp/ptp.png
Requested by: Host: adnade.net
URL: https://adnade.net/ptp/?user=pas30
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:6800:3:a0b::2 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 9cde9aa44670bcfa2e04173bcb9bc77ce7f3936000e3e95cd8f1d62ce6673f15

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://adnade.net/ptp/?user=pas30
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Jan 2024 00:01:33 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 03 Oct 2023 01:49:11 GMT
server: nginx
etag: "651b7317-157"
content-type: image/png
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 343
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 jquery-3.6.4.min.js Show response
adnade.net/ptp/ Frame DE93 88 KB
36 KB 57ms
57ms Script
application/javascript 2a00:6800:3:a0b::2
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: https://adnade.net/ptp/jquery-3.6.4.min.js
Requested by: Host: adnade.net
URL: https://adnade.net/ptp/?user=pas30
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:6800:3:a0b::2 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS
Software: nginx /
Resource Hash: f4302dca380ee69b5fc3ac2db66bd9838c5ba6f34373e6442dc3d2d14b6f187c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://adnade.net/ptp/?user=pas30
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 30 Dec 2023 20:17:08 GMT
server: nginx
etag: W/"65907ac4-15e6a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 jquery.js Show response
cdn-binance.com/ Frame DE93 763 B
527 B 125ms
30ms Script
text/javascript 2a00:6800:3:a0b::2
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-binance.com/jquery.js?de=idg1W46L9F2rAEUV

Requested by

Host: adnade.net
URL: https://adnade.net/ptp/?user=pas30

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a00:6800:3:a0b::2 , Germany, ASN42730 (EVANZOAS, DE),

Reverse DNS

Software

nginx /

Resource Hash

e3b7ee94c51c8914ecc612bcc96eaf415b827809088f69013e8bcde7018c5081

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://adnade.net/ptp/?user=pas30
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *, *
x-xss-protection: 1; mode=block

GET
H2 200 consent.js Show response
consent.cookiefirst.com/sites/adnade.net-8bef7a5b-3ad9-49e7-9cd7-ed896f96fa60/ Frame DE93 2 KB
2 KB 93ms
30ms Script
application/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/sites/adnade.net-8bef7a5b-3ad9-49e7-9cd7-ed896f96fa60/consent.js
Requested by: Host: adnade.net
URL: https://adnade.net/ptp/?user=pas30
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: Cookie First CDN-DE1-1081 /
Resource Hash: 23a85117368e2099ec415c89cd9a0d4d46fb3f773ee9ba8e6cf92b797f94d743

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://adnade.net/ptp/?user=pas30
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: br
cdn-edgestorageid: 1081
cdn-storageserver: DE-164
cdn-cachedat: 12/29/2023 22:26:16
cdn-pullzone: 236985
visitor-location: FR
last-modified: Sun, 10 Dec 2023 05:06:31 GMT
server: Cookie First CDN-DE1-1081
cdn-fileserver: 587
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65754757-960"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control: public, max-age=30
cdn-requestid: 58e28751cd5ba39c2b2398efbbcd5682
cdn-requestcountrycode: FR
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 / Show response
cduspenden.de/partner/ Frame A08A 333 B
531 B 137ms
30ms Document
text/html 178.254.33.33
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL

https://cduspenden.de/partner/

Requested by

Host: adnade.net
URL: https://adnade.net/ptp/?user=pas30

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.254.33.33 , Germany, ASN42730 (EVANZOAS, DE),

Reverse DNS

h115.hubuhost.com

Software

nginx /

Resource Hash

aa8e3adbf0b5c901a3909a38faa3cddd4ae183dff1fec4c954d2bab3aa40f3c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Xss-Protection	1; mode=block

Request headers

Referer: https://adnade.net/ptp/?user=pas30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
content-length: 333
content-type: text/html
date: Sat, 06 Jan 2024 00:01:33 GMT
etag: "63e99d0e-14d"
last-modified: Mon, 13 Feb 2023 02:14:38 GMT
server: nginx
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-xss-protection: 1; mode=block

GET
H2 200 2276544 Show response
ad.a-ads.com/ Frame F6C1 13 KB
5 KB 106ms
44ms Document
text/html 213.239.209.209
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.a-ads.com/2276544?size=468x60&background_color=618cb8&text_color=000000&title_color=ffffff&title_hover_color=dadada&link_color=d8f15e&link_hover_color=ff0000

Requested by

Host: adnade.net
URL: https://adnade.net/ptp/?user=pas30

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

213.239.209.209 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

213-239-209-209.clients.your-server.de

Software

nginx / Phusion Passenger(R)

Resource Hash

f56e324451f70fa2d4ddf9645bcffd6afe8e848b4b1f0580456e70247aeb9730

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://adnade.net/ptp/?user=pas30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

content-encoding: gzip
content-type: text/html;charset=utf-8
date: Sat, 06 Jan 2024 00:01:33 GMT
server: nginx
status: 200 OK
vary: Accept-Encoding Accept-Encoding
x-content-type-options: nosniff
x-original-referer: https://adnade.net/ptp/?user=pas30
x-powered-by: Phusion Passenger(R)
x-robots-tag: noindex, nofollow, nosnippet, noarchive
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
deliver.adnade.net/ Frame 4FD4 2 KB
972 B 113ms
37ms Document
text/html 2a00:6800:3:a0b::2
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL

https://deliver.adnade.net/?id=vYzSK63cWB7Z7Gg2nAuLTHYNoaHq2Ma9ABrFYo02m0IZNjERmLOEls75KrGsxCm4&d=fRZQDSX8nrgx9HOlK5WTiTXIyzjvfaZv

Requested by

Host: adnade.net
URL: https://adnade.net/ptp/?user=pas30

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a00:6800:3:a0b::2 , Germany, ASN42730 (EVANZOAS, DE),

Reverse DNS

Software

nginx /

Resource Hash

832eadecfff714afac1bc437d9d9a7a282c122a6917f111f7d3c6fb9896c38f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Xss-Protection	1; mode=block

Request headers

Referer: https://adnade.net/ptp/?user=pas30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

access-control-allow-origin: *
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 06 Jan 2024 00:01:33 GMT
server: nginx
strict-transport-security: max-age=63072000; includeSubdomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H2 200 page_bg.jpg
adnade.net/images/ Frame DE93 2 KB
2 KB 79ms
78ms Image
image/jpeg 2a00:6800:3:a0b::2
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adnade.net/images/page_bg.jpg
Requested by: Host: adnade.net
URL: https://adnade.net/ptp/?user=pas30
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:6800:3:a0b::2 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS
Software: nginx /
Resource Hash: fd6bf4f74881850baa384bed84f6dfb9b5258c6771524a4a226b2b344a61f096

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://adnade.net/ptp/?user=pas30
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Jan 2024 00:01:33 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 03 Oct 2023 01:49:07 GMT
server: nginx
etag: "651b7313-6f1"
content-type: image/jpeg
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 1777
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 main_bg_oben2.gif
adnade.net/images/ Frame DE93 3 KB
3 KB 80ms
78ms Image
image/gif 2a00:6800:3:a0b::2
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adnade.net/images/main_bg_oben2.gif
Requested by: Host: adnade.net
URL: https://adnade.net/ptp/?user=pas30
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:6800:3:a0b::2 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS
Software: nginx /
Resource Hash: aba329695897af7bffa4d282dcf3573d0463f847a01f28efe7c41aa51beb41ee

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://adnade.net/ptp/?user=pas30
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Jan 2024 00:01:33 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 03 Oct 2023 01:49:07 GMT
server: nginx
etag: "651b7313-c00"
content-type: image/gif
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 3072
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 main_bg_mitte2.gif
adnade.net/images/ Frame DE93 1007 B
1 KB 80ms
78ms Image
image/gif 2a00:6800:3:a0b::2
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adnade.net/images/main_bg_mitte2.gif
Requested by: Host: adnade.net
URL: https://adnade.net/ptp/?user=pas30
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:6800:3:a0b::2 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 843cf53ffec1cba4d93bc2bcc54e6570b7995d1be89015902df534357b9268b0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://adnade.net/ptp/?user=pas30
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Jan 2024 00:01:33 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 03 Oct 2023 01:49:07 GMT
server: nginx
etag: "651b7313-3ef"
content-type: image/gif
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 1007
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 main_bg_unten2.gif
adnade.net/images/ Frame DE93 2 KB
2 KB 79ms
79ms Image
image/gif 2a00:6800:3:a0b::2
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adnade.net/images/main_bg_unten2.gif
Requested by: Host: adnade.net
URL: https://adnade.net/ptp/?user=pas30
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:6800:3:a0b::2 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 97205041759d0463b2c2849f7275898fd81a783165f9ad4b22162b6f2beeceb5

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://adnade.net/ptp/?user=pas30
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Jan 2024 00:01:33 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 03 Oct 2023 01:49:06 GMT
server: nginx
etag: "651b7312-7f2"
content-type: image/gif
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 2034
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 broker.9e6bf337.js Show response
static.arc.io/broker/js/ Frame 0D90 24 KB
10 KB 53ms
52ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/broker/js/broker.9e6bf337.js
Requested by: Host: core.arc.io
URL: https://core.arc.io/broker.html?76bc4f3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 15dd17bc017fd6b5c5874bf0c0f127131b09f9f8a4a5f596aa846269f4bad7c9

Request headers

Referer: https://core.arc.io/
Origin: https://core.arc.io
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: br
cdn-edgestorageid: 1082
x-amz-request-id: 3TKY14WA7RT0VQZ9
x-amz-server-side-encryption: AES256
cdn-cachedat: 04/09/2023 20:28:39
cdn-pullzone: 786569
x-amz-id-2: 7gogZ6O4sjXuuXlA0jiOTMvJ+jF16/8eDFOj5VgvNDMQpxIwXF7px+QGM4nRy9tEWn8Ow3z5IfM=
last-modified: Sun, 09 Apr 2023 20:16:26 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"0f4be176d7381439a060ff326b994fd2"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000
access-control-max-age: 86400
cdn-requestid: 9a779e67d49e5851a2b4aa33dbc2bf61
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 chunk-vendors.5e1d8045.js Show response
static.arc.io/broker/js/ Frame 0D90 49 KB
20 KB 53ms
53ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/broker/js/chunk-vendors.5e1d8045.js
Requested by: Host: core.arc.io
URL: https://core.arc.io/broker.html?76bc4f3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: c4553db9c6f8ac8363f52730234c6e6978828fd5638df4d0dbcfd8bec71a08ca

Request headers

Referer: https://core.arc.io/
Origin: https://core.arc.io
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: 1E2YHV4HPCKXBK88
x-amz-server-side-encryption: AES256
cdn-cachedat: 12/18/2023 18:57:46
cdn-pullzone: 786569
x-amz-id-2: uqrR4kF/bOmFB5q6FITWYXmxzUid88z+yTAB5vIJAKfZBRStxTTZ+eEuNl4nC3k8Rz0gTBlOKOM=
last-modified: Sun, 09 Apr 2023 20:16:26 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"c78a505ea0c6b4622562567efbbeb847"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000
access-control-max-age: 86400
cdn-requestid: 05210415a3ca2d973a0e7c2b630fd4b4
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 lazy-iwc.9b430e25.js
static.arc.io/broker/js/ Frame 0D90 0
5 KB 80ms
26ms Other
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/broker/js/lazy-iwc.9b430e25.js
Requested by: Host: core.arc.io
URL: https://core.arc.io/broker.html?76bc4f3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://core.arc.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: br
cdn-edgestorageid: 1080
x-amz-request-id: 9WD718SH73SSHMZ7
x-amz-server-side-encryption: AES256
cdn-cachedat: 07/07/2023 01:52:40
cdn-pullzone: 786569
x-amz-id-2: jwrzNVpxy+i1mS/N/l577v4ox+ukfrpjgmX4rF76e9TSPHNoYO0CdjMI3zyK1afVCHGm3nd2C84=
last-modified: Sun, 09 Apr 2023 20:16:26 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"1343454a1c763177d59f06c307b3a5a2"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000
access-control-max-age: 86400
cdn-requestid: d058bf97e7b3ab8d6e389e7bf99cd444
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 lazy-modules.a169b1ec.js
static.arc.io/broker/js/ Frame 0D90 0
16 KB 83ms
30ms Other
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/broker/js/lazy-modules.a169b1ec.js
Requested by: Host: core.arc.io
URL: https://core.arc.io/broker.html?76bc4f3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://core.arc.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: br
cdn-edgestorageid: 1080
x-amz-request-id: CP6YZNWNJJ5KYQVA
x-amz-server-side-encryption: AES256
cdn-cachedat: 10/31/2023 19:02:36
cdn-pullzone: 786569
x-amz-id-2: +F65twGIouACOFn4YbfAePvhu7ePLb4OU3MlB/hdk9Ad1mG/m3PJjcaei5Pdxavr48zibokx+xI=
last-modified: Sun, 09 Apr 2023 20:16:26 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"d03c11be3537746519138d1fe06bd033"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000
access-control-max-age: 86400
cdn-requestid: aaedf3928a8b5aa6e209bf4f915ce7be
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 index.php Show response
adnade.net/ptp/ Frame DE93 4 B
156 B 34ms
33ms XHR
text/html 2a00:6800:3:a0b::2
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: https://adnade.net/ptp/index.php?tsp=vYzSK63cWB7Z7Gg2nAuLTHYNoaHq2Ma9&a=6b29a7f556c648aa2cad286da872c3cf&d=1704499293364
Requested by: Host: adnade.net
URL: https://adnade.net/ptp/jquery-3.6.4.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:6800:3:a0b::2 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 561b2814d3c09e62a92442c946307918f7f63f833c84876c08bd4c406767e53b

Request headers

Accept: */*
Referer: https://adnade.net/ptp/?user=pas30
X-Requested-With: XMLHttpRequest
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
server: nginx
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 vendors~widget-ui.js Show response
static.arc.io/widget/js/ Frame 04F3 94 KB
34 KB 36ms
35ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/js/vendors~widget-ui.js?c9b0de53
Requested by: Host: static.arc.io
URL: https://static.arc.io/widget/js/core.js?76bc4f3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 7a4a51ab0b9301083e145526762d065e622a0ec8cfb5a866cd6b20c87087ff08

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.1clic1don.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: br
cdn-edgestorageid: 1080
x-amz-request-id: HJ5PATNKDH1WA5NT
x-amz-server-side-encryption: AES256
cdn-cachedat: 12/22/2023 20:00:20
cdn-pullzone: 786569
x-amz-id-2: QkdRIxDXVTSS9MfbHO0Lab4J8jRdw+WEG1bFnck2OrSV/6BLKE7QYAGnoYgbs/BiwmVHYxKs1Tc=
last-modified: Wed, 20 Dec 2023 16:47:53 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"de8ab4879bd77ebe629c721339d42f65"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000, stale-while-revalidate=864000
access-control-max-age: 86400
cdn-requestid: 8672f084e38506b22c59365808d87ebe
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 widget.css
static.arc.io/widget/css/ Frame 04F3 85 KB
9 KB 28ms
27ms Stylesheet
text/css 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/css/widget.css?76bc4f3
Requested by: Host: static.arc.io
URL: https://static.arc.io/widget/js/core.js?76bc4f3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: ebb41edaf0a527aac2d8d639b600c6a443c126333c1318feee0c26220db0fb2d

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.1clic1don.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: br
cdn-edgestorageid: 1082
x-amz-request-id: 52Z033ZFWRVC93PR
x-amz-server-side-encryption: AES256
cdn-cachedat: 01/03/2024 19:10:41
cdn-pullzone: 786569
x-amz-id-2: +xYsFsXxcv5akj1qTUKGVTScMCFieylWDhCTi2J1KMuZHZ1lFY2pfSfLahJI8QdM4gog00FYNP0=
last-modified: Wed, 03 Jan 2024 18:03:34 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"a87318705e4af5015dc0246497f2673f"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=2592000, stale-while-revalidate=864000
access-control-max-age: 86400
cdn-requestid: 1891c274bad0b8498c8220abece25aa1
cdn-requestcountrycode: FR
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 widget-ui.js Show response
static.arc.io/widget/js/ Frame 04F3 41 KB
15 KB 55ms
55ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/js/widget-ui.js?6e086999
Requested by: Host: static.arc.io
URL: https://static.arc.io/widget/js/core.js?76bc4f3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: bb0f8d0ddd86c8950343123306347b29b3dfb334281d37a69069bd2dbe73f42a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.1clic1don.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: 52Z9DTJA7K12XFSG
x-amz-server-side-encryption: AES256
cdn-cachedat: 01/03/2024 19:10:41
cdn-pullzone: 786569
x-amz-id-2: LfzKyva/npq+SoTQIq4nC+dLxvKo4Y6yAqPiyk57eNb+1yziIk2p7JX53hi44P20UWQzBPCRxTc=
last-modified: Wed, 03 Jan 2024 18:03:35 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"932fe4d4a9d62f8d6cdc378aac6e8030"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000, stale-while-revalidate=864000
access-control-max-age: 86400
cdn-requestid: e260d4316e7add5e1115cc9462769765
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 468x60
static.a-ads.com/a-ads-banners/117614/ Frame F6C1 166 KB
166 KB 41ms
27ms Image
image/gif 213.239.209.209
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.a-ads.com/a-ads-banners/117614/468x60?region=eu-central-1
Requested by: Host: ad.a-ads.com
URL: https://ad.a-ads.com/2276544?size=468x60&background_color=618cb8&text_color=000000&title_color=ffffff&title_hover_color=dadada&link_color=d8f15e&link_hover_color=ff0000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 213.239.209.209 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: 213-239-209-209.clients.your-server.de
Software: nginx /
Resource Hash: 3d285ed1fe07a83d5e1bf07ea6286563c6f1a34d9fca06fffbebeb5aab9d029a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ad.a-ads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
x-amz-version-id: RiqlbFUXWzMloNmKcFxQkdDqraCFWLWD
last-modified: Sun, 19 Apr 2020 16:07:32 GMT
server: nginx
x-amz-request-id: JJY1P3R7X9BFVK1D
etag: "71fa04f4b751182f94820520d348d289"
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 169525
x-amz-id-2: 1WEi3ABqW2AsJ31o/nK3y7Rd6//0b8Nq65a1WTd8+bXbB34Qh2MCpVvskM/+X/GiKon9QUFKctI=
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 empty.gif
adnade.net/ptp/ Frame 4FD4 43 B
279 B 48ms
48ms Image
image/gif 2a00:6800:3:a0b::2
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adnade.net/ptp/empty.gif
Requested by: Host: deliver.adnade.net
URL: https://deliver.adnade.net/?id=vYzSK63cWB7Z7Gg2nAuLTHYNoaHq2Ma9ABrFYo02m0IZNjERmLOEls75KrGsxCm4&d=fRZQDSX8nrgx9HOlK5WTiTXIyzjvfaZv
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:6800:3:a0b::2 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 2c9c5820db6f7a8a6c3912b60454a491326c2712a0db3ba10c751b0bc3816469

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Jan 2024 00:01:33 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 03 Oct 2023 01:49:11 GMT
server: nginx
etag: "651b7317-2b"
content-type: image/gif
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 43
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 500 / Show response
billigerscheiss.de/ Frame F13A 0
93 B 123ms
37ms Document
text/html 2a00:6800:3:a0b::2
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: https://billigerscheiss.de/?t=1704499293&ln=1
Requested by: Host: deliver.adnade.net
URL: https://deliver.adnade.net/?id=vYzSK63cWB7Z7Gg2nAuLTHYNoaHq2Ma9ABrFYo02m0IZNjERmLOEls75KrGsxCm4&d=fRZQDSX8nrgx9HOlK5WTiTXIyzjvfaZv
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:6800:3:a0b::2 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

access-control-allow-origin: *
content-type: text/html; charset=UTF-8
date: Sat, 06 Jan 2024 00:01:33 GMT
server: nginx

GET
H2

200

/ Show response
pornito.de/ Frame 4B7E
Redirect Chain

https://adnade.net/surfbar/?p=1
https://billigerscheiss.de/?g=0
https://pornito.de/

70 KB
11 KB

125ms
26ms

Document
text/html

195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL

https://pornito.de/

Requested by

Host: deliver.adnade.net
URL: https://deliver.adnade.net/?id=vYzSK63cWB7Z7Gg2nAuLTHYNoaHq2Ma9ABrFYo02m0IZNjERmLOEls75KrGsxCm4&d=fRZQDSX8nrgx9HOlK5WTiTXIyzjvfaZv

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),

Reverse DNS

h109.hubuhost.com

Software

nginx /

Resource Hash

a71d6f4cc3c12fd6cf030c428a337fa6a8158d462fe21f0702abd238c6a58402

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

access-control-allow-origin: *
content-encoding: gzip
content-type: text/html
date: Sat, 06 Jan 2024 00:01:33 GMT
etag: W/"651b8f92-119cf"
last-modified: Tue, 03 Oct 2023 03:50:42 GMT
server: nginx
strict-transport-security: max-age=63072000; includeSubdomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-origin: *
content-type: text/html; charset=UTF-8
date: Sat, 06 Jan 2024 00:01:33 GMT
location: https://pornito.de
server: nginx
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ Frame F6C1 7 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d4a8d14f34fb8740b9acb5123e475eaae20d83907e0e14dd267d63e93e7f82da

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 / Show response
embed.chatlotto.de/ Frame B359 388 B
533 B 118ms
31ms Document
text/html 2a00:6800:3:a0b::2
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.chatlotto.de/?chatroom=3dff73d260d07f70

Requested by

Host: cdn-binance.com
URL: https://cdn-binance.com/jquery.js?de=idg1W46L9F2rAEUV

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a00:6800:3:a0b::2 , Germany, ASN42730 (EVANZOAS, DE),

Reverse DNS

Software

nginx /

Resource Hash

2b326cd1d48c3a0f86c6171f03b3b21426229afaf932a747e6e792ae2dda1491

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

access-control-allow-origin: * *
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 06 Jan 2024 00:01:33 GMT
server: nginx
strict-transport-security: max-age=63072000; includeSubdomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H2 200 matomo.js Show response
tool.hubu.link/ Frame DE93 64 KB
25 KB 832ms
44ms Script
application/javascript 178.254.36.108
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: https://tool.hubu.link/matomo.js
Requested by: Host: adnade.net
URL: https://adnade.net/ptp/?user=pas30
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.254.36.108 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h107.hubuhost.com
Software: nginx /
Resource Hash: d7fc375178c93a2fc15fd888e30170eedf4ef3d04497e7f951ab7bfe0c921693

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
content-encoding: gzip
last-modified: Tue, 28 Nov 2023 10:11:46 GMT
server: nginx
etag: W/"6565bce2-10132"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
expires: Sun, 05 Jan 2025 00:01:34 GMT

GET
H2 200 banner.no-autoblock.js Show response
consent.cookiefirst.com/ Frame DE93 62 KB
24 KB 27ms
26ms Script
application/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/sites/adnade.net-8bef7a5b-3ad9-49e7-9cd7-ed896f96fa60/consent.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: Cookie First CDN-DE1-1081 /
Resource Hash: c93069eed6230d93575f3e02cd7f0f6b9297f5e96e0fba2ae1c3223485e6b3f2

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: br
cdn-edgestorageid: 1082
cdn-storageserver: DE-164
cdn-cachedat: 12/20/2023 14:08:50
cdn-pullzone: 236985
visitor-location: FR
last-modified: Wed, 20 Dec 2023 14:08:50 GMT
server: Cookie First CDN-DE1-1081
cdn-fileserver: 587
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"6582f572-f94c"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control: public, max-age=300
cdn-requestid: 0412c3a13d48954ab75d1f50dbb1b480
cdn-requestcountrycode: FR
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 lazy-modules.a169b1ec.js Show response
static.arc.io/broker/js/ Frame 0D90 45 KB
16 KB 42ms
42ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/broker/js/lazy-modules.a169b1ec.js
Requested by: Host: static.arc.io
URL: https://static.arc.io/broker/js/broker.9e6bf337.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 2d69a91e3b105d9ced4a5c0244a9dc3905f8eb061e72cb5518db5ef6d0d0635d

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://core.arc.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: br
cdn-edgestorageid: 1080
x-amz-request-id: CP6YZNWNJJ5KYQVA
x-amz-server-side-encryption: AES256
cdn-cachedat: 10/31/2023 19:02:36
cdn-pullzone: 786569
x-amz-id-2: +F65twGIouACOFn4YbfAePvhu7ePLb4OU3MlB/hdk9Ad1mG/m3PJjcaei5Pdxavr48zibokx+xI=
last-modified: Sun, 09 Apr 2023 20:16:26 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"d03c11be3537746519138d1fe06bd033"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000
access-control-max-age: 86400
cdn-requestid: 7af04ddc80f81414f15d59f3fab013ea
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 / Show response
deli.misaglam.com/prepare/channel/ Frame C7C9 424 B
484 B 144ms
62ms Document
text/html 178.254.33.33
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL

https://deli.misaglam.com/prepare/channel/?chilli=tiktok

Requested by

Host: cduspenden.de
URL: https://cduspenden.de/partner/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.254.33.33 , Germany, ASN42730 (EVANZOAS, DE),

Reverse DNS

h115.hubuhost.com

Software

nginx /

Resource Hash

e9fc8d6674aeafb947323cae49be6b79b03e4b1d11bd0c93d447e347016f6a81

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cduspenden.de/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 06 Jan 2024 00:01:33 GMT
server: nginx
strict-transport-security: max-age=63072000; includeSubdomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H2 200 version.json Show response
consent.cookiefirst.com/sites/adnade.net-8bef7a5b-3ad9-49e7-9cd7-ed896f96fa60/ Frame DE93 44 B
782 B 88ms
36ms Fetch
application/json 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/sites/adnade.net-8bef7a5b-3ad9-49e7-9cd7-ed896f96fa60/version.json?v=1704499293451
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: Cookie First CDN-DE1-1081 /
Resource Hash: 3182b5f30cce813fa8ce567f701c58f8d2019fb8d802240b072575156e8f9982

Request headers

Accept: application/json
Referer
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
cdn-edgestorageid: 1082
cdn-storageserver: DE-587
cdn-cachedat: 01/06/2024 00:01:33
cdn-pullzone: 236985
content-length: 44
visitor-location: FR
last-modified: Sun, 10 Dec 2023 05:06:32 GMT
server: Cookie First CDN-DE1-1081
cdn-fileserver: 382
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: "65754758-2c"
content-type: application/json
access-control-allow-origin: *
cdn-cache: MISS
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control: public, max-age=15
cdn-requestid: 366a241041637733211fac833322d52b
accept-ranges: bytes
cdn-requestcountrycode: FR
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 location Show response
edge.cookiefirst.com/prod/ Frame DE93 68 B
467 B 37ms
28ms Fetch
application/json 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.cookiefirst.com/prod/location?origin=adnade.net
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 171e2569e608b742edc6927b3285c52256203a6bfbe958f35d78f59639b6fb66

Request headers

Accept: application/json
Referer
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
cdn-edgestorageid: 1081
cdn-cachedat: 01/06/2024 00:01:33
cdn-pullzone: 717911
content-length: 68
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: https://adnade.net
cdn-cache: BYPASS
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
cache-control: public, max-age=1200
cdn-requestid: c535048beeae20e3ba1252fcf3aea992
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 wgpizbdq.js Show response
ad4m.at/ Frame C7C9 24 KB
10 KB 84ms
33ms Script
application/javascript 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/wgpizbdq.js
Requested by: Host: deli.misaglam.com
URL: https://deli.misaglam.com/prepare/channel/?chilli=tiktok
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9455bc7fa2544fea83bbe69418fa2231819e0f57b899aecf711d4e94b7ffb2d

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://deli.misaglam.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 29 Nov 2023 09:17:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 276025
etag: W/"f7e2edbbc5398e97ba0f7e5b598e4cd1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=41RbqS5r5pK%2FdCPBxQ1TRl60Z7nM7YjhOfYaWA0ivVgm5M7iVhdxNAoewMxTKHfMfy6RTePdg91qkZSBn04VVo5ZRErqrzkPdSOaoJFinl%2Fw9Fu9vCv0m2O2nsTpyaxE6bKh870%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 840fafe93d14d3ab-CDG
alt-svc: h3=":443"; ma=86400
expires: Wed, 27 Dec 2023 09:18:23 GMT

GET
H2 200 css2
pornito.de/assets/ Frame 4B7E 6 KB
6 KB 37ms
37ms Stylesheet
application/octet-stream 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL

https://pornito.de/assets/css2

Requested by

Host: pornito.de
URL: https://pornito.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),

Reverse DNS

h109.hubuhost.com

Software

nginx /

Resource Hash

8bcef4d15a0c7757ddd9eb4e6a81f65d7aedc5fe6f4ba95d90c5a63381f156ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
last-modified: Tue, 03 Oct 2023 03:50:43 GMT
server: nginx
etag: "651b8f93-1752"
content-type: application/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
content-length: 5970
x-xss-protection: 1; mode=block

GET
H2 200 jquery.fancybox-metal.css
pornito.de/assets/ Frame 4B7E 4 KB
2 KB 38ms
37ms Stylesheet
text/css 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: https://pornito.de/assets/jquery.fancybox-metal.css
Requested by: Host: pornito.de
URL: https://pornito.de/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 5609fc54573f20fa40c4e69d16754feedab29dccee56b4e276026d2c789df6b0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: gzip
last-modified: Tue, 03 Oct 2023 03:50:43 GMT
server: nginx
etag: W/"651b8f93-100e"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000, public, no-transform, max-age=31536000
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 all4.css
pornito.de/assets/ Frame 4B7E 30 KB
7 KB 38ms
37ms Stylesheet
text/css 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: https://pornito.de/assets/all4.css
Requested by: Host: pornito.de
URL: https://pornito.de/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 71034e9ee13299595623ad3a7fcdcc07b542bc82c2da1766303c9e64eeb36599

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: gzip
last-modified: Tue, 03 Oct 2023 03:50:44 GMT
server: nginx
etag: W/"651b8f94-771a"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000, public, no-transform, max-age=31536000
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 logo.svg
pornito.de/assets/ Frame 4B7E 13 KB
6 KB 38ms
38ms Image
image/svg+xml 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/assets/logo.svg
Requested by: Host: pornito.de
URL: https://pornito.de/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: ae05b18aae5483651f30c1a04078268141f1704596cfed6b37175802bd0c89ac

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: gzip
last-modified: Tue, 03 Oct 2023 03:50:43 GMT
server: nginx
etag: W/"651b8f93-3390"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public, no-transform, max-age=31536000
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/assets/ Frame 4B7E 8 KB
9 KB 38ms
38ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/assets/1.jpg
Requested by: Host: pornito.de
URL: https://pornito.de/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: b1e3161de1cce033d34d742887b53c870770b79b62f8913caff08d0f469665c8

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:43 GMT
server: nginx
etag: "651b8f93-2132"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 8498
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1(1).jpg
pornito.de/assets/ Frame 4B7E 17 KB
17 KB 27ms
27ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/assets/1(1).jpg
Requested by: Host: pornito.de
URL: https://pornito.de/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 7ab4d7fa5143c2c1e71268f955e047a7c53d21523046fb27d3c70a9fb9065dd0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:44 GMT
server: nginx
etag: "651b8f94-4292"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 17042
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1(2).jpg
pornito.de/assets/ Frame 4B7E 12 KB
13 KB 30ms
28ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/assets/1(2).jpg
Requested by: Host: pornito.de
URL: https://pornito.de/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: cae15024a69f06fc2e124b25d160a09646d0b9feccf70136040143873803f7c9

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:44 GMT
server: nginx
etag: "651b8f94-3128"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 12584
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 01small.png
pornito.de/assets/ Frame 4B7E 8 KB
8 KB 30ms
29ms Image
image/png 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/assets/01small.png
Requested by: Host: pornito.de
URL: https://pornito.de/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 04354830bc126f72b690b0af545d49fecf86f306c993270038e2dc80fa027d50

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:44 GMT
server: nginx
etag: "651b8f94-20ff"
content-type: image/png
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 8447
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 video-slider.js Show response
a.magsrv.com/ Frame 4B7E 46 KB
14 KB 81ms
24ms Script
application/javascript 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.magsrv.com/video-slider.js
Requested by: Host: pornito.de
URL: https://pornito.de/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a0fd2a1324a78ad64662e4d43d9ffb6809cf95acbcc99d88f7a5d261a038b18f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: gzip
x-age-lb: 8025
x-77-cache: HIT
x-accel-date: 1704491268
x-77-nzt: EgwBw7WvJwH3WR8AAAwB1GY4nAH3DwAAAA
x-accel-expires: @1704502068
x-77-age: 8040
x-cache-lb: HIT
accept-ch
server: CDN77-Turbo
etag: W/"6f11cbdba47af304be60572c112"
x-77-nzt-ray: 25b02131e65e0ea35d989865cc343c2d
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=10800
x-robots-tag: noindex, follow
expires: Thu, 04 Jan 2024 15:47:37 GMT

GET
H2 200 main.min.js Show response
pornito.de/assets/ Frame 4B7E 204 KB
78 KB 30ms
29ms Script
application/javascript 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: https://pornito.de/assets/main.min.js
Requested by: Host: pornito.de
URL: https://pornito.de/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 1c193778fdb97d0a29545d7350504dff96d7a23f511543a8b79a4b766aa5531a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: gzip
last-modified: Tue, 03 Oct 2023 03:50:43 GMT
server: nginx
etag: W/"651b8f93-32e24"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public, no-transform, max-age=31536000
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 main.js Show response
pornito.de/assets/ Frame 4B7E 794 B
1018 B 30ms
29ms Script
application/javascript 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: https://pornito.de/assets/main.js
Requested by: Host: pornito.de
URL: https://pornito.de/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: a3abc4a42e468252822b67bdbd5659d2642720b4a8f2abbce1121ff7e85de612

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:44 GMT
server: nginx
etag: "651b8f94-31a"
content-type: application/javascript
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 794
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 cookie-frame.html Show response
ad4m.at/ Frame DF50 2 KB
1 KB 30ms
29ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/cookie-frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/wgpizbdq.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0db16c25165bfd35ea9114187f3e97d7084a33135cb56fe276f6cdd2ab675647

Request headers

Referer: https://deli.misaglam.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 2090429
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=86400, stale-if-error=86400
cf-cache-status: HIT
cf-ray: 840fafe97d3cd3ab-CDG
content-encoding: br
content-language: en
content-type: text/html
date: Sat, 06 Jan 2024 00:01:33 GMT
expires: Tue, 12 Dec 2023 19:23:30 GMT
last-modified: Tue, 28 Nov 2023 11:49:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hLXD9tHzahKrRU8zBNmrHecJwQvaVeeAzokHJpMOTXZWKyTxgrX%2BaNIezKpYMswemFM%2F8cH04bafipWjMKoD7pYR%2BSSs67sgh%2F7JzUDkPqdEUXq5IJ2G%2BDltjWKvqPXVRmeRn54%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 lang-widget-en.json Show response
consent.cookiefirst.com/sites/adnade.net-8bef7a5b-3ad9-49e7-9cd7-ed896f96fa60/ Frame DE93 12 KB
5 KB 26ms
26ms Fetch
application/json 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/sites/adnade.net-8bef7a5b-3ad9-49e7-9cd7-ed896f96fa60/lang-widget-en.json?v=21f40a27-21fe-41ac-9cf5-2ea41e64996e
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: Cookie First CDN-DE1-1081 /
Resource Hash: c3c8a840523cbfaf32de76e8decd6d6aa6a3914ea36f811c4c8b0a1190368ed4

Request headers

Accept: application/json
Referer
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: br
cdn-edgestorageid: 1081
cdn-storageserver: DE-588
cdn-cachedat: 12/10/2023 05:06:34
cdn-pullzone: 236985
visitor-location: FR
last-modified: Sun, 10 Dec 2023 05:06:30 GMT
server: Cookie First CDN-DE1-1081
cdn-fileserver: 599
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65754756-3135"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control: public, max-age=31919000
cdn-requestid: 279601537066e7ce25ef4b524cce77ea
cdn-requestcountrycode: FR
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status: 200
cdn-requestpullsuccess: True

GET
DATA 200
OK truncated
/ Frame 4B7E 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 icomoon.ttf
pornito.de/fonts/ Frame 4B7E 2 KB
2 KB 50ms
50ms Font
application/octet-stream 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: https://pornito.de/fonts/icomoon.ttf?k46tn3
Requested by: Host: pornito.de
URL: https://pornito.de/assets/all4.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 74056dd6ae8637cee0a31e03b4a1816678b7f79bffb029efba79ee1b2962961c

Request headers

Referer: https://pornito.de/assets/all4.css
Origin: https://pornito.de
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:45 GMT
server: nginx
etag: "651b8f95-6d0"
content-type: application/octet-stream
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 1744
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401030101/ 161 KB
55 KB 72ms
72ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401030101/reactive_library_fy2021.js?bust=31080235

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

111fe18c1bafe22681d861b4667e4f76bf3734947b9cc1dc01fae3b3e258eea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56076
x-xss-protection: 0
server: cafe
etag: 10970914888416360619
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 Jan 2024 00:01:33 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 67ms
67ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_auto_rs&sts=pflna&evt=place&vh=1200&eid=44759875%2C44759926%2C44759837%2C95320239%2C31079714%2C31080235%2C95320869%2C95321252&hl=fr&pvc=680737627759872

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 rs Show response
ad4m.at/ Frame C7C9 476 B
823 B 42ms
42ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/wgpizbdq.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b3c0b997903e76f4594fd66d2c867b399a1edca547476bd8f069afc154e9537

Request headers

Referer: https://deli.misaglam.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=APT9tUpqiS0gKCouwrmNpAxNlqc4vrtjZNLEv3yZMpG1szHrY6lz3lRuBb4NUyVfCtnW9RJXPvUC4F%2Bh5Ba%2BV%2BhQyJx9yDrE2D5h%2BVna5pAuDrkCF0Tk%2FIYB6qA%2BQUKPO07hrYs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://deli.misaglam.com
access-control-allow-credentials: true
cf-ray: 840fafea780c2a49-CDG
x-backend-server: aa-reachservice-group-europe-west1-488z
alt-svc: h3=":443"; ma=86400

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 71ms
47ms Preflight
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://deli.misaglam.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://deli.misaglam.com
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 840fafea2fc32a49-CDG
content-length: 24
content-type: text/plain
date: Sat, 06 Jan 2024 00:01:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F1leluwePgDC9Jii9rfTTmxFBvc2ePtR6hqZ4Y9LLN%2BZs1q8h9GZoOyvashG2wjWfmofx7mfZrqovVF%2BJrSa1b7e7eoQmYWN%2FCJhyy1dQxpsLSFaXvnDBy7MRBHN6lc9QBqk8wU%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-d0wn

GET
H/1.1 200
OK splash.php Show response
s.magsrv.com/ Frame 4B7E 5 KB
4 KB 92ms
37ms XHR
text/xml 95.211.229.248
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.magsrv.com/splash.php?idzone=4983934&cookieconsent=true
Requested by: Host: a.magsrv.com
URL: https://a.magsrv.com/video-slider.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 95.211.229.248 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: ds03.evo.0x3e.net
Software: nginx /
Resource Hash: 3502f91083d0518e5c7bda61485e6ddc386d7a616e210079c6fb196a2ea104ff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Sat, 06 Jan 2024 00:01:33 GMT
Content-Encoding: gzip
Server: nginx
Accept-CH: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/xml;charset=UTF-8
Access-Control-Allow-Origin: https://pornito.de
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Robots-Tag: noindex, follow
Access-Control-Allow-Headers: X-CH-VALUES

GET
DATA 200
OK truncated
/ Frame 4B7E 66 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/1799000/1799532/452x259/ Frame 4B7E 8 KB
9 KB 28ms
26ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/1799000/1799532/452x259/1.jpg
Requested by: Host: deliver.adnade.net
URL: https://deliver.adnade.net/?id=vYzSK63cWB7Z7Gg2nAuLTHYNoaHq2Ma9ABrFYo02m0IZNjERmLOEls75KrGsxCm4&d=fRZQDSX8nrgx9HOlK5WTiTXIyzjvfaZv
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: b1e3161de1cce033d34d742887b53c870770b79b62f8913caff08d0f469665c8

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:50 GMT
server: nginx
etag: "651b8f9a-2132"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 8498
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/2082000/2082042/452x259/ Frame 4B7E 17 KB
17 KB 28ms
26ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/2082000/2082042/452x259/1.jpg
Requested by: Host: deliver.adnade.net
URL: https://deliver.adnade.net/?id=vYzSK63cWB7Z7Gg2nAuLTHYNoaHq2Ma9ABrFYo02m0IZNjERmLOEls75KrGsxCm4&d=fRZQDSX8nrgx9HOlK5WTiTXIyzjvfaZv
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 7ab4d7fa5143c2c1e71268f955e047a7c53d21523046fb27d3c70a9fb9065dd0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:50 GMT
server: nginx
etag: "651b8f9a-4292"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 17042
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/4202000/4202333/452x259/ Frame 4B7E 12 KB
13 KB 28ms
27ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/4202000/4202333/452x259/1.jpg
Requested by: Host: deliver.adnade.net
URL: https://deliver.adnade.net/?id=vYzSK63cWB7Z7Gg2nAuLTHYNoaHq2Ma9ABrFYo02m0IZNjERmLOEls75KrGsxCm4&d=fRZQDSX8nrgx9HOlK5WTiTXIyzjvfaZv
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: cae15024a69f06fc2e124b25d160a09646d0b9feccf70136040143873803f7c9

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:50 GMT
server: nginx
etag: "651b8f9a-3128"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 12584
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/1316000/1316950/452x259/ Frame 4B7E 12 KB
12 KB 28ms
27ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/1316000/1316950/452x259/1.jpg
Requested by: Host: deliver.adnade.net
URL: https://deliver.adnade.net/?id=vYzSK63cWB7Z7Gg2nAuLTHYNoaHq2Ma9ABrFYo02m0IZNjERmLOEls75KrGsxCm4&d=fRZQDSX8nrgx9HOlK5WTiTXIyzjvfaZv
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 3fdcde931b9062ae5f90667dae03579fd6a0c01e48cdd12a3dfee0043ab1ee57

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:47 GMT
server: nginx
etag: "651b8f97-2e9c"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 11932
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/587000/587518/452x259/ Frame 4B7E 16 KB
16 KB 29ms
27ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/587000/587518/452x259/1.jpg
Requested by: Host: deliver.adnade.net
URL: https://deliver.adnade.net/?id=vYzSK63cWB7Z7Gg2nAuLTHYNoaHq2Ma9ABrFYo02m0IZNjERmLOEls75KrGsxCm4&d=fRZQDSX8nrgx9HOlK5WTiTXIyzjvfaZv
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 1dfdf221119134c8cc871c379eb3b770d1bad06ec9ba2d64c11db61cc5ce9176

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:46 GMT
server: nginx
etag: "651b8f96-3e84"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 16004
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/3790000/3790090/452x259/ Frame 4B7E 19 KB
19 KB 29ms
27ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/3790000/3790090/452x259/1.jpg
Requested by: Host: deliver.adnade.net
URL: https://deliver.adnade.net/?id=vYzSK63cWB7Z7Gg2nAuLTHYNoaHq2Ma9ABrFYo02m0IZNjERmLOEls75KrGsxCm4&d=fRZQDSX8nrgx9HOlK5WTiTXIyzjvfaZv
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: e7037a6f46bae447d2244fc31568814f03fda73a034afd27b035e858be8319f6

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:51 GMT
server: nginx
etag: "651b8f9b-4b3a"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 19258
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/3605000/3605937/452x259/ Frame 4B7E 7 KB
7 KB 29ms
28ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/3605000/3605937/452x259/1.jpg
Requested by: Host: deliver.adnade.net
URL: https://deliver.adnade.net/?id=vYzSK63cWB7Z7Gg2nAuLTHYNoaHq2Ma9ABrFYo02m0IZNjERmLOEls75KrGsxCm4&d=fRZQDSX8nrgx9HOlK5WTiTXIyzjvfaZv
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: ec70fdd6fa4ea1e80b04cebbe98e801e6a658237b69155d41abe0b0b8801dc96

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:47 GMT
server: nginx
etag: "651b8f97-1bf6"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 7158
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/873000/873869/452x259/ Frame 4B7E 12 KB
12 KB 29ms
28ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/873000/873869/452x259/1.jpg
Requested by: Host: deliver.adnade.net
URL: https://deliver.adnade.net/?id=vYzSK63cWB7Z7Gg2nAuLTHYNoaHq2Ma9ABrFYo02m0IZNjERmLOEls75KrGsxCm4&d=fRZQDSX8nrgx9HOlK5WTiTXIyzjvfaZv
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: ef807d7beb7afd4ddb5cddd3f9b0c5eb11d36d5724330a3a8021d92fc141c5dd

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:51 GMT
server: nginx
etag: "651b8f9b-2e4e"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 11854
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/4252000/4252761/452x259/ Frame 4B7E 8 KB
8 KB 29ms
28ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/4252000/4252761/452x259/1.jpg
Requested by: Host: deliver.adnade.net
URL: https://deliver.adnade.net/?id=vYzSK63cWB7Z7Gg2nAuLTHYNoaHq2Ma9ABrFYo02m0IZNjERmLOEls75KrGsxCm4&d=fRZQDSX8nrgx9HOlK5WTiTXIyzjvfaZv
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 82b11db00f6e3b6d8ed252d0067df0bcad2e0a9f872ee66a3d0a2f2b8d2b73c1

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:51 GMT
server: nginx
etag: "651b8f9b-1e10"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 7696
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/3057000/3057701/452x259/ Frame 4B7E 13 KB
13 KB 29ms
28ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/3057000/3057701/452x259/1.jpg
Requested by: Host: deliver.adnade.net
URL: https://deliver.adnade.net/?id=vYzSK63cWB7Z7Gg2nAuLTHYNoaHq2Ma9ABrFYo02m0IZNjERmLOEls75KrGsxCm4&d=fRZQDSX8nrgx9HOlK5WTiTXIyzjvfaZv
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 2ec54658033eda36acacf610298fdcf8be19d80f97b9c2a75503aa11d8d915da

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:47 GMT
server: nginx
etag: "651b8f97-329e"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 12958
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/1897000/1897429/452x259/ Frame 4B7E 6 KB
6 KB 29ms
29ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/1897000/1897429/452x259/1.jpg
Requested by: Host: deliver.adnade.net
URL: https://deliver.adnade.net/?id=vYzSK63cWB7Z7Gg2nAuLTHYNoaHq2Ma9ABrFYo02m0IZNjERmLOEls75KrGsxCm4&d=fRZQDSX8nrgx9HOlK5WTiTXIyzjvfaZv
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 6073a5b7084b6468f138b66a8bc4b0d9ad1128f9a2c480778d2b74a8929e23c0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:50 GMT
server: nginx
etag: "651b8f9a-177a"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 6010
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/3717000/3717700/452x259/ Frame 4B7E 17 KB
18 KB 29ms
29ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/3717000/3717700/452x259/1.jpg
Requested by: Host: deliver.adnade.net
URL: https://deliver.adnade.net/?id=vYzSK63cWB7Z7Gg2nAuLTHYNoaHq2Ma9ABrFYo02m0IZNjERmLOEls75KrGsxCm4&d=fRZQDSX8nrgx9HOlK5WTiTXIyzjvfaZv
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 067ac57b40fe26760f8cfeff14816138c5f4a1a0517d412c489995a5ae711461

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:48 GMT
server: nginx
etag: "651b8f98-451e"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 17694
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240103/r20110914/ Frame 4E43 9 KB
4 KB 29ms
28ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240103/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://turfpmu.fr.gd/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 12056
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 05 Jan 2024 20:40:37 GMT
etag: 9219409622527106327
expires: Fri, 19 Jan 2024 20:40:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240103/r20110914/ Frame 3C56 9 KB
4 KB 28ms
28ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240103/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://turfpmu.fr.gd/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 12056
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 05 Jan 2024 20:40:37 GMT
etag: 9219409622527106327
expires: Fri, 19 Jan 2024 20:40:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240103/r20110914/ Frame E5B2 9 KB
4 KB 28ms
28ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240103/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://turfpmu.fr.gd/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 12056
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 05 Jan 2024 20:40:37 GMT
etag: 9219409622527106327
expires: Fri, 19 Jan 2024 20:40:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 233.362b.c.css
consent.cookiefirst.com/banner/v2.14.3/static-main-no-autoblock/ Frame DE93 127 B
881 B 26ms
26ms Stylesheet
text/css 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/banner/v2.14.3/static-main-no-autoblock/233.362b.c.css
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: Cookie First CDN-DE1-1081 /
Resource Hash: e7902b56545718b3f9dcc015b4acab60270239d559b0adaae9e5c81dd95a89a1

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
cdn-edgestorageid: 1082
cdn-storageserver: DE-680
cdn-cachedat: 12/20/2023 14:08:51
cdn-pullzone: 236985
content-length: 127
visitor-location: FR
last-modified: Wed, 20 Dec 2023 14:08:50 GMT
server: Cookie First CDN-DE1-1081
cdn-fileserver: 383
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: "6582f572-7f"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control: public, max-age=31919000
cdn-requestid: 75f08845a8dbb01942ccc9df3ae6eae8
accept-ranges: bytes
cdn-requestcountrycode: FR
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 233.8420.c.js Show response
consent.cookiefirst.com/banner/v2.14.3/static-main-no-autoblock/ Frame DE93 96 B
859 B 26ms
26ms Script
application/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/banner/v2.14.3/static-main-no-autoblock/233.8420.c.js
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: Cookie First CDN-DE1-1081 /
Resource Hash: b364babb52cb930beb7e5e61f549d739c155b2f8a24415bb8b401b0d6cb3eddb

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
cdn-edgestorageid: 1081
cdn-storageserver: DE-677
cdn-cachedat: 12/20/2023 14:08:51
cdn-pullzone: 236985
content-length: 96
visitor-location: FR
last-modified: Wed, 20 Dec 2023 14:08:50 GMT
server: Cookie First CDN-DE1-1081
cdn-fileserver: 599
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: "6582f572-60"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control: public, max-age=31919000
cdn-requestid: f26bd364525e714545327e4b43a77c8b
accept-ranges: bytes
cdn-requestcountrycode: FR
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/1799000/1799532/452x259/ Frame 4B7E 8 KB
9 KB 35ms
29ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/1799000/1799532/452x259/1.jpg
Requested by: Host: pornito.de
URL: https://pornito.de/assets/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: b1e3161de1cce033d34d742887b53c870770b79b62f8913caff08d0f469665c8

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:50 GMT
server: nginx
etag: "651b8f9a-2132"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 8498
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/2082000/2082042/452x259/ Frame 4B7E 17 KB
17 KB 34ms
29ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/2082000/2082042/452x259/1.jpg
Requested by: Host: pornito.de
URL: https://pornito.de/assets/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 7ab4d7fa5143c2c1e71268f955e047a7c53d21523046fb27d3c70a9fb9065dd0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:50 GMT
server: nginx
etag: "651b8f9a-4292"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 17042
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/4202000/4202333/452x259/ Frame 4B7E 12 KB
13 KB 41ms
38ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/4202000/4202333/452x259/1.jpg
Requested by: Host: pornito.de
URL: https://pornito.de/assets/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: cae15024a69f06fc2e124b25d160a09646d0b9feccf70136040143873803f7c9

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:50 GMT
server: nginx
etag: "651b8f9a-3128"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 12584
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/1316000/1316950/452x259/ Frame 4B7E 12 KB
12 KB 41ms
38ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/1316000/1316950/452x259/1.jpg
Requested by: Host: pornito.de
URL: https://pornito.de/assets/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 3fdcde931b9062ae5f90667dae03579fd6a0c01e48cdd12a3dfee0043ab1ee57

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:47 GMT
server: nginx
etag: "651b8f97-2e9c"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 11932
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/587000/587518/452x259/ Frame 4B7E 16 KB
16 KB 41ms
39ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/587000/587518/452x259/1.jpg
Requested by: Host: pornito.de
URL: https://pornito.de/assets/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 1dfdf221119134c8cc871c379eb3b770d1bad06ec9ba2d64c11db61cc5ce9176

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:46 GMT
server: nginx
etag: "651b8f96-3e84"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 16004
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/3790000/3790090/452x259/ Frame 4B7E 19 KB
19 KB 41ms
39ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/3790000/3790090/452x259/1.jpg
Requested by: Host: pornito.de
URL: https://pornito.de/assets/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: e7037a6f46bae447d2244fc31568814f03fda73a034afd27b035e858be8319f6

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:51 GMT
server: nginx
etag: "651b8f9b-4b3a"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 19258
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/3605000/3605937/452x259/ Frame 4B7E 7 KB
7 KB 40ms
39ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/3605000/3605937/452x259/1.jpg
Requested by: Host: pornito.de
URL: https://pornito.de/assets/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: ec70fdd6fa4ea1e80b04cebbe98e801e6a658237b69155d41abe0b0b8801dc96

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:47 GMT
server: nginx
etag: "651b8f97-1bf6"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 7158
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/873000/873869/452x259/ Frame 4B7E 12 KB
12 KB 40ms
39ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/873000/873869/452x259/1.jpg
Requested by: Host: pornito.de
URL: https://pornito.de/assets/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: ef807d7beb7afd4ddb5cddd3f9b0c5eb11d36d5724330a3a8021d92fc141c5dd

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:51 GMT
server: nginx
etag: "651b8f9b-2e4e"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 11854
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/4252000/4252761/452x259/ Frame 4B7E 8 KB
8 KB 40ms
39ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/4252000/4252761/452x259/1.jpg
Requested by: Host: pornito.de
URL: https://pornito.de/assets/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 82b11db00f6e3b6d8ed252d0067df0bcad2e0a9f872ee66a3d0a2f2b8d2b73c1

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:51 GMT
server: nginx
etag: "651b8f9b-1e10"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 7696
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/3057000/3057701/452x259/ Frame 4B7E 13 KB
13 KB 40ms
40ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/3057000/3057701/452x259/1.jpg
Requested by: Host: pornito.de
URL: https://pornito.de/assets/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 2ec54658033eda36acacf610298fdcf8be19d80f97b9c2a75503aa11d8d915da

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:47 GMT
server: nginx
etag: "651b8f97-329e"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 12958
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/1897000/1897429/452x259/ Frame 4B7E 6 KB
6 KB 40ms
40ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/1897000/1897429/452x259/1.jpg
Requested by: Host: pornito.de
URL: https://pornito.de/assets/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 6073a5b7084b6468f138b66a8bc4b0d9ad1128f9a2c480778d2b74a8929e23c0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:50 GMT
server: nginx
etag: "651b8f9a-177a"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 6010
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H2 200 1.jpg
pornito.de/contents/videos_screenshots/3717000/3717700/452x259/ Frame 4B7E 17 KB
18 KB 39ms
39ms Image
image/jpeg 195.90.208.185
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pornito.de/contents/videos_screenshots/3717000/3717700/452x259/1.jpg
Requested by: Host: pornito.de
URL: https://pornito.de/assets/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.90.208.185 Weyhe, Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: h109.hubuhost.com
Software: nginx /
Resource Hash: 067ac57b40fe26760f8cfeff14816138c5f4a1a0517d412c489995a5ae711461

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Tue, 03 Oct 2023 03:50:48 GMT
server: nginx
etag: "651b8f98-451e"
content-type: image/jpeg
cache-control: max-age=31536000, public, no-transform, max-age=31536000
accept-ranges: bytes
content-length: 17694
expires: Sun, 05 Jan 2025 00:01:33 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7EB4 624 B
246 B 70ms
70ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UYqeTEmAEwAQ&v=APEucNWk5he4PrZkRTckdSHqPFOHTmgxd9ZN7DbNzqxQbpVXTyjrXD8bkT_wEByr3G8SXMKJZnfe81adOlaowDBqMpxWGg2bIQG5gWrs4tU56q7g2dxS8azLdltZXigNjnp2VsOreja8NifR0w7-yx9gqySoNP6D-x2H4Os2m7iMkghU94-VRPA

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240103/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 00:01:33 GMT
expires: Sat, 06 Jan 2024 00:01:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 0F64 111 KB
39 KB 88ms
27ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 06:30:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63083
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 06 Jan 2024 06:30:10 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/ Frame 0F64 7 KB
3 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:37:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84215
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 19 Jan 2024 00:37:58 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/ Frame 0F64 23 KB
9 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/abg_lite_fy2021.js

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 14:42:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33517
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 19 Jan 2024 14:42:56 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 0F64 41 KB
14 KB 115ms
54ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21385
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jan 2025 18:05:08 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 0F64 3 KB
1 KB 113ms
52ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/window_focus_fy2021.js

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 15:03:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32276
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 19 Jan 2024 15:03:37 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 0F64 20 KB
9 KB 86ms
26ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 10:12:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49733
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8523
x-xss-protection: 0
server: cafe
etag: 16500369019378894752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 19 Jan 2024 10:12:40 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0F64 204 KB
65 KB 110ms
49ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 00:01:33 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0F64 42 B
63 B 61ms
61ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AdFgLJzkA8gRZBfDZkocl8fK-KtseUXo4pkVMJg5DGxsu4berE0FhtUB5posCAq2IX4ce66UWmDJWEruCTrHLhGZ5y_-3oIp659Hw7LNLUSmYhWIE

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame 00F1 6 KB
3 KB 59ms
50ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=517451%2C19769%2C191668&b=bGVmhQfZf2dxqaYHbHztKt3KeGfbS3tMdEHJ%2CYAqkcrf3fYG9tVH9HetQtRdkTkSWtd92ur%2CbGVmhQfZf5gY1hYHbHztKtDwMKUbS3tMdEHJ&f=3r48Upf4f9ZBVF7HrHAtXC2PzAaPSztKZwCd%2CqxgqhmfWfpgbfZHgHDtRCX9ETeS3tJDxC3%2C3r48Upf4fX63dc7HrHAtXCr9wPTPSztKZwCd&c=300&d=250&e=&g=d18243bfa2950b7f865d2ac411a0005d%2F6857293066795638964&i=197676%2C21630%2C75452&j=52%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=Influencer_TT_advancedad_300x250&r=1704499293834&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/wgpizbdq.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9361a227e46d544fc4fdc27db966411d1f4d0ab05a4938349e614f63885cdb66

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://deli.misaglam.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 840fafeafe2ed3ab-CDG
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 00:01:33 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2FD3 624 B
246 B 69ms
69ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UYqeTEmAEwAQ&v=APEucNWtp8GzpDt6mmjVXg3sluTxHJG4uh0dc7QD9QmeLPvavCwJFAz90YvkJqHnMFQCSY02pGwuL_AtlF9s4aopN--DGczlFTiJljf4Wqp3Xr42yvK_n3OI2i_kz_vTpMKCJyyIz-ZX8vsrqz_XFqm0xB6WJ_tNG0jC1JRGj_tb1a_Mz7wh4l8

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240103/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 00:01:33 GMT
expires: Sat, 06 Jan 2024 00:01:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame A862 111 KB
39 KB 83ms
60ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 06:30:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63083
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 06 Jan 2024 06:30:10 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/ Frame A862 7 KB
3 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:37:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84215
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 19 Jan 2024 00:37:58 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/ Frame A862 23 KB
9 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/abg_lite_fy2021.js

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 14:42:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33517
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 19 Jan 2024 14:42:56 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame A862 41 KB
14 KB 85ms
62ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21385
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jan 2025 18:05:08 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame A862 3 KB
1 KB 92ms
70ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/window_focus_fy2021.js

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 15:03:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32276
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 19 Jan 2024 15:03:37 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame A862 20 KB
8 KB 57ms
34ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 10:12:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49733
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8523
x-xss-protection: 0
server: cafe
etag: 16500369019378894752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 19 Jan 2024 10:12:40 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame A862 204 KB
64 KB 128ms
104ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 00:01:34 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A862 42 B
63 B 60ms
60ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CLArvnDei67Hct11FR1D93wTjV7-tAMp3Cw-dF8Wb2btx2AnlUXdx_sDs9Cu2XkxoYSRveHJRKKknksdY9_GPJ41OS7BqKfP3v7n7AlVYqwxH1Llk

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 58A1 624 B
246 B 68ms
68ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UY_OrEmAEwAQ&v=APEucNXvHQqB0Ar5ttuuYT7575bXy5M9wugxrrFhalz4PhKfiGILo7DlGHyIX-aCMis95gmqBRmEHEZygigv5Y6_3636WyGRnE4u714tS2Wcpza81S5hHJj0Ql17NpyG_qT7RFZ-uXJQFDY1AETQxAxyl6NSDSIZ-vuNVel5id6p8t9NFH7xPEo

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240103/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 00:01:33 GMT
expires: Sat, 06 Jan 2024 00:01:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 84DB 111 KB
39 KB 82ms
79ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 06:30:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63083
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 06 Jan 2024 06:30:10 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/ Frame 84DB 7 KB
3 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:37:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84215
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 19 Jan 2024 00:37:58 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/ Frame 84DB 23 KB
9 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/abg_lite_fy2021.js

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 14:42:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33517
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 19 Jan 2024 14:42:56 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 84DB 41 KB
14 KB 75ms
71ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21385
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jan 2025 18:05:08 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 84DB 3 KB
1 KB 72ms
68ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/window_focus_fy2021.js

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 15:03:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32276
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 19 Jan 2024 15:03:37 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 84DB 20 KB
8 KB 33ms
29ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 10:12:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49733
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8523
x-xss-protection: 0
server: cafe
etag: 16500369019378894752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 19 Jan 2024 10:12:40 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 84DB 204 KB
64 KB 101ms
96ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 00:01:34 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 84DB 42 B
63 B 61ms
61ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CKpayCZ0yC9AxH4PCwUeY_KjOXeXxK3qTpqHpS5xWtMM4xS2FYXdQuPW30TbEOaSbUwCMtdPlUFHLv883kYtLSSl5PseQn63oOI7k0w3APpNP44gc

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 206 a4dd84acd8fa9917ffe7e8897226d5617ef63caf.mp4
u3y8v8u4.aucdn.net/library/257596/ Frame 4B7E 1 MB
1 MB 139ms
51ms Media
video/mp4 2a02:6ea0:c700::21
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://u3y8v8u4.aucdn.net/library/257596/a4dd84acd8fa9917ffe7e8897226d5617ef63caf.mp4
Requested by: Host: adnade.net
URL: https://adnade.net/ptp/?user=pas30
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::21 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 0a16b9c0bc8878077a0ffd9cae294a1d1faff634bcaad2e18f57223a50b4ca58

Request headers

Referer: https://pornito.de/
Accept-Encoding: identity;q=1, *;q=0
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Range: bytes=0-

Response headers

x-77-pop: frankfurtDE
date: Sat, 06 Jan 2024 00:01:34 GMT
x-age-lb: 3419415
x-77-cache: HIT
Content-Range: bytes 0-1553143/1553144
x-accel-date: 1701079879
Content-Length: 1553144
x-77-nzt: EgwB1GY4sQH3Fy00AAwB1GY4EQH3Vk4CAA
x-accel-expires: @1732464753
x-77-age: 3570541
x-cache-lb: HIT
last-modified: Fri, 01 Jul 2022 10:55:09 GMT
accept-ch
server: CDN77-Turbo
etag: "62bed28d-17b2f8"
x-77-nzt-ray: 1cb09c0e0a67d5d35e9898651269f202
content-type: video/mp4
access-control-allow-origin: *
cache-control: max-age=31536000
x-robots-tag: noindex, follow
expires: Sun, 24 Nov 2024 16:12:33 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 7EB4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIT-zZS7dTxKuqLcfFj41Wk&google_cver=1

43 B
743 B

56ms
55ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIT-zZS7dTxKuqLcfFj41Wk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UYqeTEmAEwAQ&v=APEucNWk5he4PrZkRTckdSHqPFOHTmgxd9ZN7DbNzqxQbpVXTyjrXD8bkT_wEByr3G8SXMKJZnfe81adOlaowDBqMpxWGg2bIQG5gWrs4tU56q7g2dxS8azLdltZXigNjnp2VsOreja8NifR0w7-yx9gqySoNP6D-x2H4Os2m7iMkghU94-VRPA
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DiyXC%2BUHTMVmF%2B%2FoG5EiXNzTmiIbERCdEN79YqA%2Bnm6goEAVOuUFCzQeM7jsRpx%2BgM%2F0wE%2BAMLgDPPCYnAb8GwFhh%2FJ%2FXlyywhKsvv%2Fug1vA32c9GffmNZm1lFfMtz42UdZrmADzERFamQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 840fafec0d327035-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIT-zZS7dTxKuqLcfFj41Wk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 7EB4
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZiYXlwJcn5ZcWIariJRKwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDaIaLItDhf5HI26Fa2_0QI&google_cver=1

43 B
730 B

46ms
45ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDaIaLItDhf5HI26Fa2_0QI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UYqeTEmAEwAQ&v=APEucNWk5he4PrZkRTckdSHqPFOHTmgxd9ZN7DbNzqxQbpVXTyjrXD8bkT_wEByr3G8SXMKJZnfe81adOlaowDBqMpxWGg2bIQG5gWrs4tU56q7g2dxS8azLdltZXigNjnp2VsOreja8NifR0w7-yx9gqySoNP6D-x2H4Os2m7iMkghU94-VRPA
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P93P61cLb99isbWrzyod4JY%2Bev82vQwlfTszem1Jl76luv7o52r8c4mjumLh4sQ%2FelKLe43pDGQdxSfeRkR6xJchxjp6FwLtoH6sUYdILGlFHvbQNaDA9ZJgjwfCAf8mj%2FBLJRmH5cKMLg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 840fafec5db57035-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDaIaLItDhf5HI26Fa2_0QI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 7EB4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEEiD9zCF1_xpnagV9JSJatU&google_cver=1

43 B
1006 B

23ms
22ms

Image
image/gif

185.89.210.212
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEEiD9zCF1_xpnagV9JSJatU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UYqeTEmAEwAQ&v=APEucNWk5he4PrZkRTckdSHqPFOHTmgxd9ZN7DbNzqxQbpVXTyjrXD8bkT_wEByr3G8SXMKJZnfe81adOlaowDBqMpxWGg2bIQG5gWrs4tU56q7g2dxS8azLdltZXigNjnp2VsOreja8NifR0w7-yx9gqySoNP6D-x2H4Os2m7iMkghU94-VRPA

Protocol

Server

185.89.210.212 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
an-x-request-uuid: 6c59788d-b821-4777-afca-6d53c7036446
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 37.59.164.103; 37.59.164.103; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEEiD9zCF1_xpnagV9JSJatU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 7EB4
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTM4NTUwMTUwMDUxMDY5ODIxMA%3D%3D

170 B
243 B

36ms
36ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTM4NTUwMTUwMDUxMDY5ODIxMA%3D%3D

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
an-x-request-uuid: c679d0f8-6ae3-40d3-9dfd-e19bbfd73a83
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTM4NTUwMTUwMDUxMDY5ODIxMA%3D%3D
x-proxy-origin: 37.59.164.103; 37.59.164.103; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.50/one-ad/ Frame 00F1 115 KB
14 KB 36ms
36ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=517451%2C19769%2C191668&b=bGVmhQfZf2dxqaYHbHztKt3KeGfbS3tMdEHJ%2CYAqkcrf3fYG9tVH9HetQtRdkTkSWtd92ur%2CbGVmhQfZf5gY1hYHbHztKtDwMKUbS3tMdEHJ&f=3r48Upf4f9ZBVF7HrHAtXC2PzAaPSztKZwCd%2CqxgqhmfWfpgbfZHgHDtRCX9ETeS3tJDxC3%2C3r48Upf4fX63dc7HrHAtXCr9wPTPSztKZwCd&c=300&d=250&e=&g=d18243bfa2950b7f865d2ac411a0005d%2F6857293066795638964&i=197676%2C21630%2C75452&j=52%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=Influencer_TT_advancedad_300x250&r=1704499293834&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=517451%2C19769%2C191668&b=bGVmhQfZf2dxqaYHbHztKt3KeGfbS3tMdEHJ%2CYAqkcrf3fYG9tVH9HetQtRdkTkSWtd92ur%2CbGVmhQfZf5gY1hYHbHztKtDwMKUbS3tMdEHJ&f=3r48Upf4f9ZBVF7HrHAtXC2PzAaPSztKZwCd%2CqxgqhmfWfpgbfZHgHDtRCX9ETeS3tJDxC3%2C3r48Upf4fX63dc7HrHAtXCr9wPTPSztKZwCd&c=300&d=250&e=&g=d18243bfa2950b7f865d2ac411a0005d%2F6857293066795638964&i=197676%2C21630%2C75452&j=52%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=Influencer_TT_advancedad_300x250&r=1704499293834&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 578024
cf-polished: origSize=118430
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 02 Nov 2023 10:26:17 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KbyTcm3GFEQ8VvQx%2FvXKq6kieYOMJYYrJD%2B9ZJGmYSZaEiV%2FOAhCqEffCyLANGmBnKkcEI0qPbkqC1Y7qFlBWJ%2F9ejvU2aoeQ4s9niYwkjuDklx7bGJzGAXi%2Fxh5qRt33pH4L9FArjU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 840fafeb5a972a5c-CDG
expires: Sun, 07 Jan 2024 00:01:33 GMT

GET
H2 200 F640CC63169592A599BD013A94FBF9808C7E0C5963B29541589A777279BF9E09B90A338BCC15BD5E7A2D76B7DE5E967ACA9F48F826D86E56D945E849557F023A
assets.ad4m.at/logo/ Frame 00F1 27 KB
27 KB 61ms
51ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/F640CC63169592A599BD013A94FBF9808C7E0C5963B29541589A777279BF9E09B90A338BCC15BD5E7A2D76B7DE5E967ACA9F48F826D86E56D945E849557F023A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=517451%2C19769%2C191668&b=bGVmhQfZf2dxqaYHbHztKt3KeGfbS3tMdEHJ%2CYAqkcrf3fYG9tVH9HetQtRdkTkSWtd92ur%2CbGVmhQfZf5gY1hYHbHztKtDwMKUbS3tMdEHJ&f=3r48Upf4f9ZBVF7HrHAtXC2PzAaPSztKZwCd%2CqxgqhmfWfpgbfZHgHDtRCX9ETeS3tJDxC3%2C3r48Upf4fX63dc7HrHAtXCr9wPTPSztKZwCd&c=300&d=250&e=&g=d18243bfa2950b7f865d2ac411a0005d%2F6857293066795638964&i=197676%2C21630%2C75452&j=52%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=Influencer_TT_advancedad_300x250&r=1704499293834&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b0243f138db50afdb28a54242c35a35b8b6fc3b75dc54b48b692e1079f0ef65

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1926050
cf-polished: origFmt=png, origSize=28334
alt-svc: h3=":443"; ma=86400
content-length: 27158
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Nov 2023 06:51:24 GMT
server: cloudflare
etag: "deb8a0c0f7089f71e34f7b2fe1bd87b9"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BcKVUxMITvC5rf9hBn7yn7jHdKVfZqKaRZgzt7Q87p9fAVc6ZJR8dPxRD2jX7ev1yMP73wH%2B3F0teAlFkQNFRP2Wf7wqBrMtVamVzk2DasjNAGuR%2BNVdXNjhpPEGPT%2FW84lqqucCVGZtkRpJ"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 840fafeb6e7bd3ab-CDG

GET
H2 200 59E6F31680B5B8C19AB657B268D238D601D32F2003EFBB9470F1DFB488CB3FE25FAA05C0020ECA19336F8413EBAAD052BBA83F938B08C6CFE70D9A9BF9DFC68E
assets.ad4m.at/ Frame 00F1 136 KB
136 KB 41ms
31ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/59E6F31680B5B8C19AB657B268D238D601D32F2003EFBB9470F1DFB488CB3FE25FAA05C0020ECA19336F8413EBAAD052BBA83F938B08C6CFE70D9A9BF9DFC68E
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=517451%2C19769%2C191668&b=bGVmhQfZf2dxqaYHbHztKt3KeGfbS3tMdEHJ%2CYAqkcrf3fYG9tVH9HetQtRdkTkSWtd92ur%2CbGVmhQfZf5gY1hYHbHztKtDwMKUbS3tMdEHJ&f=3r48Upf4f9ZBVF7HrHAtXC2PzAaPSztKZwCd%2CqxgqhmfWfpgbfZHgHDtRCX9ETeS3tJDxC3%2C3r48Upf4fX63dc7HrHAtXCr9wPTPSztKZwCd&c=300&d=250&e=&g=d18243bfa2950b7f865d2ac411a0005d%2F6857293066795638964&i=197676%2C21630%2C75452&j=52%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=Influencer_TT_advancedad_300x250&r=1704499293834&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcc45fa8c015a15822ff8cfa426bfc130f26cfdca3be4b4d06ec5896890aa155

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 19174
cf-polished: origFmt=png, origSize=233132
alt-svc: h3=":443"; ma=86400
content-length: 138904
cf-bgj: imgq:85,h2pri
last-modified: Mon, 27 Nov 2023 13:45:41 GMT
server: cloudflare
etag: "8c0efc7ad483766538398f62d2140231"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FiojoRy%2Fbe7LdKb7ZzOZ3g7ERDcXqanBiU3ZyWu7zJPEtxX6P8%2BFGzZ2fkaeCp7gRqGZ2%2Fc3uaKvcTZMJ8y20P5BlhRQTK9Hi%2BytNEw13CDWXfjGeiWNZgQSv%2Fcd%2B7kS9TmmJCGK3EK8Y5zZ"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 840fafeb6e76d3ab-CDG

GET
H2 200 tsv
shsorb.zecplus.de/ts/94084/ Frame 00F1 43 B
376 B 113ms
26ms Image
image/gif 34.77.79.66
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shsorb.zecplus.de/ts/94084/tsv?amc=dis.blbn.455799.507632.CRTh7LpeGGY&smc1=oneidbGVmhQfZf2dxqaYHbHztKt3KeGfbS3tMdEHJoneid__Influencer_TT_advancedad_300x250&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=517451%2C19769%2C191668&b=bGVmhQfZf2dxqaYHbHztKt3KeGfbS3tMdEHJ%2CYAqkcrf3fYG9tVH9HetQtRdkTkSWtd92ur%2CbGVmhQfZf5gY1hYHbHztKtDwMKUbS3tMdEHJ&f=3r48Upf4f9ZBVF7HrHAtXC2PzAaPSztKZwCd%2CqxgqhmfWfpgbfZHgHDtRCX9ETeS3tJDxC3%2C3r48Upf4fX63dc7HrHAtXCr9wPTPSztKZwCd&c=300&d=250&e=&g=d18243bfa2950b7f865d2ac411a0005d%2F6857293066795638964&i=197676%2C21630%2C75452&j=52%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=Influencer_TT_advancedad_300x250&r=1704499293834&y=1&s=&z=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.77.79.66 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

66.79.77.34.bc.googleusercontent.com

Software

IGT/2018 2.0 /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:33 GMT
last-modified: Sat, 06 Jan 2024 00:01:34 GMT
server: IGT/2018 2.0
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, private, post-check=0, pre-check=0
content-length: 43
x-xss-protection: 0
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
assets.ad4m.at/logo/ Frame 00F1 4 KB
5 KB 61ms
52ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=517451%2C19769%2C191668&b=bGVmhQfZf2dxqaYHbHztKt3KeGfbS3tMdEHJ%2CYAqkcrf3fYG9tVH9HetQtRdkTkSWtd92ur%2CbGVmhQfZf5gY1hYHbHztKtDwMKUbS3tMdEHJ&f=3r48Upf4f9ZBVF7HrHAtXC2PzAaPSztKZwCd%2CqxgqhmfWfpgbfZHgHDtRCX9ETeS3tJDxC3%2C3r48Upf4fX63dc7HrHAtXCr9wPTPSztKZwCd&c=300&d=250&e=&g=d18243bfa2950b7f865d2ac411a0005d%2F6857293066795638964&i=197676%2C21630%2C75452&j=52%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=Influencer_TT_advancedad_300x250&r=1704499293834&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7df956c080a1bb3ed36decdc5b978505ddf07aa8d4b1b69e6ded3a9773464a2b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14451
cf-polished: qual=85, origFmt=jpeg, origSize=7258
alt-svc: h3=":443"; ma=86400
content-length: 4294
cf-bgj: imgq:85,h2pri
last-modified: Wed, 01 Nov 2023 09:56:16 GMT
server: cloudflare
etag: "679602b08629bcaaabfcfad4e68fe53a"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lOq73i%2By3Xq%2F5hEkoX1C2BXeoJ%2FpNruw5uK9o9Yk7mkfXGEltAdZAghyU1%2BLm3ZEHrcubgiiXmE%2BEg34dJNRQG%2BHY6BWeQhtpVe2F6k1oSyW5pw9SHwwiusJeIddyEKeylcjsali%2Bi6lCeVR"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 840fafeb6e78d3ab-CDG

GET
H2 200 287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
assets.ad4m.at/ Frame 00F1 15 KB
16 KB 61ms
52ms Image
image/jpeg 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=517451%2C19769%2C191668&b=bGVmhQfZf2dxqaYHbHztKt3KeGfbS3tMdEHJ%2CYAqkcrf3fYG9tVH9HetQtRdkTkSWtd92ur%2CbGVmhQfZf5gY1hYHbHztKtDwMKUbS3tMdEHJ&f=3r48Upf4f9ZBVF7HrHAtXC2PzAaPSztKZwCd%2CqxgqhmfWfpgbfZHgHDtRCX9ETeS3tJDxC3%2C3r48Upf4fX63dc7HrHAtXCr9wPTPSztKZwCd&c=300&d=250&e=&g=d18243bfa2950b7f865d2ac411a0005d%2F6857293066795638964&i=197676%2C21630%2C75452&j=52%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=Influencer_TT_advancedad_300x250&r=1704499293834&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c8aaf3a0a4a9840eef8109904bf9d8ca3cf0933567fc63c82f239b7bd344ce3

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2090416
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 15521
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Nov 2023 08:09:52 GMT
server: cloudflare
etag: "269bd58060bc660c3aec98b388bae571"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vI5WU9pVpFr0w56RBUZhKvqPPoxTUBQNWd%2BHOUJU7Tbq9LmQ%2B7CWP%2BwIpaqRxKea1ZmgQI3mYsqb%2Fw2ImhP9JSIoPhq0Ws6gmKYNI%2BTPzYzV77HEyfHpvazwbpzsQSOIJAhH49ksvzx3t%2FB%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 840fafeb6e79d3ab-CDG

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 00F1 43 B
702 B 163ms
87ms Image
image/gif 104.102.45.165
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2531885&v=14702&q=365825&r=412871&pv=1&pref3=oneidYAqkcrf3fYG9tVH9HetQtRdkTkSWtd92uroneid__Influencer_TT_advancedad_300x250&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.102.45.165 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-102-45-165.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Jan 2024 00:01:34 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H2 200 120F96A75D6F4DFA8C180C0B166F56DE52DF6CCE7132AA81A0F39370D0B66A11D11DF772A5F37667D848D1EFAD34C7BB21F4F1EC3CC3BACAA138FC27CB46D84C
assets.ad4m.at/logo/ Frame 00F1 4 KB
5 KB 60ms
51ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/120F96A75D6F4DFA8C180C0B166F56DE52DF6CCE7132AA81A0F39370D0B66A11D11DF772A5F37667D848D1EFAD34C7BB21F4F1EC3CC3BACAA138FC27CB46D84C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=517451%2C19769%2C191668&b=bGVmhQfZf2dxqaYHbHztKt3KeGfbS3tMdEHJ%2CYAqkcrf3fYG9tVH9HetQtRdkTkSWtd92ur%2CbGVmhQfZf5gY1hYHbHztKtDwMKUbS3tMdEHJ&f=3r48Upf4f9ZBVF7HrHAtXC2PzAaPSztKZwCd%2CqxgqhmfWfpgbfZHgHDtRCX9ETeS3tJDxC3%2C3r48Upf4fX63dc7HrHAtXCr9wPTPSztKZwCd&c=300&d=250&e=&g=d18243bfa2950b7f865d2ac411a0005d%2F6857293066795638964&i=197676%2C21630%2C75452&j=52%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=Influencer_TT_advancedad_300x250&r=1704499293834&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c331eb86d87b1684540ddb6544a96d3f9b975141681f028ae97b0c5bcf4b64b3

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 21260
cf-polished: origFmt=png, origSize=12853
alt-svc: h3=":443"; ma=86400
content-length: 4258
cf-bgj: imgq:85,h2pri
last-modified: Thu, 12 Oct 2023 15:42:23 GMT
server: cloudflare
etag: "40eca896a1af9011ff26d05bf97e80fc"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RNbVC8epemLSlq9NbznSw0Lyb0aYXLDJlourpkb%2FTZhSuGwI6pNxGK4ngYsuDj1fm6tRpq3VCNTxDcDbYeVzLGnA%2BNxUkuZt35SSC3J%2Fq2gTSCwuFNp15NEtG6%2BGH%2FZ1cj32%2Fpq7X%2Fslu1am"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 840fafeb6e7ad3ab-CDG

GET
H2 200 71613ACF08169DC6086C040AE52307CEF098D4B356E4B796716A9DBCF0EC1F05DFBCD36FB6577E1AFB510DCB27E1A87ABB105BDF2D2322D292DF64F8BA6C23F2
assets.ad4m.at/product_image/ Frame 00F1 35 KB
36 KB 60ms
51ms Image
image/jpeg 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/71613ACF08169DC6086C040AE52307CEF098D4B356E4B796716A9DBCF0EC1F05DFBCD36FB6577E1AFB510DCB27E1A87ABB105BDF2D2322D292DF64F8BA6C23F2
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=517451%2C19769%2C191668&b=bGVmhQfZf2dxqaYHbHztKt3KeGfbS3tMdEHJ%2CYAqkcrf3fYG9tVH9HetQtRdkTkSWtd92ur%2CbGVmhQfZf5gY1hYHbHztKtDwMKUbS3tMdEHJ&f=3r48Upf4f9ZBVF7HrHAtXC2PzAaPSztKZwCd%2CqxgqhmfWfpgbfZHgHDtRCX9ETeS3tJDxC3%2C3r48Upf4fX63dc7HrHAtXCr9wPTPSztKZwCd&c=300&d=250&e=&g=d18243bfa2950b7f865d2ac411a0005d%2F6857293066795638964&i=197676%2C21630%2C75452&j=52%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=Influencer_TT_advancedad_300x250&r=1704499293834&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 81bb9ca7f132df1282fb961eb59ce5e0bfb23c3946f578d046088da672650d12

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1936211
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 36053
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Nov 2023 08:15:37 GMT
server: cloudflare
etag: "d5b42731623c7d6d385a5ed6ec6d805a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BT4VyZnlEASlNSfhWLlv1UNwdI1yiHxOc9A3F7NmrmkRYfrYUvsIpupB4iLCj5bXreKN4uVU7%2BTqoZAog6dDixtbGJb1hQ%2BWaffTeojrhvl6J0PkSK09fhMbogc52tfIg%2BzXwlMZsbzhanQL"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 840fafeb6e7ed3ab-CDG

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 00F1 43 B
702 B 156ms
79ms Image
image/gif 104.102.45.165
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2974903&v=22835&q=421902&r=412871&pv=1&pref3=oneidbGVmhQfZf5gY1hYHbHztKtDwMKUbS3tMdEHJoneid__Influencer_TT_advancedad_300x250&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.102.45.165 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-102-45-165.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Jan 2024 00:01:34 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 2FD3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECdvHaNyjqkhYSYB8u4FDS8&google_cver=1

43 B
770 B

44ms
43ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECdvHaNyjqkhYSYB8u4FDS8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UYqeTEmAEwAQ&v=APEucNWtp8GzpDt6mmjVXg3sluTxHJG4uh0dc7QD9QmeLPvavCwJFAz90YvkJqHnMFQCSY02pGwuL_AtlF9s4aopN--DGczlFTiJljf4Wqp3Xr42yvK_n3OI2i_kz_vTpMKCJyyIz-ZX8vsrqz_XFqm0xB6WJ_tNG0jC1JRGj_tb1a_Mz7wh4l8
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KfMLcd9dSpoU7cN48W9t36lteF%2BMR3B4QTdzrivTpmklKUPHEpXdfzqzX6moOIwjNM1tPa3pnOBW9HZwo0sA9L%2FxMfx0GQdIxTfpl%2FiEWf4Z0J9aiQ%2BcfSwnZrhn%2B6yxISyG4prTQHvmng%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 840fafec0d317035-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECdvHaNyjqkhYSYB8u4FDS8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 2FD3
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZiYXlwJcn5ZcWIariJRKwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDaIaLItDhf5HI26Fa2_0QI&google_cver=1

43 B
731 B

43ms
43ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDaIaLItDhf5HI26Fa2_0QI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UYqeTEmAEwAQ&v=APEucNWtp8GzpDt6mmjVXg3sluTxHJG4uh0dc7QD9QmeLPvavCwJFAz90YvkJqHnMFQCSY02pGwuL_AtlF9s4aopN--DGczlFTiJljf4Wqp3Xr42yvK_n3OI2i_kz_vTpMKCJyyIz-ZX8vsrqz_XFqm0xB6WJ_tNG0jC1JRGj_tb1a_Mz7wh4l8
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LVTfn7rN3DKdHQcGvBFOvuKGZkjzeSKNBCfGVBktYRb%2Fl0tvIMvWu5sEJToluVcXrXKCRH9zbbKrSySQaOTp1KEUmgCmtRda2112bfMIxKHdlJZ9KGFyeo2zQiyCn8ZP9i7a%2BGaLWFsxXw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 840fafec5db27035-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDaIaLItDhf5HI26Fa2_0QI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 2FD3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEO31s4_GqALo5MJtWrdIfxg&google_cver=1

43 B
1006 B

23ms
21ms

Image
image/gif

185.89.210.212
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEO31s4_GqALo5MJtWrdIfxg&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UYqeTEmAEwAQ&v=APEucNWtp8GzpDt6mmjVXg3sluTxHJG4uh0dc7QD9QmeLPvavCwJFAz90YvkJqHnMFQCSY02pGwuL_AtlF9s4aopN--DGczlFTiJljf4Wqp3Xr42yvK_n3OI2i_kz_vTpMKCJyyIz-ZX8vsrqz_XFqm0xB6WJ_tNG0jC1JRGj_tb1a_Mz7wh4l8

Protocol

Server

185.89.210.212 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
an-x-request-uuid: 275bece4-8f7b-46d7-923d-38b22b98224a
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 37.59.164.103; 37.59.164.103; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEO31s4_GqALo5MJtWrdIfxg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 2FD3
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTM4NTUwMTUwMDUxMDY5ODIxMA%3D%3D

170 B
232 B

38ms
36ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTM4NTUwMTUwMDUxMDY5ODIxMA%3D%3D

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
an-x-request-uuid: ddebda81-7db1-4d9e-b3ec-df479513085a
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTM4NTUwMTUwMDUxMDY5ODIxMA%3D%3D
x-proxy-origin: 37.59.164.103; 37.59.164.103; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 84DB 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4665222bb5348343e7c6647e77c7c430a6b0dbaa6eaf156e71b7df9853530bc7

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/7135979241717318397/ Frame 1CCA 34 KB
6 KB 81ms
27ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

17deedac533c71f5d9bd4afad0ff830415948ddd4f69ce42ccedada14639c605

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 119227
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5755
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 04 Jan 2024 14:54:27 GMT
expires: Fri, 03 Jan 2025 14:54:27 GMT
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 0F64 0
0 130ms
70ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjstSI_fbswlajSRqUnyz2cf4ir2E5sfsf66pS8QEPFfp1vc9v3-oRpHFlrJej1d08-oPVnkXpT4iEB3Dz7nfVLZfzk4EUm23iZuGTkTDaXZr1ctGiHKh1PTHs7waJ3YG6CH6Yb7IlokJIE9oIlwanlpJq97-y8Kqh7WIgzIkvuwNnM1bz7Ip2-wJBxiiQjm-AdsppKGKeOYEFPL1HIB1KAg4bcrLjFIo8dd4_YfuKd75aJXTLGj1OAegN1FRbJpYrAxDPBed5KQSG17sZk4oPxEHFmQ6_ZBJW__6GEmkjzFCanqIt1a8HsXCTwGyTzPCD_SLBmwtRxMHf7cNfkbe7lBlaZN9dVEPRdrQ3EXBk5PX3JsZZZosQ2QkGrFEHCJo6A_ToZM6ofkPgLJRxKdvk7TmAQI9ABVuKPNYs5Qc9jqFmUAQlo24GZJ6ylWcvkcmXACFY7-GEip_F1QhSgRj2LKs_0VORUciDBL-Sml0PTwMzGCsPJOwzm8ARsgRXv7ScFZ4qNlxqME0dMe3zII-DyKyIni6jRXewLqWO-SE5vuz5oQ2IdMMWvu1pcCeKHqMTC2dcaSCsS2k75jq8fRnKzaSkYSLBvMLCIhssu9DIKIg1fFnMUMb4s1diQWF-3KKziSn0OKbFzq7SJeGiLkTDjYcMRiHuTpyjn01Rq_uF0w4vI2_wydrg_xSBj4fNPh7POIXTjCFOSip-ZtCLIm5yzp_Z2ZWf_HRwZnGY3YC9czO1bKLAVafgMw1_6ZgWpE141HxL4Tga7glaqxwKLwvmQucHcJ2s_VkEKv-jnpGw_l1d-geJNma0pEFXd85WXukOIWgbOIX2IedBHoG-5WR1TTCrKf159D1oR4jctfs5VwzfDtCXYOCdpj86wgqSU2YLdom189oYqY_ON6wblazdzeK0RJUCwBvphsoVIUZtAyRxIgnw3abQVfFQMuI4zbxTvkgBbrpbYpuvkqT0L7BEBO9GJKKioa8XixZuOEBSK4U_hrePekLkzTb9_1zCSssVY-qtH2ALPfgwxQtfgdVjkGlIsPemrdVjJnFZNzET6YdBzle-ycJgp05Ov20L8CjO-Zx5RZm-HDs1VrsDxRlEJJ8I8Wab5i6lvxxEQCL-WO70Ab7-oczgBQ8mYz6P1zGYHwpxeSc_nM0m-8Bf0oVqVVATaDgm3gRBVHq3UOtmKQvQN4oSvi4GkuMrnVd7nE5udxrpu-QqBBWb4xoZE1aFgDsW8X7XnUjY-sC_MgolWQshDH8Qu6aiv32J-I1wXDJSA&sai=AMfl-YRMQngphE3IzKoFocTUaJGaUmVxKRL_YWSW2mxQbdLe1XvwfS71ctDTV-GuKJreRi11sXfC0o03C6ylMF8nO_hbMwZKAr0BSGRBNOdu7BU4fXzFjla5e7j7kEjAN_xR5BooQvCL2guNJ3yygsKzIVBR4sY6uqV65UGts3X93b6m_zaxdYNZJDrwO0UnG4WKO3bPFzBWXo4KcXH6M9n8dK-wChM5C5rMVcGNEZNQGn0rMHfBSZF9YlFOqhYbJDB3IaJpUfl82SrHZt6UI6KI6c9V7SQtitkFwVlfMC0H_FMTzQYPHdnQaBi8-CqMcCevjn8xNI6iJaqTUWqY93ldnsy_6WWMcpf1yBEbSJ-oUBJ3sUYRqWy2Bg331cNa-IER1G7-LcWB3sBMFJGCD5pVrrW0KWmCVWZ9eh7ZT6y8t4VCzb-4M9tLHRER_bX51fxzSRY3s1I2tC8T3B2QYvQNDc7LzSXWbTw1pzsgitwzZnuQEhZC2rw17g2CzH1ivWIi7g1zXYP9k-4&sig=Cg0ArKJSzKUF3ULjaqocEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9iaXRkZWZlbmRlci5jb20saHR0cHM6Ly9iaXRkZWZlbmRlci5mcg&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=128&cbvp=1&cstd=126&cisv=r20240103.37737&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 06 Jan 2024 00:01:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 58A1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDaIaLItDhf5HI26Fa2_0QI&google_cver=1

43 B
735 B

52ms
52ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDaIaLItDhf5HI26Fa2_0QI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UY_OrEmAEwAQ&v=APEucNXvHQqB0Ar5ttuuYT7575bXy5M9wugxrrFhalz4PhKfiGILo7DlGHyIX-aCMis95gmqBRmEHEZygigv5Y6_3636WyGRnE4u714tS2Wcpza81S5hHJj0Ql17NpyG_qT7RFZ-uXJQFDY1AETQxAxyl6NSDSIZ-vuNVel5id6p8t9NFH7xPEo
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uHfPIy71hiBtFlyth1ecwm3uB4HhKq3E2x%2FLgFP%2BzeZiAbEEdJqCZjw4QoS26KsO7NJhS1zceMGGjnueK2InVBuSfbzYNwM06Mem2Fx%2BhYXTT2cqlbCdLtfIrV7%2FskW%2BLiplfN8rZaz%2Bhw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 840fafec0d337035-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDaIaLItDhf5HI26Fa2_0QI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 58A1
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZiYXjsyNev1t-M37E5xjAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDaIaLItDhf5HI26Fa2_0QI&google_cver=1

43 B
731 B

61ms
61ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDaIaLItDhf5HI26Fa2_0QI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UY_OrEmAEwAQ&v=APEucNXvHQqB0Ar5ttuuYT7575bXy5M9wugxrrFhalz4PhKfiGILo7DlGHyIX-aCMis95gmqBRmEHEZygigv5Y6_3636WyGRnE4u714tS2Wcpza81S5hHJj0Ql17NpyG_qT7RFZ-uXJQFDY1AETQxAxyl6NSDSIZ-vuNVel5id6p8t9NFH7xPEo
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zCDc%2BFDBpuBMOe5aW%2BOCtfPyLoCR8S8dFHN9zhJcedlgDvSQp2kMcQ5FOP394I2KMz2IHB2Qd3ESb3n9V4zi5r3WjE5e1NA%2Bj2j1smNmbdJV8rD3N5K%2FnsAMxXfaostb3hnckyYbzbo6kA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 840fafec9df27035-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDaIaLItDhf5HI26Fa2_0QI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 58A1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECk4v_tItC9JVzl9ujtfch4&google_cver=1

43 B
1008 B

25ms
24ms

Image
image/gif

185.89.210.212
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESECk4v_tItC9JVzl9ujtfch4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UY_OrEmAEwAQ&v=APEucNXvHQqB0Ar5ttuuYT7575bXy5M9wugxrrFhalz4PhKfiGILo7DlGHyIX-aCMis95gmqBRmEHEZygigv5Y6_3636WyGRnE4u714tS2Wcpza81S5hHJj0Ql17NpyG_qT7RFZ-uXJQFDY1AETQxAxyl6NSDSIZ-vuNVel5id6p8t9NFH7xPEo

Protocol

Server

185.89.210.212 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
an-x-request-uuid: da43ad5d-7eaf-40b5-bf4e-df879c50d899
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 37.59.164.103; 37.59.164.103; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESECk4v_tItC9JVzl9ujtfch4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 58A1
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzgxOTAyNTI1MTU3MTE3NTExNQ%3D%3D

170 B
232 B

37ms
37ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzgxOTAyNTI1MTU3MTE3NTExNQ%3D%3D

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
an-x-request-uuid: 36e08681-5283-444e-ae69-7e32d38f0194
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzgxOTAyNTI1MTU3MTE3NTExNQ%3D%3D
x-proxy-origin: 37.59.164.103; 37.59.164.103; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame A91A 38 KB
13 KB 27ms
26ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 310576
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 02 Jan 2024 09:45:18 GMT
expires: Wed, 01 Jan 2025 09:45:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 8216 38 KB
13 KB 28ms
28ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 310576
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 02 Jan 2024 09:45:18 GMT
expires: Wed, 01 Jan 2025 09:45:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame ADBE 38 KB
13 KB 26ms
26ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 310576
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 02 Jan 2024 09:45:18 GMT
expires: Wed, 01 Jan 2025 09:45:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/7135979241717318397/ Frame 842B 34 KB
6 KB 58ms
31ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

17deedac533c71f5d9bd4afad0ff830415948ddd4f69ce42ccedada14639c605

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 119227
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5755
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 04 Jan 2024 14:54:27 GMT
expires: Fri, 03 Jan 2025 14:54:27 GMT
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame A862 0
0 105ms
73ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsvDLHBMzG2OYxYezYp1Ca23ryB7oLGyyfAgyXBSTiqSBcvHri_NIDXpzinutDpku7zHnttq7ZDNm9Jwz3kGgY9HSWKEXq0_vgCESx6EHOSlYJZJshrdbNN71E5BVQLdWK6nNKM2O8AHv389y8mDxepEl2ly8JSmcrIC_5l3oWUUYDhAuM6nQFgcVhVic_zqD9bioawp3BZCKVqnWOz5NaYkFGqu4MGiGagodDGB5eYlwitrR2Hc0Be4qOjAR9NukuUUQ5EgTeHCi_IfHcls0jQXkTPT6EbUdRcRm9Mx02JdQH3d_gGHAui-7OyqgJ645yrlUeg-wVyPe40Pw96bMxYL_v3BdEV2lXIMRhcdh9-6Q-6H6JfiIxkDHSAtAffeBnf8pC-DW36LT7FqPF6rHdJfQRPUV18mAXRcHDsfOYBKDZ9OyjWZEKYMeIPDE3yjUPTEkSXZOXl2xGn_GodcFQCwqOANHXmnPUDu7dwco6J_ZkwJ8bWdkSpbjW3gLi7smT098hwOaXr2SMJ7NlxeTdCLvPo-Mvpdb-PB3VtUlrZF99CvZDL_kuOOMLDAdVOPzLvU6DiNbRYlfKwru0dY9Sf_gekrIMDBYIsQ8XGLHyjmvL3SmO0L-UFV2KKVuubzKP28YkgEle9vCjdbX1LTsoPIAl4eKJmrkWC8v03bqucBmG-yHL2CYr12DmQLo_CqNABSDIDRP1-8YWhOJdHJXcP8P4Dp2iObFTX0EH-vpW9GLGGX-l9TGzG7wYbGr8SHFQoCFD0MxFaI4eg7aYiQFaKQ13bmT3N-SGLU-sB94u5U0QHArhABPuXmWa2Q0efK-kQPXNCx14NoUwfxzbUBmhb_T87mwjNdkvqt9iJpVVkLqviyOsumSPlqi-pbAYK0S4fjqZXJKyV1jioJ7POpqqj-qFL_NlNrE4ziDtmks3B5ZEH7BmNmco81EG9YgDXP1UrBQ7RdOeiOxRyViwpkVhQykFmEyvjt9cx1o2h6psk8l7z-ssPzYN7WzqIh8nB9_-km45Y5HrblEyIMO0UUgILO5ikCl_DG47to1uME5k5FJQZ-GiFlhLbYQjSX-GjykuEOHHsPr9jMUZrfI_irSgq3CEfz5UEr6gEe-zWpS6auheg8v9FFEg9Co2iyUDCf1jT0riK3M2cMwLjwl0oacuk6gcs75WRBeuacD9Zj7CfTsQ04TK8gvE3FtmPsWx1HjP7WZ157_hUAri4yZZ9pgfVCxAwJsTrWCqaHXD8NpOwNgRcfoW-jhSsT59dG_FIQcg&sai=AMfl-YRpGUlin-M-kI9_1FqTH1X5EgxEvSGTz4oeLKBgjv-oRyWXJWRvslT6SySN-fT8EBktlBp_5QjNoLom9rvy4DVO-UzbU1uQ0qeqQzcXFgHpmCVTg3sibuyQFZNEOE4Ww73dJ423KDeLFdfuTd6XL5-tO-tZ_p1E270YbyuNaXYVwkqPndr-S6HHzVKD80yL1Ysj_gcdSRrunXB92nwqltWGTpp1SVgvMsy2UgXyA8s9vJ608TwZxNEqGAVFZQCzaa_w68CalYY6m3BqbDwEjb3QcXeOclXkzzA7MOzO9NKVN5sMtT7IBkEy5QuZ2TpK5p75qrJWl5Of3AVBXVi97bkNlAcXORwXTwwru4KtLtB7XtJx3ngl4RLnVRzaQ8sTiful1Vjf3_QdNjsD0hMHATDMR6QLDF0RUCBgr1bLF65RZj6uk2b4vhzX3eAkhQ7MKPzH7mCSKmLs4KPfoo3MIRKn_ccuW4Zyk6VwVatpR1pAEi2IgMn2hRSEHgzRHcyNtgLDDb0Z3UA&sig=Cg0ArKJSzOMhqnFsDQ4LEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9iaXRkZWZlbmRlci5jb20saHR0cHM6Ly9iaXRkZWZlbmRlci5mcg&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=117&cbvp=1&cstd=116&cisv=r20240103.81692&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 06 Jan 2024 00:01:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/15205685216655332109/ Frame 4D72 31 KB
6 KB 57ms
36ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6bbd36ef2ed3cfff7447866d022aa96df2b0c3d0c7cd00470e6e9605d5435038

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 119993
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5704
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 04 Jan 2024 14:41:41 GMT
expires: Fri, 03 Jan 2025 14:41:41 GMT
last-modified: Thu, 14 Dec 2023 11:10:04 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 84DB 0
0 101ms
74ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsujQkrmoCcHMv88mTyHEypAYDIba_JRVUbdb9zkWXuSAiq4bIjEm618kzL0h8iQKH27IUBCXV-o0kRryq2BFpZzN2bM15oNFmTDDOaRjtBY8hef-QvqxmgDLei5HzYF1Z82CdzdWaHixwNC-f53BgQQeCJzWTjK9Eb4fBX-ZRM-Beq9LVmuEH976PQtxX55csB8lZyoQ9_BavzMqNqSsvOueud-yh0La5xiFM7QEkqtYbZ7rLXf4sK9_1TGggiR1eB4aqTeXFbQJOeYbAuBy-kQ4hOzSqxhXhcS5FAR01g78eQsqnOv0lTUQHiTj7xZEuHD1boR2GUNqDFPYcaT1s8KaGBwNkw6aC63AZjt6opvpLm_LDuph2mzytg8rH3DlOc3KKRNEdyrfgz2qlbze9Y0i3Bbi1qs_X29FT-83x45DEp_vwBPNAt6CWYRh3eHr3AWeQk89ob3zAaqQBVSqIii4NKVbo3LmnRU5bJ3sPRxFEtw8L1irinahllGljRAz9xwYqjptCliErqUABEFttlr3bOh_BzbdkgUHACd-9db9jQlp3YrhI52LSh5qS21ghxTDqeAOxiU6V1vTzJA4w-f2InHpo6gCpAkjm0ahMQFVkr0RAzJ3fwkA3WkG88G_bCLwykCd4ocWfRtzWst11yhkARmtBWDD8ajd_Ii85F6G68IMEePOODPdh3s0IcrtOqB8oVSBwq3_EBe1diZfCzE2APfROARLYVkzNjMJeHLYJk6qvK6xAGJ0rYYUU_wLlAXsRNaI4EfQISogDwiYTWQRrSQiav3yzxD_D0XSdPUF_YvfP5t2rzXE0XDvDvR5-KJcqVNqToup49u1LxhLalbWL145_djQpf_e5DWZcAFRKGMpQXQ21DTSLlUjBVrbIA3bJb1z3vI3SfpYMY1BFMfK5q8qfXurpLYfbHxfOaso9XEOVTk7Jn70vW4sJoiEnVaqbPYDwn5F4VG8OjKAMyl7TkfTnX7k_jW4KNlOP4pnaWykJSVF0qZ24cH9vzW0Bpd-pmlpdi8nR3gapxXnHIxN2H4g7Ykw-W4tlukJpSYZvIqYcg3oWestOI-WCudcmC6eXG2em3lWhMx1NzK6A4H442VRy-h7-_sAdJmNJUe66ZLdT4VGdSvz78VtaO_CbjGVK-fofboSjj0Jlztc5cOhcZOXbBDlc-O5netORTAns6drFUf0yZb-6EmDAWQV52zZN2jKONqiMMil93itA_ieyZkXrSMoBEpjMPkU6HsxvWC83jInMQU45ahVOBVPoY&sai=AMfl-YTJAJYCU3GH62F5_HpvB2JamH6t2brvOw9QHOCvfEEczoKJ4yobGg7IYqGaNGQ_FWLiGPrxCygBaur5dT33fSBYhhebowlWggebra-eqrGUN2-xT3t1mCRHZ5IMosXCq738J6Wc5PhF3GeLH8xtlmzegntq7M7K1zVs_TO2F3K-Awk1jcrVB2WdtgH-JDIMYEBc16gDkVTPKEPOoKlG0dmLvGRKxnm5ofyayViY6n6NSjhrudpNcXNLdxIvbQk4sRxkHe5tw_IlK7R2rZAWKp_hwKvdLoaan6qmASWRqqE8jCPTopERKluR-OzgaKeass0NaDC6N66cua61xQd6fNrt-GDaYRRa3eE6f-w6a_zgMZ9XUfRstbTkiB3BpyJMpE_OrsHFGc7YHtFHH_Tcbuf5dnalRMweXJkMPQ1Fw2wO6-tUoZLoNrnC68xyeh4MTzQIdOnKHCzv8rngJFS6QWGlcjGRMUNxv43711u7sM2JE1aDGbABNCWW3VWqQ3kg9nY1Ng6EkZE&sig=Cg0ArKJSzP9A-X1KdxhREAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9iaXRkZWZlbmRlci5jb20saHR0cHM6Ly9iaXRkZWZlbmRlci5mcg&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=103&cbvp=1&cstd=102&cisv=r20240103.79759&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 06 Jan 2024 00:01:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 8f0cec8041c165cafb6d32d04ed8f04b.js Show response
s0.2mdn.net/sadbundle/7135979241717318397/ Frame 1CCA 135 KB
39 KB 26ms
26ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/8f0cec8041c165cafb6d32d04ed8f04b.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8eb600d1bfa136d87da7690cd2032c1906a76dcc1df0dc43fd0eb219d5356e68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:27 GMT
date: Thu, 04 Jan 2024 14:54:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119227
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39491
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 8f0cec8041c165cafb6d32d04ed8f04b.js Show response
s0.2mdn.net/sadbundle/7135979241717318397/ Frame 842B 135 KB
39 KB 38ms
38ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/8f0cec8041c165cafb6d32d04ed8f04b.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8eb600d1bfa136d87da7690cd2032c1906a76dcc1df0dc43fd0eb219d5356e68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:27 GMT
date: Thu, 04 Jan 2024 14:54:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119227
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39491
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 8f0cec8041c165cafb6d32d04ed8f04b.js Show response
s0.2mdn.net/sadbundle/15205685216655332109/ Frame 4D72 135 KB
39 KB 45ms
45ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15205685216655332109/8f0cec8041c165cafb6d32d04ed8f04b.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8eb600d1bfa136d87da7690cd2032c1906a76dcc1df0dc43fd0eb219d5356e68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:41:41 GMT
date: Thu, 04 Jan 2024 14:41:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119993
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39491
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame A91A 39 KB
15 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 11:09:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46311
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 04 Jan 2025 11:09:43 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 8216 39 KB
15 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 11:09:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46311
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 04 Jan 2025 11:09:43 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame ADBE 39 KB
15 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 11:09:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46311
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 04 Jan 2025 11:09:43 GMT

GET
H/1.1 200
OK vregister.php
s.magsrv.com/ Frame 4B7E 0
669 B 29ms
29ms Image
text/html 95.211.229.248
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.magsrv.com/vregister.php?a=vimp&tracking_event=impression&idzone=4983934&79be2ac47a9e6193f2762904688e358f=tsVuZ8uHLpt4cdvDrq4.fXDj6589dlTlK8E.fPvu6.d3Ht03ceHPW1NZLXThmEd91wNxsSvWMPOZ9PGuqCtxd.aquViRzOeamWCubc25rgbYbtcprgqcpz5de_Xz21wNz2MxwVPuU59_PXz27a4G6oK3M_Pnp47eNcDeM0rmfTz45.efTXA20xW49NThn14eNcDbTEk7ED0ufXvw69evbXA3axTAxXBNLn44d._Pvx4a4G5qs.nDXA2zTNdU5Tny1wNtuWwNOZ8NcDbTFNMDlOfDXA3BVPn14ctdVjOfDXaxHY5nw1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmCidrcvafYlecXrmXnsZjgqfcpz463L2n2JXnF65l5XK7pqYs.O7jx49NbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeYR33W_XXOveu7NTcxS242u7NTnrgbnpmbsarXaYrcempwz49tc9MDUEry8kzbkefLW_XXPVnx11NUuOSr0uVTR2VwTS567KnKV4G8.GuymNd9ip_Ph25.OvJ3r54ce3hvm1y8u9nW.rfTzy68WmvGuCSelyqqCaVeqtiuyrPhrgknpcqqgmlXgltYjgbXpcYqmlz5a6XHXKXKV6oK3F35qq5WJHM55qZYK5tzbmthtmOZqLPhrgbmddcpz4a4G42JW4JXl52HnM.Gty9xqyuCaVeuCRzPhu4cdcDbbFbDTktblOfLXA20xTTA5SvVNZS05nw1yzVNUwT158NcErUz0sFcy8kzbmfDXW5VWvJM25nw10uPQTSrvOTSsSOLwN58Nc9M1.C9VbFdlWe3jrgbnYprlcpz4a2oK8F3nJpWJHF4G8.GuVythqyCvBeema_BevCdzN.aquCV7XK5Ww1ZBXgvPTNfgu25U1TBPXBNLnrYbZjmaiXtcpz1wST0uVVQTSrsRxrwS2sRwNr0uMVTS1Z8tdVjPLPhrqsZ558NdTVME9a9eE7meupqmCeteViRzPXU1TBPWva5TnrZpmuqcpXtcpz4a7ac.GuCWtymViPPhrlmXdslbqz4a4G6XKp5paoLXF42MJrK8.GuBuSyOuDGaVzPhrsqcpXaYnnglez12VOUrtMTzwSvLu0uUWOStYZ63JGII14Kp8.GupqmCetdtytiCPPtrqapgnrXtcpqgmlz462bKY89cDbDdrlNcFTlK7Da9eE7mfLjrgbnpmvwz4a4G5XK7pqYl68J3M.OuBtpiSdiB6VevCdzPlrprZXgltclrmpwXgbz101srwS2uS1zU4LysSOZ67bLIG8.Pfh06efPLzz5cevjvw6d_Pbr58efHVtvsxw6664JHKq2JJ8.Pfh06efPLzz1tTTRQONTS1OS158Y
Requested by: Host: adnade.net
URL: https://adnade.net/ptp/?user=pas30
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 95.211.229.248 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: ds03.evo.0x3e.net
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pornito.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Sat, 06 Jan 2024 00:01:34 GMT
Content-Encoding: gzip
Server: nginx
Accept-CH: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Robots-Tag: noindex, follow

GET
H3 200 9c69f07deadda884c61396a404004929.svg
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 1CCA 1 KB
643 B 27ms
27ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/9c69f07deadda884c61396a404004929.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa3efcb1022504df85ff9f59acd76923266eb8a078b3e746457223967d82ba2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:27 GMT
date: Thu, 04 Jan 2024 14:54:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119227
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 613
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 bf3254c3b5fa5352e62964381dccaa8b.png
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 1CCA 15 KB
15 KB 30ms
29ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/bf3254c3b5fa5352e62964381dccaa8b.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01d8d3a192ae9fc60e6f857b9341d7aeec4d05fc2e2dc3317f65413f8cfb4992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:27 GMT
date: Thu, 04 Jan 2024 14:54:27 GMT
x-content-type-options: nosniff
age: 119227
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14918
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 9401bca7c390a53a04ea672b0266554d.png
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 1CCA 2 KB
2 KB 29ms
29ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/9401bca7c390a53a04ea672b0266554d.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36d54e4a3480145a1431b15dbe05120a18da23bd5221b4f86324775f6a7dcdc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:27 GMT
date: Thu, 04 Jan 2024 14:54:27 GMT
x-content-type-options: nosniff
age: 119227
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2205
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 6d7052ff6df13eae564657f4b45cc79a.svg
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 1CCA 5 KB
3 KB 28ms
28ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/6d7052ff6df13eae564657f4b45cc79a.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf195ab94cbfaf21aaae06763f8600b9801e4a8423311963e8e913cddc06150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Sat, 04 Jan 2025 02:23:04 GMT
date: Fri, 05 Jan 2024 02:23:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77910
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2640
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 9c69f07deadda884c61396a404004929.svg
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 842B 1 KB
643 B 26ms
26ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/9c69f07deadda884c61396a404004929.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/8f0cec8041c165cafb6d32d04ed8f04b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa3efcb1022504df85ff9f59acd76923266eb8a078b3e746457223967d82ba2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:27 GMT
date: Thu, 04 Jan 2024 14:54:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119227
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 613
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 bf3254c3b5fa5352e62964381dccaa8b.png
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 842B 15 KB
15 KB 27ms
26ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/bf3254c3b5fa5352e62964381dccaa8b.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/8f0cec8041c165cafb6d32d04ed8f04b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01d8d3a192ae9fc60e6f857b9341d7aeec4d05fc2e2dc3317f65413f8cfb4992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:27 GMT
date: Thu, 04 Jan 2024 14:54:27 GMT
x-content-type-options: nosniff
age: 119227
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14918
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 9401bca7c390a53a04ea672b0266554d.png
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 842B 2 KB
2 KB 29ms
29ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/9401bca7c390a53a04ea672b0266554d.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/8f0cec8041c165cafb6d32d04ed8f04b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36d54e4a3480145a1431b15dbe05120a18da23bd5221b4f86324775f6a7dcdc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:27 GMT
date: Thu, 04 Jan 2024 14:54:27 GMT
x-content-type-options: nosniff
age: 119227
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2205
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 6d7052ff6df13eae564657f4b45cc79a.svg
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 842B 5 KB
3 KB 30ms
29ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/6d7052ff6df13eae564657f4b45cc79a.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/8f0cec8041c165cafb6d32d04ed8f04b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf195ab94cbfaf21aaae06763f8600b9801e4a8423311963e8e913cddc06150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Sat, 04 Jan 2025 02:23:04 GMT
date: Fri, 05 Jan 2024 02:23:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77910
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2640
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 ibm_plex_sans_700_normal.ttf
s0.2mdn.net/sadbundle/7135979241717318397/fonts/ Frame 1CCA 172 KB
75 KB 27ms
27ms Font
font/ttf 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/fonts/ibm_plex_sans_700_normal.ttf

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

856c41d7d47bba74b107e526ef8f49968fb2a3a129cdc3c5ef5899ba3c2dc181

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
Origin: https://s0.2mdn.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:28 GMT
date: Thu, 04 Jan 2024 14:54:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119226
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76650
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 ibm_plex_sans_500_normal.ttf
s0.2mdn.net/sadbundle/7135979241717318397/fonts/ Frame 1CCA 173 KB
80 KB 31ms
31ms Font
font/ttf 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/fonts/ibm_plex_sans_500_normal.ttf

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11ddde88c29ef7e51f5c03da7fde285085469879139d006f631a62dba9bbd069

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
Origin: https://s0.2mdn.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:28 GMT
date: Thu, 04 Jan 2024 14:54:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119226
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 81411
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 9c69f07deadda884c61396a404004929.svg
s0.2mdn.net/sadbundle/15205685216655332109/media/ Frame 4D72 1 KB
643 B 88ms
88ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15205685216655332109/media/9c69f07deadda884c61396a404004929.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa3efcb1022504df85ff9f59acd76923266eb8a078b3e746457223967d82ba2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:41:41 GMT
date: Thu, 04 Jan 2024 14:41:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119993
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 613
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 1c6b34ea327760cdc6583ab92f7e8832.png
s0.2mdn.net/sadbundle/15205685216655332109/media/ Frame 4D72 8 KB
8 KB 91ms
91ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15205685216655332109/media/1c6b34ea327760cdc6583ab92f7e8832.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

59e50d4289f223d9c475d992d8069c2b799704feefdd7e8eabebd2a49bb31df1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:41:41 GMT
date: Thu, 04 Jan 2024 14:41:41 GMT
x-content-type-options: nosniff
age: 119993
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8224
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 8c68f26fc9961acfb78efaa74f684c27.png
s0.2mdn.net/sadbundle/15205685216655332109/media/ Frame 4D72 2 KB
2 KB 92ms
92ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15205685216655332109/media/8c68f26fc9961acfb78efaa74f684c27.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5deec59d8ecaebf084aeb4dfdd665b3b5ae8aefa8a7cc7f76707524772912bcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:41:41 GMT
date: Thu, 04 Jan 2024 14:41:41 GMT
x-content-type-options: nosniff
age: 119993
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2104
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 6d7052ff6df13eae564657f4b45cc79a.svg
s0.2mdn.net/sadbundle/15205685216655332109/media/ Frame 4D72 5 KB
3 KB 89ms
89ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15205685216655332109/media/6d7052ff6df13eae564657f4b45cc79a.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf195ab94cbfaf21aaae06763f8600b9801e4a8423311963e8e913cddc06150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:41:41 GMT
date: Thu, 04 Jan 2024 14:41:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119993
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2640
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 ibm_plex_sans_700_normal.ttf
s0.2mdn.net/sadbundle/7135979241717318397/fonts/ Frame 842B 172 KB
75 KB 38ms
38ms Font
font/ttf 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/fonts/ibm_plex_sans_700_normal.ttf

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

856c41d7d47bba74b107e526ef8f49968fb2a3a129cdc3c5ef5899ba3c2dc181

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
Origin: https://s0.2mdn.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:28 GMT
date: Thu, 04 Jan 2024 14:54:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119226
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76650
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 ibm_plex_sans_500_normal.ttf
s0.2mdn.net/sadbundle/7135979241717318397/fonts/ Frame 842B 173 KB
80 KB 42ms
42ms Font
font/ttf 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/fonts/ibm_plex_sans_500_normal.ttf

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11ddde88c29ef7e51f5c03da7fde285085469879139d006f631a62dba9bbd069

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
Origin: https://s0.2mdn.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:28 GMT
date: Thu, 04 Jan 2024 14:54:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119226
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 81411
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 ibm_plex_sans_700_normal.ttf
s0.2mdn.net/sadbundle/15205685216655332109/fonts/ Frame 4D72 172 KB
75 KB 33ms
33ms Font
font/ttf 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15205685216655332109/fonts/ibm_plex_sans_700_normal.ttf

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

856c41d7d47bba74b107e526ef8f49968fb2a3a129cdc3c5ef5899ba3c2dc181

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250
Origin: https://s0.2mdn.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:41:41 GMT
date: Thu, 04 Jan 2024 14:41:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119993
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76650
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 ibm_plex_sans_500_normal.ttf
s0.2mdn.net/sadbundle/15205685216655332109/fonts/ Frame 4D72 173 KB
80 KB 35ms
35ms Font
font/ttf 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15205685216655332109/fonts/ibm_plex_sans_500_normal.ttf

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11ddde88c29ef7e51f5c03da7fde285085469879139d006f631a62dba9bbd069

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250
Origin: https://s0.2mdn.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:41:41 GMT
date: Thu, 04 Jan 2024 14:41:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119993
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 81411
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

POST
H2 204 matomo.php
tool.hubu.link/ Frame DE93 0
180 B 3408ms
3406ms Ping
text/plain 178.254.36.108
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL

https://tool.hubu.link/matomo.php?action_name=AdNade.net%20-%20PTP%20link&idsite=VlA4an6aWb5e&rec=1&r=396150&h=1&m=1&s=34&url=https%3A%2F%2Fadnade.net%2Fptp%2F%3Fuser%3Dpas30&urlref=https%3A%2F%2Fwww.1clic1don.fr%2F&_id=7e9dc3001d11dc70&_idn=1&send_image=0&_refts=1704499294&_ref=https%3A%2F%2Fwww.1clic1don.fr%2F&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=qaKCGV&pf_net=79&pf_srv=33&pf_tfr=1&pf_dm1=134&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D

Requested by

Host: tool.hubu.link
URL: https://tool.hubu.link/matomo.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.254.36.108 , Germany, ASN42730 (EVANZOAS, DE),

Reverse DNS

h107.hubuhost.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

access-control-allow-origin: https://adnade.net
date: Sat, 06 Jan 2024 00:01:37 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-credentials: true
server: nginx
x-xss-protection: 1; mode=block

GET
H2 200 widget.css
static.arc.io/widget/css/ Frame 8EDA 85 KB
9 KB 28ms
27ms Stylesheet
text/css 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/css/widget.css?76bc4f3
Requested by: Host: static.arc.io
URL: https://static.arc.io/widget/js/widget-ui.js?6e086999
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: ebb41edaf0a527aac2d8d639b600c6a443c126333c1318feee0c26220db0fb2d

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
content-encoding: br
cdn-edgestorageid: 1082
x-amz-request-id: 52Z033ZFWRVC93PR
x-amz-server-side-encryption: AES256
cdn-cachedat: 01/03/2024 19:10:41
cdn-pullzone: 786569
x-amz-id-2: +xYsFsXxcv5akj1qTUKGVTScMCFieylWDhCTi2J1KMuZHZ1lFY2pfSfLahJI8QdM4gog00FYNP0=
last-modified: Wed, 03 Jan 2024 18:03:34 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"a87318705e4af5015dc0246497f2673f"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=2592000, stale-while-revalidate=864000
access-control-max-age: 86400
cdn-requestid: 7670a022242f25cd40aed116e28a86de
cdn-requestcountrycode: FR
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 normalize.min.css
cdnjs.cloudflare.com/ajax/libs/normalize/8.0.0/ Frame 8EDA 2 KB
1 KB 72ms
28ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/normalize/8.0.0/normalize.min.css

Requested by

Host: static.arc.io
URL: https://static.arc.io/widget/js/widget-ui.js?6e086999

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a12ac29d1617bc71b7d520627ea3f63ccd6e8deed2254c97d274f03b6449579e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3083602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 631
last-modified: Mon, 04 May 2020 16:13:31 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f2b-732"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FnqsCxt7hrrGfEnftujMdxHuEMOTZa7PPS1FUjuGpaoZ65%2B4y7QlXyl%2Bv153KKTkdGGMFPIleRRfiqBtiQ8ubrtiPgzrcWQKe554fJDRjakY9pBS8%2BsT4azDcWwsYp%2BLnohhp%2F1U6ML9mCNlNQjl1AfR"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 840fafedeb7d0226-CDG
expires: Thu, 26 Dec 2024 00:01:34 GMT

GET
H2 200 widget.css
static.arc.io/widget/css/ Frame DEF5 85 KB
9 KB 26ms
26ms Stylesheet
text/css 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/css/widget.css?76bc4f3
Requested by: Host: static.arc.io
URL: https://static.arc.io/widget/js/widget-ui.js?6e086999
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: ebb41edaf0a527aac2d8d639b600c6a443c126333c1318feee0c26220db0fb2d

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
content-encoding: br
cdn-edgestorageid: 1082
x-amz-request-id: 52Z033ZFWRVC93PR
x-amz-server-side-encryption: AES256
cdn-cachedat: 01/03/2024 19:10:41
cdn-pullzone: 786569
x-amz-id-2: +xYsFsXxcv5akj1qTUKGVTScMCFieylWDhCTi2J1KMuZHZ1lFY2pfSfLahJI8QdM4gog00FYNP0=
last-modified: Wed, 03 Jan 2024 18:03:34 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"a87318705e4af5015dc0246497f2673f"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=2592000, stale-while-revalidate=864000
access-control-max-age: 86400
cdn-requestid: 97ecd2480ca4212620cb72dc1f75c305
cdn-requestcountrycode: FR
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 normalize.min.css
cdnjs.cloudflare.com/ajax/libs/normalize/8.0.0/ Frame DEF5 2 KB
930 B 70ms
30ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/normalize/8.0.0/normalize.min.css

Requested by

Host: static.arc.io
URL: https://static.arc.io/widget/js/widget-ui.js?6e086999

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a12ac29d1617bc71b7d520627ea3f63ccd6e8deed2254c97d274f03b6449579e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3083602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 631
last-modified: Mon, 04 May 2020 16:13:31 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f2b-732"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=grnfDaAQaoDNYMnM2cGK8ECIPtoaWawka4lPRIl9%2FGQ8EgWAggXCpkVyc8BjNHZUDb52ZSeUO%2FXy5oxQlKIy7rnEjmKSqZdbHTgAUbFYDoKCdVhbp6ZYbKW4O%2BqzU7xS%2FV3uRpc%2FWlU2PJQ3kZphO2%2Fl"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 840fafedeb7e0226-CDG
expires: Thu, 26 Dec 2024 00:01:34 GMT

GET
DATA 200
OK truncated
/ Frame 8EDA 411 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f87a4b2a4acbaa053da2e6df56367f4396be15a72f719cedd071e7812725a443

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame DEF5 411 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f87a4b2a4acbaa053da2e6df56367f4396be15a72f719cedd071e7812725a443

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame DEF5 277 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fb2b1971e54b31144a8794057598aba69ebe1d416c8c75d3a142942917f5e58b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DEF5 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 19311967464cd6447bb7fba382aa67939dcca903a56f1ac925ac2a80ff33642e

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame DEF5 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b08cb6068e70fb67de0576ef27d427a403e1f0055777b7fc5d736963e6c1ea6

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame DEF5 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 35e8d96d42f0ffa258060a98b45f013829bc57b3ae7be71c9f54c037b6e0e707

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame DEF5 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fb1d7b6144bde90327cd64b86e7742a9b11a3b2b3658d71dd80115195ff2debb

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame DEF5 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8fe9d28d12e8c33e9f1d5ab109c2570547ee6648ca11fdd79b7523c6d2e2f6a2

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 0F64 0
0 67ms
66ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjstSI_fbswlajSRqUnyz2cf4ir2E5sfsf66pS8QEPFfp1vc9v3-oRpHFlrJej1d08-oPVnkXpT4iEB3Dz7nfVLZfzk4EUm23iZuGTkTDaXZr1ctGiHKh1PTHs7waJ3YG6CH6Yb7IlokJIE9oIlwanlpJq97-y8Kqh7WIgzIkvuwNnM1bz7Ip2-wJBxiiQjm-AdsppKGKeOYEFPL1HIB1KAg4bcrLjFIo8dd4_YfuKd75aJXTLGj1OAegN1FRbJpYrAxDPBed5KQSG17sZk4oPxEHFmQ6_ZBJW__6GEmkjzFCanqIt1a8HsXCTwGyTzPCD_SLBmwtRxMHf7cNfkbe7lBlaZN9dVEPRdrQ3EXBk5PX3JsZZZosQ2QkGrFEHCJo6A_ToZM6ofkPgLJRxKdvk7TmAQI9ABVuKPNYs5Qc9jqFmUAQlo24GZJ6ylWcvkcmXACFY7-GEip_F1QhSgRj2LKs_0VORUciDBL-Sml0PTwMzGCsPJOwzm8ARsgRXv7ScFZ4qNlxqME0dMe3zII-DyKyIni6jRXewLqWO-SE5vuz5oQ2IdMMWvu1pcCeKHqMTC2dcaSCsS2k75jq8fRnKzaSkYSLBvMLCIhssu9DIKIg1fFnMUMb4s1diQWF-3KKziSn0OKbFzq7SJeGiLkTDjYcMRiHuTpyjn01Rq_uF0w4vI2_wydrg_xSBj4fNPh7POIXTjCFOSip-ZtCLIm5yzp_Z2ZWf_HRwZnGY3YC9czO1bKLAVafgMw1_6ZgWpE141HxL4Tga7glaqxwKLwvmQucHcJ2s_VkEKv-jnpGw_l1d-geJNma0pEFXd85WXukOIWgbOIX2IedBHoG-5WR1TTCrKf159D1oR4jctfs5VwzfDtCXYOCdpj86wgqSU2YLdom189oYqY_ON6wblazdzeK0RJUCwBvphsoVIUZtAyRxIgnw3abQVfFQMuI4zbxTvkgBbrpbYpuvkqT0L7BEBO9GJKKioa8XixZuOEBSK4U_hrePekLkzTb9_1zCSssVY-qtH2ALPfgwxQtfgdVjkGlIsPemrdVjJnFZNzET6YdBzle-ycJgp05Ov20L8CjO-Zx5RZm-HDs1VrsDxRlEJJ8I8Wab5i6lvxxEQCL-WO70Ab7-oczgBQ8mYz6P1zGYHwpxeSc_nM0m-8Bf0oVqVVATaDgm3gRBVHq3UOtmKQvQN4oSvi4GkuMrnVd7nE5udxrpu-QqBBWb4xoZE1aFgDsW8X7XnUjY-sC_MgolWQshDH8Qu6aiv32J-I1wXDJSA&sai=AMfl-YRMQngphE3IzKoFocTUaJGaUmVxKRL_YWSW2mxQbdLe1XvwfS71ctDTV-GuKJreRi11sXfC0o03C6ylMF8nO_hbMwZKAr0BSGRBNOdu7BU4fXzFjla5e7j7kEjAN_xR5BooQvCL2guNJ3yygsKzIVBR4sY6uqV65UGts3X93b6m_zaxdYNZJDrwO0UnG4WKO3bPFzBWXo4KcXH6M9n8dK-wChM5C5rMVcGNEZNQGn0rMHfBSZF9YlFOqhYbJDB3IaJpUfl82SrHZt6UI6KI6c9V7SQtitkFwVlfMC0H_FMTzQYPHdnQaBi8-CqMcCevjn8xNI6iJaqTUWqY93ldnsy_6WWMcpf1yBEbSJ-oUBJ3sUYRqWy2Bg331cNa-IER1G7-LcWB3sBMFJGCD5pVrrW0KWmCVWZ9eh7ZT6y8t4VCzb-4M9tLHRER_bX51fxzSRY3s1I2tC8T3B2QYvQNDc7LzSXWbTw1pzsgitwzZnuQEhZC2rw17g2CzH1ivWIi7g1zXYP9k-4&sig=Cg0ArKJSzKUF3ULjaqocEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9iaXRkZWZlbmRlci5jb20saHR0cHM6Ly9iaXRkZWZlbmRlci5mcg&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=468&vt=11&dtpt=340&dett=3&cstd=126&cisv=r20240103.37737&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0F64 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 91e2d593494a0d39a583c3a23e2564d1a52e5162c2efe4445d0eaecfbcb6ca29

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 9c69f07deadda884c61396a404004929.svg
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 1CCA 1 KB
643 B 26ms
26ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/9c69f07deadda884c61396a404004929.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/8f0cec8041c165cafb6d32d04ed8f04b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa3efcb1022504df85ff9f59acd76923266eb8a078b3e746457223967d82ba2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:27 GMT
date: Thu, 04 Jan 2024 14:54:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119227
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 613
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 6d7052ff6df13eae564657f4b45cc79a.svg
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 1CCA 5 KB
3 KB 27ms
27ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/6d7052ff6df13eae564657f4b45cc79a.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/8f0cec8041c165cafb6d32d04ed8f04b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf195ab94cbfaf21aaae06763f8600b9801e4a8423311963e8e913cddc06150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Sat, 04 Jan 2025 02:23:04 GMT
date: Fri, 05 Jan 2024 02:23:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77910
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2640
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame A862 0
0 67ms
66ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsvDLHBMzG2OYxYezYp1Ca23ryB7oLGyyfAgyXBSTiqSBcvHri_NIDXpzinutDpku7zHnttq7ZDNm9Jwz3kGgY9HSWKEXq0_vgCESx6EHOSlYJZJshrdbNN71E5BVQLdWK6nNKM2O8AHv389y8mDxepEl2ly8JSmcrIC_5l3oWUUYDhAuM6nQFgcVhVic_zqD9bioawp3BZCKVqnWOz5NaYkFGqu4MGiGagodDGB5eYlwitrR2Hc0Be4qOjAR9NukuUUQ5EgTeHCi_IfHcls0jQXkTPT6EbUdRcRm9Mx02JdQH3d_gGHAui-7OyqgJ645yrlUeg-wVyPe40Pw96bMxYL_v3BdEV2lXIMRhcdh9-6Q-6H6JfiIxkDHSAtAffeBnf8pC-DW36LT7FqPF6rHdJfQRPUV18mAXRcHDsfOYBKDZ9OyjWZEKYMeIPDE3yjUPTEkSXZOXl2xGn_GodcFQCwqOANHXmnPUDu7dwco6J_ZkwJ8bWdkSpbjW3gLi7smT098hwOaXr2SMJ7NlxeTdCLvPo-Mvpdb-PB3VtUlrZF99CvZDL_kuOOMLDAdVOPzLvU6DiNbRYlfKwru0dY9Sf_gekrIMDBYIsQ8XGLHyjmvL3SmO0L-UFV2KKVuubzKP28YkgEle9vCjdbX1LTsoPIAl4eKJmrkWC8v03bqucBmG-yHL2CYr12DmQLo_CqNABSDIDRP1-8YWhOJdHJXcP8P4Dp2iObFTX0EH-vpW9GLGGX-l9TGzG7wYbGr8SHFQoCFD0MxFaI4eg7aYiQFaKQ13bmT3N-SGLU-sB94u5U0QHArhABPuXmWa2Q0efK-kQPXNCx14NoUwfxzbUBmhb_T87mwjNdkvqt9iJpVVkLqviyOsumSPlqi-pbAYK0S4fjqZXJKyV1jioJ7POpqqj-qFL_NlNrE4ziDtmks3B5ZEH7BmNmco81EG9YgDXP1UrBQ7RdOeiOxRyViwpkVhQykFmEyvjt9cx1o2h6psk8l7z-ssPzYN7WzqIh8nB9_-km45Y5HrblEyIMO0UUgILO5ikCl_DG47to1uME5k5FJQZ-GiFlhLbYQjSX-GjykuEOHHsPr9jMUZrfI_irSgq3CEfz5UEr6gEe-zWpS6auheg8v9FFEg9Co2iyUDCf1jT0riK3M2cMwLjwl0oacuk6gcs75WRBeuacD9Zj7CfTsQ04TK8gvE3FtmPsWx1HjP7WZ157_hUAri4yZZ9pgfVCxAwJsTrWCqaHXD8NpOwNgRcfoW-jhSsT59dG_FIQcg&sai=AMfl-YRpGUlin-M-kI9_1FqTH1X5EgxEvSGTz4oeLKBgjv-oRyWXJWRvslT6SySN-fT8EBktlBp_5QjNoLom9rvy4DVO-UzbU1uQ0qeqQzcXFgHpmCVTg3sibuyQFZNEOE4Ww73dJ423KDeLFdfuTd6XL5-tO-tZ_p1E270YbyuNaXYVwkqPndr-S6HHzVKD80yL1Ysj_gcdSRrunXB92nwqltWGTpp1SVgvMsy2UgXyA8s9vJ608TwZxNEqGAVFZQCzaa_w68CalYY6m3BqbDwEjb3QcXeOclXkzzA7MOzO9NKVN5sMtT7IBkEy5QuZ2TpK5p75qrJWl5Of3AVBXVi97bkNlAcXORwXTwwru4KtLtB7XtJx3ngl4RLnVRzaQ8sTiful1Vjf3_QdNjsD0hMHATDMR6QLDF0RUCBgr1bLF65RZj6uk2b4vhzX3eAkhQ7MKPzH7mCSKmLs4KPfoo3MIRKn_ccuW4Zyk6VwVatpR1pAEi2IgMn2hRSEHgzRHcyNtgLDDb0Z3UA&sig=Cg0ArKJSzOMhqnFsDQ4LEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9iaXRkZWZlbmRlci5jb20saHR0cHM6Ly9iaXRkZWZlbmRlci5mcg&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=464&vt=11&dtpt=347&dett=3&cstd=116&cisv=r20240103.81692&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame A862 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0fcda5c7cd85ad0bf177097f88fb60b68b419145245ca55dad308f406d958336

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame 84DB 0
0 65ms
64ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsujQkrmoCcHMv88mTyHEypAYDIba_JRVUbdb9zkWXuSAiq4bIjEm618kzL0h8iQKH27IUBCXV-o0kRryq2BFpZzN2bM15oNFmTDDOaRjtBY8hef-QvqxmgDLei5HzYF1Z82CdzdWaHixwNC-f53BgQQeCJzWTjK9Eb4fBX-ZRM-Beq9LVmuEH976PQtxX55csB8lZyoQ9_BavzMqNqSsvOueud-yh0La5xiFM7QEkqtYbZ7rLXf4sK9_1TGggiR1eB4aqTeXFbQJOeYbAuBy-kQ4hOzSqxhXhcS5FAR01g78eQsqnOv0lTUQHiTj7xZEuHD1boR2GUNqDFPYcaT1s8KaGBwNkw6aC63AZjt6opvpLm_LDuph2mzytg8rH3DlOc3KKRNEdyrfgz2qlbze9Y0i3Bbi1qs_X29FT-83x45DEp_vwBPNAt6CWYRh3eHr3AWeQk89ob3zAaqQBVSqIii4NKVbo3LmnRU5bJ3sPRxFEtw8L1irinahllGljRAz9xwYqjptCliErqUABEFttlr3bOh_BzbdkgUHACd-9db9jQlp3YrhI52LSh5qS21ghxTDqeAOxiU6V1vTzJA4w-f2InHpo6gCpAkjm0ahMQFVkr0RAzJ3fwkA3WkG88G_bCLwykCd4ocWfRtzWst11yhkARmtBWDD8ajd_Ii85F6G68IMEePOODPdh3s0IcrtOqB8oVSBwq3_EBe1diZfCzE2APfROARLYVkzNjMJeHLYJk6qvK6xAGJ0rYYUU_wLlAXsRNaI4EfQISogDwiYTWQRrSQiav3yzxD_D0XSdPUF_YvfP5t2rzXE0XDvDvR5-KJcqVNqToup49u1LxhLalbWL145_djQpf_e5DWZcAFRKGMpQXQ21DTSLlUjBVrbIA3bJb1z3vI3SfpYMY1BFMfK5q8qfXurpLYfbHxfOaso9XEOVTk7Jn70vW4sJoiEnVaqbPYDwn5F4VG8OjKAMyl7TkfTnX7k_jW4KNlOP4pnaWykJSVF0qZ24cH9vzW0Bpd-pmlpdi8nR3gapxXnHIxN2H4g7Ykw-W4tlukJpSYZvIqYcg3oWestOI-WCudcmC6eXG2em3lWhMx1NzK6A4H442VRy-h7-_sAdJmNJUe66ZLdT4VGdSvz78VtaO_CbjGVK-fofboSjj0Jlztc5cOhcZOXbBDlc-O5netORTAns6drFUf0yZb-6EmDAWQV52zZN2jKONqiMMil93itA_ieyZkXrSMoBEpjMPkU6HsxvWC83jInMQU45ahVOBVPoY&sai=AMfl-YTJAJYCU3GH62F5_HpvB2JamH6t2brvOw9QHOCvfEEczoKJ4yobGg7IYqGaNGQ_FWLiGPrxCygBaur5dT33fSBYhhebowlWggebra-eqrGUN2-xT3t1mCRHZ5IMosXCq738J6Wc5PhF3GeLH8xtlmzegntq7M7K1zVs_TO2F3K-Awk1jcrVB2WdtgH-JDIMYEBc16gDkVTPKEPOoKlG0dmLvGRKxnm5ofyayViY6n6NSjhrudpNcXNLdxIvbQk4sRxkHe5tw_IlK7R2rZAWKp_hwKvdLoaan6qmASWRqqE8jCPTopERKluR-OzgaKeass0NaDC6N66cua61xQd6fNrt-GDaYRRa3eE6f-w6a_zgMZ9XUfRstbTkiB3BpyJMpE_OrsHFGc7YHtFHH_Tcbuf5dnalRMweXJkMPQ1Fw2wO6-tUoZLoNrnC68xyeh4MTzQIdOnKHCzv8rngJFS6QWGlcjGRMUNxv43711u7sM2JE1aDGbABNCWW3VWqQ3kg9nY1Ng6EkZE&sig=Cg0ArKJSzP9A-X1KdxhREAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9iaXRkZWZlbmRlci5jb20saHR0cHM6Ly9iaXRkZWZlbmRlci5mcg&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=466&vt=11&dtpt=363&dett=3&cstd=102&cisv=r20240103.79759&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: turfpmu.fr.gd
URL: https://turfpmu.fr.gd/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 78ms
78ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240103&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81b3e7770b707145af6a1a5b7a7648db3e08a24ad88a37e39ad41d8cbeeda3a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12193
x-xss-protection: 0

GET
H3 200 bf3254c3b5fa5352e62964381dccaa8b.png
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 1CCA 15 KB
15 KB 26ms
26ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/bf3254c3b5fa5352e62964381dccaa8b.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01d8d3a192ae9fc60e6f857b9341d7aeec4d05fc2e2dc3317f65413f8cfb4992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:27 GMT
date: Thu, 04 Jan 2024 14:54:27 GMT
x-content-type-options: nosniff
age: 119227
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14918
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 9401bca7c390a53a04ea672b0266554d.png
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 1CCA 2 KB
2 KB 27ms
27ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/9401bca7c390a53a04ea672b0266554d.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36d54e4a3480145a1431b15dbe05120a18da23bd5221b4f86324775f6a7dcdc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:27 GMT
date: Thu, 04 Jan 2024 14:54:27 GMT
x-content-type-options: nosniff
age: 119227
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2205
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 9c69f07deadda884c61396a404004929.svg
s0.2mdn.net/sadbundle/15205685216655332109/media/ Frame 4D72 1 KB
643 B 26ms
26ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15205685216655332109/media/9c69f07deadda884c61396a404004929.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15205685216655332109/8f0cec8041c165cafb6d32d04ed8f04b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa3efcb1022504df85ff9f59acd76923266eb8a078b3e746457223967d82ba2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:41:41 GMT
date: Thu, 04 Jan 2024 14:41:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119993
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 613
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 6d7052ff6df13eae564657f4b45cc79a.svg
s0.2mdn.net/sadbundle/15205685216655332109/media/ Frame 4D72 5 KB
3 KB 27ms
27ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15205685216655332109/media/6d7052ff6df13eae564657f4b45cc79a.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15205685216655332109/8f0cec8041c165cafb6d32d04ed8f04b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf195ab94cbfaf21aaae06763f8600b9801e4a8423311963e8e913cddc06150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:41:41 GMT
date: Thu, 04 Jan 2024 14:41:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119993
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2640
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 9c69f07deadda884c61396a404004929.svg
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 842B 1 KB
643 B 26ms
26ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/9c69f07deadda884c61396a404004929.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/8f0cec8041c165cafb6d32d04ed8f04b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa3efcb1022504df85ff9f59acd76923266eb8a078b3e746457223967d82ba2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:27 GMT
date: Thu, 04 Jan 2024 14:54:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119227
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 613
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 6d7052ff6df13eae564657f4b45cc79a.svg
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 842B 5 KB
3 KB 27ms
27ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/6d7052ff6df13eae564657f4b45cc79a.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/8f0cec8041c165cafb6d32d04ed8f04b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf195ab94cbfaf21aaae06763f8600b9801e4a8423311963e8e913cddc06150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Sat, 04 Jan 2025 02:23:04 GMT
date: Fri, 05 Jan 2024 02:23:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77910
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2640
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 bf3254c3b5fa5352e62964381dccaa8b.png
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 842B 15 KB
15 KB 26ms
26ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/bf3254c3b5fa5352e62964381dccaa8b.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01d8d3a192ae9fc60e6f857b9341d7aeec4d05fc2e2dc3317f65413f8cfb4992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:27 GMT
date: Thu, 04 Jan 2024 14:54:27 GMT
x-content-type-options: nosniff
age: 119227
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14918
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 9401bca7c390a53a04ea672b0266554d.png
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 842B 2 KB
2 KB 27ms
27ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/9401bca7c390a53a04ea672b0266554d.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36d54e4a3480145a1431b15dbe05120a18da23bd5221b4f86324775f6a7dcdc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:27 GMT
date: Thu, 04 Jan 2024 14:54:27 GMT
x-content-type-options: nosniff
age: 119227
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2205
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 1c6b34ea327760cdc6583ab92f7e8832.png
s0.2mdn.net/sadbundle/15205685216655332109/media/ Frame 4D72 8 KB
8 KB 27ms
27ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15205685216655332109/media/1c6b34ea327760cdc6583ab92f7e8832.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

59e50d4289f223d9c475d992d8069c2b799704feefdd7e8eabebd2a49bb31df1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:41:41 GMT
date: Thu, 04 Jan 2024 14:41:41 GMT
x-content-type-options: nosniff
age: 119993
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8224
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 8c68f26fc9961acfb78efaa74f684c27.png
s0.2mdn.net/sadbundle/15205685216655332109/media/ Frame 4D72 2 KB
2 KB 28ms
28ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15205685216655332109/media/8c68f26fc9961acfb78efaa74f684c27.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5deec59d8ecaebf084aeb4dfdd665b3b5ae8aefa8a7cc7f76707524772912bcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:41:41 GMT
date: Thu, 04 Jan 2024 14:41:41 GMT
x-content-type-options: nosniff
age: 119993
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2104
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8216 0
20 B 63ms
63ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bkt4lXZiYZZHXDuqq5LcPiOG7uAgAAAAAOAHgBAI&bg=!fn2lfTLNAAY3kmNgF5I7ADQBe5WfOCETrG69JewdBfQIgyUbtSaL27VK4f6Pqsxid3wkBxhCJUCOQ0VTBWXrqHLhrQh9AgAAAMhSAAAAAmgBBwoAI68Ok1D7Hk6lXWqi8hNdmRudkhGNBrZpMIm33Aawp_uwcVu0mQMFTbp5xJBwR3bqKdtGEkZ7P6rcOXtVEIDzU4njc16fG7IccLIs_4J0gh0gblRkm3SPBcgUFuHPzUl30nM43UHlDLFgVvUcOxgxhPd0aQtjc8nqf0ag6M7Ce0NFZTH3Iktlp5jVNnBbV_B-aDBncH7E0xnJhmvhkaHdNUytT5DgJoJwVGEdmIYtXKZCSQ5uE0-FzCuhgYoyVQ-vOsf0me2D9hNZdgdUKYpJEVZ-YKw3ZUTiW5XsI7pLNk1xs3RKS0WfKelzFs0OwjKQqrQ0_3pPp3GSy95IezmRgR5JvNqZe3bLdAikxPUzebufiVuFvQGtaMe4KVCvjQ8mEW3h5v38S1BFbjazlNYXvTCOAhDejk194GnzowK5xkmqPHN4MQu9zIee0z8Lyr3KxcSp4DljoUuj3cPCF8PpD4fWtnE4O6WIgPS5TWgSA6fz1-LWYOh7XmzxnvrZVxRLPUUB4mrKVK--MLfH-0HnjOFN0pZvghg7toFEgpoYxxOhLwHlq2JlTc7TKzIHDcj0aYhuNotbOlw4pM-Vz-9rWoY6BBS4PvP6RsJi7xIIlKDlcZxZ-cn26U7ruTuDP-NVTrwmoYPd0McYibgsv8lyFediv_vtX9HXlYLWJ2SKReSbJ3JeGWoaNw-uipN8p26Y19Ku6hdqkkKfdA4ooP461MAzrsQFtdBraC8xaxWv5uTTolugyS7Fpox7A0NVt7jimOHWkDJt7n_ELKlz3PgOur-prI570HhumtosqQYROYpHYHeDdcd9mK_WHrNAHl-8CE53yAmgCBnpDKWs6wjd6BIbMpQoXE7_hkzw4EIflQ39AU6knkJtK7qijAdcHgu-fbDnPhz6dREzo4h8558wNeLN6RxWapJJ-FTZwAKcpyhL64_md8CII9BZ49SzL6hWHD-r2ViuCKWl3atmyLEdxtslxkGYdFMgQ3gD0OFq7xzccvL3201C65irVGN1GmCAfpETsq82_5LDC8H_rqdcrtWYZNldmnTnFBLb0bgbuJoeNVUoyEUlxOUYwFY

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A91A 0
20 B 63ms
63ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bp2C8XZiYZZDXDuqq5LcPiOG7uAgAAAAAOAHgBAI&bg=!BgWlBUrNAAY3kmNgF5I7ADQBe5WfOIlUSc-L6hy2yF_3aiVjcqNqlEuS77RqDTQxife0-NdvJjGHSu1Uqstt7kznTd4kAgAAAOtSAAAAAmgBB5kDBYlFY7VEZUzViFC1D6SyGA3zz6iiIB_PJHKoYiZaFhQ3xkiixwFT1FTvTHs-FbLYd-vWJIcbqxR4cv_Oqdfu7ejBrwxhImXeycGtGX5vAS9nZ1ffzaPR4AwkXOSaoSyQ_xC2jAJi314_aMCiqmZJ9Cl5B-v9bkTenU2SB0HRItYSL_FeW5Ifsg61W2v7PUzJQr8xCADQDMHaKODFD3mSd_bKCahaAjzKdOOg5HLsJyqQ07ec7G1PtFTBuCI4B6wuU0vtYXdkk5LUg_DioVRCqNCJJFw-oyAZ6R9zf3ajVlgPEedmBW849P9K_3NxqNc5lE-29txcvG_h8kyPJymPm2J1qoOcs0JOkkUJWcg06eDuNtupxKmjdie6B19ZeJxwY1mqaLjZDa9QYTcaXj9aPAqWDvZe1AMLer_QrDRfnGX3n2G1GItXjpGx8BUm0yOlsDA6dzbKjLrM9g9ncHHqAchu7wEGCF5TPbXDNqXGo7pB-on_stJqJG7c7QXoR_3JNOYutI-jB1TVxXb-U-Iy-gOgaRUxbv766jgpzcKEiVjidYok70pCEFXO9GNvV0iaPFB_KVXxSetF96V0yi6ULS_1Qem0hf4jTseqI5DJH3ASJsOFoaJlkpQDhLenn-nRS0c-uiZD2T1_Cbi1lIHl00Z_2AXkmyoR46osHvU-EnUUx4z8faX-YDpngX1pwkKB_lm_fyFsuvu3I0RL-wKx6OhNNtiU2XzSKQHSi3D5c1vkVxPKr4LpN4XlmoDH4cxSRNEwErVqtonwk4KFcAgeTqG60VQ9RI6AeIbXdma15LIypwp7s2BUVFO_G5DA1Vt_Lv5OFma1hHtkm0lZqsO1nYnShXbaLUcAr88CfQ09atScbGoBwiUDf01RLKJeuW0v3wDnIoDmcFdx8z5RRmYihw-USKdanS3tM8Sg-8y0jvxFrqhI0SVWK85sHlANymUdLhVwqRM0qYLx15eyY1a_-H9Os_pGkSLP2kpKn3H4WYyT3VxMG5zCssJFBL0hYilwYuC6BNpU

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ADBE 0
20 B 63ms
63ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BxG7nXZiYZZLXDuqq5LcPiOG7uAgAAAAAOAHgBAI&bg=!iIuli8TNAAY3kmNgF5I7ADQBe5WfONquW51E_Nxh2tigCN6koeiykA0Mahmn_bKLAzDW1wXoKRbZlNd5w2XIJR6d-5odAgAAANxSAAAAAWgBB5kDCag1dramQoQ-0qDu57QFhmCV0jKkU3lmeOIrWoSryAyK7BGPB6V-ArpbCyGWnmIytLu0zSZng3HwZZftiIG8ZslLEv06DRuAC6mHi63z3v0QumONQfVK25tcvzGyAv6wmV8PNSAsivCjIZ5mQ6LxNyW15YV2hz5Y0R_1S2NSlEYluaYuhaJipkfP4AQWE8Rb37a1Ilnn1e5lUWyauQq4BVCf1e2yvwKtOqYsQ45RzDU7CU01R32w2p8fMLi4tNFtnthhetLVfuyTCCuQCqsFnTY2rDpU_aFz9CoP1aRdy4L4hOLumxvX_LvCqHGp-umLHi5e-h_kUujUfOBSdltGrUy7SdfSv6o9-U5Je0d6Y3Yke8u_UPMic0cpGfrhADMpZfi0bxCgEuYZKRe7liWY4KbeTzP8xMFvo5WRJaFAon2a_OVOSCtLe70dcW60ImkSZSbfB9CKB63ELt6HXid7SFQyX00S_VcW68cjFZZVoXl6UO3SqMYnsbkqCn1HOz7i8cGN2UWQEdr_XVCvdn8uDZLfTyac1g827EXCGStK74XKR_FAVxXXaFXX42w9GOqbQolOP4Dh6_B2UECb1EL7130SSZFdWZ9WQZcQZcrhcMfEES86rpaZIikrkJRg3IxWxT6gQ494v7fXazS1FlS_0woy3rnkTa7Oh1LN3eCBC-6Svyt9SPANz0r_G1DQ6XGWiqmSmTVBcPv_9hTKGhrmH_vYuTMSHEJHwNgrk17tV1mFTuIXUGuthOC_1qS_GzQ9txjBLpfSWM6kPoAWnqP-xEUD_KPGiU_eS4x3Q8jexB5qLjPzdwh9VS5npUV9wfqAVrV2sFQgduxJvhNPvLgaG7ngf8qDPBIEW-wGQcQryIFhrtwc7014o9nFOI1VBLF0D2orH3Pc3GHajTrCJ9uuhqzSwGw0BzIDegP_TVRhBzFqEdCp6L3WNnh5YiGtziUvlqTJgPA19svDNRhPFIdV5qzFs473qwV0ZxYUhfxPgL6yHFnE2otYoP9VlZ5n0Rltu-Yk9AJDE9UClg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
tracker.arc.io/ Frame 04F3 0
0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 53ms
52ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 06 Jan 2024 00:01:34 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame AD21 13 KB
5 KB 27ms
26ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://turfpmu.fr.gd/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 4399
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 05 Jan 2024 22:48:15 GMT
expires: Sat, 04 Jan 2025 22:48:15 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame DCEF 829 B
1 KB 95ms
35ms Document
text/html 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

02a07fe7bfd469d1add5863b2de14c77aae44a5032f237b51c9ff2909fe9f1f5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ZFpcnsZXsTTDqpPjWdT_2w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://turfpmu.fr.gd/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-ZFpcnsZXsTTDqpPjWdT_2w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 00:01:34 GMT
expires: Sat, 06 Jan 2024 00:01:34 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 204 HTrUEVWiUiCLg6t3YpNQya
warden.arc.io/mailbox/nodes/ Frame 04F3 0
0 371ms
111ms Fetch 18.223.141.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://warden.arc.io/mailbox/nodes/HTrUEVWiUiCLg6t3YpNQya

Requested by

Host: static.arc.io
URL: https://static.arc.io/widget/js/core.js?76bc4f3

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.223.141.84 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-223-141-84.us-east-2.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.1clic1don.fr/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 06 Jan 2024 00:01:34 GMT
strict-transport-security: max-age=15724800; includeSubDomains
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"

GET
H2 200 lazy-iwc.9b430e25.js Show response
static.arc.io/broker/js/ Frame 0D90 14 KB
5 KB 26ms
26ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/broker/js/lazy-iwc.9b430e25.js
Requested by: Host: static.arc.io
URL: https://static.arc.io/broker/js/broker.9e6bf337.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 170fc28046efe0a2310c72af9f6d88c39458c227d4b9d7f77738f78cf1c3a11f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://core.arc.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
content-encoding: br
cdn-edgestorageid: 1080
x-amz-request-id: 9WD718SH73SSHMZ7
x-amz-server-side-encryption: AES256
cdn-cachedat: 07/07/2023 01:52:40
cdn-pullzone: 786569
x-amz-id-2: jwrzNVpxy+i1mS/N/l577v4ox+ukfrpjgmX4rF76e9TSPHNoYO0CdjMI3zyK1afVCHGm3nd2C84=
last-modified: Sun, 09 Apr 2023 20:16:26 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"1343454a1c763177d59f06c307b3a5a2"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000
access-control-max-age: 86400
cdn-requestid: dd41e57954cb1ebd0cd825e2f186df4f
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame AD21 39 KB
15 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 11:09:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46311
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 04 Jan 2025 11:09:43 GMT

GET
H2 200 vendors~widget-sc-client.js Show response
static.arc.io/widget/js/ Frame 04F3 60 KB
17 KB 26ms
26ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/js/vendors~widget-sc-client.js?35fccb86
Requested by: Host: static.arc.io
URL: https://static.arc.io/widget/js/core.js?76bc4f3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 31501078b411835882c834ed620bebe77a2b8ff3664514358cda957fba8c247d

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.1clic1don.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
content-encoding: br
cdn-edgestorageid: 1080
x-amz-request-id: 8NG3W3SWPPQJR9H9
x-amz-server-side-encryption: AES256
cdn-cachedat: 07/07/2023 01:54:57
cdn-pullzone: 786569
x-amz-id-2: XvrkWJ0zSEdhncRAgd+Bdp04VBlVFHWdsN9GnU4+Ysb64u/dZpbbn4xdgGYUoxd0C4ldI/lHnus=
last-modified: Thu, 06 Jul 2023 18:40:20 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"1bfa017c8b068bd2857ce731fa38ab1d"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000, stale-while-revalidate=864000
access-control-max-age: 86400
cdn-requestid: 34346d8e5b14d0c5a5f6575ebdf0b6c7
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 widget-sc-client.js Show response
static.arc.io/widget/js/ Frame 04F3 3 KB
2 KB 29ms
28ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/js/widget-sc-client.js?197dbd2e
Requested by: Host: static.arc.io
URL: https://static.arc.io/widget/js/core.js?76bc4f3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 3465ab3f72d4c3ddc2943112cabd7d5bf5faec502ce18319571234957329a1b0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.1clic1don.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: DQQ8VHWST41YFNM2
x-amz-server-side-encryption: AES256
cdn-cachedat: 10/31/2023 18:08:06
cdn-pullzone: 786569
x-amz-id-2: agMRD6azIkO/5EQQP0InQfUP5d8uxbWeTh5TtOXVwBr8kYTokTBXJK3C2v9B86j5g6lQ9LaF/hg=
last-modified: Mon, 30 Oct 2023 16:22:24 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"00fc1f9530439ec3d2415f9420e814d7"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000, stale-while-revalidate=864000
access-control-max-age: 86400
cdn-requestid: 4cecc5ee117b76c87ad9bc4a0821f743
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 strn.min.js Show response
unpkg.com/@filecoin-saturn/js-client@0.3.7/dist/ Frame 04F3 230 KB
53 KB 88ms
36ms Script
application/javascript 2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/@filecoin-saturn/js-client@0.3.7/dist/strn.min.js

Requested by

Host: static.arc.io
URL: https://static.arc.io/widget/js/widget-ui.js?6e086999

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a77bee92347b9bbd0786d53fe05e0d5c3d486c5db3f4682d9f4dfc21960542e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.1clic1don.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1554897
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HHZPAP8097643Y4V3GSBE326-cdg
server: cloudflare
etag: W/"3965a-Lu2VKHRN+UwzJYzS2puHZQw9qzs"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 840faff03ea1d672-CDG

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame DCEF 0
0 61ms
61ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240103&jk=680737627759872&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame AD21 0
10 B 26ms
26ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?_4b7Lg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 vendors~saturn-benchmark.js Show response
static.arc.io/widget/js/ Frame 04F3 72 KB
22 KB 26ms
26ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/js/vendors~saturn-benchmark.js?5c117bee
Requested by: Host: static.arc.io
URL: https://static.arc.io/widget/js/core.js?76bc4f3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 5ae252582e588d8bdc6cd5c65e064277a3edeba7b7d919ee59cf4123e7beae91

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.1clic1don.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
content-encoding: br
cdn-edgestorageid: 1080
x-amz-request-id: SAAFWGEBGDA34WYH
x-amz-server-side-encryption: AES256
cdn-cachedat: 01/03/2024 19:10:47
cdn-pullzone: 786569
x-amz-id-2: d1nogZR2Ck6v83oo3Nie4LBgLXhtlePRc1la1QAMyPPvxuuPN+HSfnknnI1CFkRfHjVzPKQCvVg=
last-modified: Wed, 03 Jan 2024 18:03:35 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"b389f1438da1cb3459f2b9fb13d81e3d"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000, stale-while-revalidate=864000
access-control-max-age: 86400
cdn-requestid: 863ada8a56817aa2685a6e85adca6873
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 saturn-benchmark.js Show response
static.arc.io/widget/js/ Frame 04F3 7 KB
4 KB 31ms
31ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/js/saturn-benchmark.js?92cb940d
Requested by: Host: static.arc.io
URL: https://static.arc.io/widget/js/core.js?76bc4f3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 81dc394a237cf0f94b1b7d9c292ce9c696010601f009147a7348c62e4c59eb3d

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.1clic1don.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
content-encoding: br
cdn-edgestorageid: 1082
x-amz-request-id: SAA144CMS2D1ZEJ3
x-amz-server-side-encryption: AES256
cdn-cachedat: 01/03/2024 19:10:47
cdn-pullzone: 786569
x-amz-id-2: LBYhmRv2lwl2YudkkvlTLGmvlD3Ecb6xrRktwoN/ldyelbwYXj3IemorK/XaWz5jKGJADGAUCKk=
last-modified: Wed, 03 Jan 2024 18:03:34 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"9b5857c615c1e2726552f5ec3bd311a7"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000, stale-while-revalidate=864000
access-control-max-age: 86400
cdn-requestid: 51c3d3403bd534af3a64323237320e01
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 chunk-2d0cf2b3.js Show response
static.arc.io/widget/js/ Frame 04F3 3 MB
691 KB 26ms
26ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/js/chunk-2d0cf2b3.js?d98d2542
Requested by: Host: static.arc.io
URL: https://static.arc.io/widget/js/core.js?76bc4f3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: d5f83459cd7022769a57a436f24ed1540369eec2ebbec331275d46d8cfbea98c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.1clic1don.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:34 GMT
content-encoding: br
cdn-edgestorageid: 1082
x-amz-request-id: NJV0WQFZK7HF5XZR
x-amz-server-side-encryption: AES256
cdn-cachedat: 10/31/2023 19:00:18
cdn-pullzone: 786569
x-amz-id-2: T+HAVcuCDp20xBJ9VYDHu9JLrkVQYMyJ1DueU5aoLPHQ+W+LOmc3obB9lgM5POMlfFPFklNJ94Q=
last-modified: Tue, 31 Oct 2023 18:10:04 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"3e9a577ca6bcba5cdf18d0dafd192870"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000, stale-while-revalidate=864000
access-control-max-age: 86400
cdn-requestid: 708a82ca02119d841dafaef63e90b130
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 top-cids Show response
cids.arc.io/ Frame 04F3 6 KB
4 KB 254ms
26ms Fetch
application/json 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cids.arc.io/top-cids
Requested by: Host: static.arc.io
URL: https://static.arc.io/widget/js/core.js?76bc4f3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: f17162509aa299eda5fa26437cd4174d29262726a14272d573febdd02713484f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.1clic1don.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:35 GMT
content-encoding: br
cdn-edgestorageid: 1082
cdn-cachedat: 01/05/2024 23:23:29
cdn-pullzone: 1392871
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"1956-PCnBjaPUH+7dCoHgTyYqZDvwRBM"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
cache-control: public, max-age=3600
cdn-requestid: 05a363c4f8b261e077df7b068e6a326e
cdn-requestcountrycode: FR
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 79ms
78ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240103&jk=680737627759872&bg=!YmGlYS7NAAY3kmNgF5I7ADQBe5WfOFQHllImjpKsxt27SgQI-m02xytfs36bAKDiaWR_d34VcAEb-GII-yCr2ckghaZYAgAAADhSAAAAAmgBB5kC0UQLDaaxrVxzKTkqe65-2HBsVCClkE17u7FhgznNa9Kz7NymVdUMV40HdU__HWGc_i_-gA5SROrlU-8pFu7P6XoQJUaO-COW5fJ6I4Dve81hcMsnfi5A1kLJb7ayum2_XjfbbtTnEodhhhejX3nNDunj6SAydDjlw6duRe-ntfi8LPDltO2mrUAlqlq97Dxh3zhgkr2aVPsnhVIlmg4FIRQUw7yQX7QzzVBw4iAQdNBDH-HJ_tD6d_Xq1JmjHEg2nJkjytD2WeeIFAqtWpUsv9EjXKoo6U5S4AXOLE87hmC73EAmVdKOpnggw04tCrPFeslHmHFwI_eSDUUVj3ReUZ5wya1qxLYCdfGvMAdFL1cPWojy79A1DUa6TEcatpWtYKtZ0FKCUdvM7VuJgdU-3njo8vMW3GqwiSW8XGP9eSlUbrwDvyCpny2anW1wuhvTv9asy_U7jybHbTjOpQ-uEqO0YcKCRQEQKLrwT99PDdeWPNklNz_1xib01e5PVfPs84SJ5XZhZMnt7ZXX95wATJHYdaxhT5Qyxc6AnbrkgIWQvnZHYKg5k8-h7qslmNg2cPUW4_IiuqtaIkhjr3whfOsiCsLLGBv0z6DkiYqqTAUJtwmriIKiYeWVHkSSJXu9GsK3zr-T7A3Nn_UXvG43IdpeHuubcSVFRfAKeEJKUsOy_rdg3UfuHq02uSuDs5T5U-e-35k5PY1RAe43cCy7BiwcqwUoAPAbp7o9tfEz85JSDcLmCqt15VdMVSfcbzt-zVEaLdaDjWl-Ub2d8RU1Sjn-7N1-2t28VZw_nRvMKlTdkoxi_2ZdxX1LN-LOlA4JVkzqT2JZtcEARJUQtAaLHtoGq2cvl5O0f83uelg_atKyHn2Tr41qukDyl7eMB01kNhleuF5EUtVttluefrBWSSZCT66XYVCyfkVRLufm5mCb-GnmN6M_HobmInvY9-9Nul0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://turfpmu.fr.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 84DB 42 B
64 B 66ms
66ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst47OWgszj8_pxe9ssF1kcDZlM8SPPPeukjHb2-Y1dB16phF0IA7QreRldmLUTh-F8wdpLOuWocrVVaY2-b5jqE9hQK04mPj799lA8UwnRz5v4Sx86_XnVux3c1rQJpKZBl_Q3GrQdyk5CuLfpeNyZ2b74_&sai=AMfl-YTfAMm_z4jrLgyGxuuO8eGGKw1UnQhidNihkTTOGHOich6Yl_hcffEnEr0b362bfPRhYUmLImlQm01vFdedq_XqdFIRZgo4RfCVQ-38s8dlRyGmwEWX6N7k1yJSG49JT-JkdeFJLUn5jRlUjxl9ew&sig=Cg0ArKJSzITMf9pVTbSmEAE&cid=CAQSTwAvHhf_QvfDmE4FSepmpyrS5zPy_ovX7VFEGCBWHc1OucAXk6fWoa3QNy7vTRYiDOFMszI1mUYC7tdWkXUWUuXp0Owz_x94W6W1Jr1CclEYAQ&id=lidar2&mcvt=1002&p=0,0,90,728&mtos=413,855,1002,1002,1002&tos=413,442,147,0,0&v=20240103&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1704499293931&rpt=313&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK / Show response
su4hesnyinnwvtk3h2rkauh5ja0qrisq.lambda-url.us-west-2.on.aws/ Frame 04F3 370 B
808 B 698ms
185ms Fetch
application/json 2600:1f14:50b:9a02:7ee3:88d3:161c:de93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://su4hesnyinnwvtk3h2rkauh5ja0qrisq.lambda-url.us-west-2.on.aws/?clientKey=c11dbbe1-a007-4e59-86d5-fc67dc8f317c
Requested by: Host: unpkg.com
URL: https://unpkg.com/@filecoin-saturn/js-client@0.3.7/dist/strn.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:50b:9a02:7ee3:88d3:161c:de93 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 636d87a4f01e021da2c7b7e4b8df5ca7052ca4ba4f1cab9bf2366ce0f2146200

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.1clic1don.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Sat, 06 Jan 2024 00:01:35 GMT
x-amzn-RequestId: 44caca3a-e9ca-4ed6-b52a-c22fb297fd74
X-Amzn-Trace-Id: root=1-6598985f-7e6bdcdd1793affb44c240a9;sampled=0;lineage=b81009d1:0
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://www.1clic1don.fr
cache-control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 370

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0F64 42 B
64 B 67ms
67ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuKDpvi-ilOlmwsy8NYiiJYp9nYrrehyylRzhM-6sQ6JeN7ADJTkNQJIfsbvJKjCDzstHyImYBVAqDOGVRDtd40Ro8xHF_E4Lo0Q-jRdNcRpN1V7rqsWm_BBymrogu4GuOj4TvGjCRZ09EzPpx1JVFkmeuO&sai=AMfl-YRB7NRjpwVDp7QLlrMBeqcYp6Yn4mdosp-OawydgWaYqtM-Fyx03tf7majJ0MkCoDtpKXMlQrcWiR6ltHmBQtbW2L0UaOuZUZSFeSGHrydb4ZsC7PNkHabtYJRgIMI8FHn4pxaYleSH1GhoN35sdg&sig=Cg0ArKJSzGzfTRpAbNGIEAE&cid=CAQSTwAvHhf_QvfDmE4FSepmpyrS5zPy_ovX7VFEGCBWHc1OucAXk6fWoa3QNy7vTRYiDOFMszI1mUYC7tdWkXUWUuXp0Owz_x94W6W1Jr1CclEYAQ&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240103&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1704499293871&rpt=324&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A862 42 B
64 B 66ms
66ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstmTPxgzj24Fy79w3rWe-tXgthDOLyGG_xv7ys2pklYebjRxT_EmA086RIG7O-lpD7zoaswXLzZT_tjuw10EAveNSPeAAoUSOfYMNg7MUPjr-CdRb_gdWABQ9WG08d3T9Nf1SgThwVIyc5wVlEHe4Qma_W0&sai=AMfl-YSnsGDdVeDEt0x4z4qJCtYMchIssfV6056BtEae_GrJL8quXHtvIxyySwyPyrdDqpx04a9NgfpcsjW3bRx1ixCO-lgKrjfnE07RmUmlkmGsY-Gq-Of2tEMIob2SsKKcXtOgLF3r-tWzofm9bT5Ovw&sig=Cg0ArKJSzOXyFEcMYXUxEAE&cid=CAQSTwAvHhf_QvfDmE4FSepmpyrS5zPy_ovX7VFEGCBWHc1OucAXk6fWoa3QNy7vTRYiDOFMszI1mUYC7tdWkXUWUuXp0Owz_x94W6W1Jr1CclEYAQ&id=lidar2&mcvt=1004&p=0,0,600,160&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20240103&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1704499293911&rpt=265&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 00:01:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Screenshot_20221117-123343_ImageSearchMan.jpg Show response
l1s.saturn.ms/ipfs/bafybeiho6pgpqhxl4csg72spqphgrv7yspo7bbl2rnvqxjlej53safx4w4/ Frame 04F3 500 KB
502 KB 84ms
24ms Fetch
application/vnd.ipld.car 109.71.253.87
SYNLINQ synlinq.de

General

Check archive.org

Show headers Download Go to

Full URL

https://l1s.saturn.ms/ipfs/bafybeiho6pgpqhxl4csg72spqphgrv7yspo7bbl2rnvqxjlej53safx4w4/Screenshot_20221117-123343_ImageSearchMan.jpg?format=car&dag-scope=entity&jwt=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI1NDE4YzI2Ny0xYjg3LTQ5MDUtODNkZC00M2YxYTA4MjRiZGMiLCJzdWIiOiJjMTFkYmJlMS1hMDA3LTRlNTktODZkNS1mYzY3ZGM4ZjMxN2MiLCJzdWJUeXBlIjoiY2xpZW50S2V5IiwiYWxsb3dfbGlzdCI6WyJhcmMuaW8iLCIqIl0sImlhdCI6MTcwNDQ5OTI5NSwiZXhwIjoxNzA0NTAyODk1fQ.uKTdQKkE02LmPOQI86qso4Vnlg4y-Xj_AlcKZYAhZhSa7-LLOTPEhZioPmYj8Zetdm3qaJFzOzJZfejKnMp9tg

Requested by

Host: unpkg.com
URL: https://unpkg.com/@filecoin-saturn/js-client@0.3.7/dist/strn.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

109.71.253.87 , Germany, ASN44486 (SYNLINQ synlinq.de, DE),

Reverse DNS

default.reselling.services

Software

nginx /

Resource Hash

1cb39101c389d4305ac411f71f3871aac67c756b4a2582df69f97b4ce34fdcf9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.1clic1don.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:36 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
saturn-cache-status: HIT
content-disposition: attachment; filename="bafybeiho6pgpqhxl4csg72spqphgrv7yspo7bbl2rnvqxjlej53safx4w4_Screenshot_20221117-123343_ImageSearchMan.jpg.car"
server-timing: started-finding-candidates;candidates-found=3507527;candidates-filtered=3534307;dur=0.051806,retrieval-Bitswap;dur=3.646264,retrieval-QmUA9D3H7HeCYsirB3KmPSvZh3dNXMZas6Lwgr4fv1HTTp;dur=3.872594;connected-to-provider=3587;first-byte-received=85695443,retrieval-12D3KooWHEzPJNmo4shWendFFrxDNttYf8DW4eLC7M2JzuXHC1hE;dur=3.974643;connected-to-provider=2335, shim; dur=92.855746, shim_lassie; dur=92.755861, shim_lassie_headers; dur=92.621471, shim_lassie_body; dur=0.23168, nginx;dur=0, nginx_uct;dur=, nginx_uht;dur=, nginx_urt;dur=
saturn-node-id: d17e87ae-e03d-4696-9704-3d7ed0485e96
server: nginx
saturn-node-version: 1095_62e6d14
etag: "bafybeiho6pgpqhxl4csg72spqphgrv7yspo7bbl2rnvqxjlej53safx4w4.car.3vh5f8t1g0np7"
x-lassie-version: lassie/v0.19.2-f7b051a
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/vnd.ipld.car;version=1;order=dfs;dups=y
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=29030400, immutable
x-ipfs-path: /ipfs/bafybeiho6pgpqhxl4csg72spqphgrv7yspo7bbl2rnvqxjlej53safx4w4/Screenshot_20221117-123343_ImageSearchMan.jpg
saturn-transfer-id: 616dd8832a203b2894656b7ba61cdc25
accept-ranges: none
timing-allow-origin: *
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Traceparent

GET
H2 200 17.json Show response
l1s.saturn.ms/ipfs/QmXqD3PMtri8rfmUhFERUL4zDJwhFfiRVGuNpCtgzNRvyR/ Frame 04F3 17 KB
19 KB 24ms
24ms Fetch
application/vnd.ipld.car 109.71.253.87
SYNLINQ synlinq.de

General

Check archive.org

Show headers Download Go to

Full URL

https://l1s.saturn.ms/ipfs/QmXqD3PMtri8rfmUhFERUL4zDJwhFfiRVGuNpCtgzNRvyR/17.json?format=car&dag-scope=entity&jwt=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI1NDE4YzI2Ny0xYjg3LTQ5MDUtODNkZC00M2YxYTA4MjRiZGMiLCJzdWIiOiJjMTFkYmJlMS1hMDA3LTRlNTktODZkNS1mYzY3ZGM4ZjMxN2MiLCJzdWJUeXBlIjoiY2xpZW50S2V5IiwiYWxsb3dfbGlzdCI6WyJhcmMuaW8iLCIqIl0sImlhdCI6MTcwNDQ5OTI5NSwiZXhwIjoxNzA0NTAyODk1fQ.uKTdQKkE02LmPOQI86qso4Vnlg4y-Xj_AlcKZYAhZhSa7-LLOTPEhZioPmYj8Zetdm3qaJFzOzJZfejKnMp9tg

Requested by

Host: unpkg.com
URL: https://unpkg.com/@filecoin-saturn/js-client@0.3.7/dist/strn.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

109.71.253.87 , Germany, ASN44486 (SYNLINQ synlinq.de, DE),

Reverse DNS

default.reselling.services

Software

nginx /

Resource Hash

3cf6840e5a834cc04350c950414f3d77a725ebdf0baa0e5ae28f2300fed0a912

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.1clic1don.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:37 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
saturn-cache-status: HIT
content-disposition: attachment; filename="QmXqD3PMtri8rfmUhFERUL4zDJwhFfiRVGuNpCtgzNRvyR_17.json.car"
server-timing: started-finding-candidates;dur=0.044579;candidates-found=10498173;candidates-filtered=10539265,retrieval-Bitswap;dur=10.616719,retrieval-QmUA9D3H7HeCYsirB3KmPSvZh3dNXMZas6Lwgr4fv1HTTp;first-byte-received=318271374;dur=10.653554;connected-to-provider=4883, shim; dur=330.613797, shim_lassie; dur=330.540392, shim_lassie_headers; dur=330.397923, shim_lassie_body; dur=0.259519, nginx;dur=0, nginx_uct;dur=, nginx_uht;dur=, nginx_urt;dur=
saturn-node-id: d17e87ae-e03d-4696-9704-3d7ed0485e96
server: nginx
saturn-node-version: 1095_62e6d14
etag: "QmXqD3PMtri8rfmUhFERUL4zDJwhFfiRVGuNpCtgzNRvyR.car.8a9bfs40e01nb"
x-lassie-version: lassie/v0.19.2-f7b051a
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/vnd.ipld.car;version=1;order=dfs;dups=y
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=29030400, immutable
x-ipfs-path: /ipfs/QmXqD3PMtri8rfmUhFERUL4zDJwhFfiRVGuNpCtgzNRvyR/17.json
saturn-transfer-id: a41b1722c47f47dcc58c44f9938a60d8
accept-ranges: none
timing-allow-origin: *
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Traceparent

GET
H3 200 9c69f07deadda884c61396a404004929.svg
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 1CCA 1 KB
643 B 26ms
26ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/9c69f07deadda884c61396a404004929.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/8f0cec8041c165cafb6d32d04ed8f04b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa3efcb1022504df85ff9f59acd76923266eb8a078b3e746457223967d82ba2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:27 GMT
date: Thu, 04 Jan 2024 14:54:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119230
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 613
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 6d7052ff6df13eae564657f4b45cc79a.svg
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 1CCA 5 KB
3 KB 27ms
27ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/6d7052ff6df13eae564657f4b45cc79a.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/8f0cec8041c165cafb6d32d04ed8f04b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf195ab94cbfaf21aaae06763f8600b9801e4a8423311963e8e913cddc06150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Sat, 04 Jan 2025 02:23:04 GMT
date: Fri, 05 Jan 2024 02:23:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77913
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2640
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 9c69f07deadda884c61396a404004929.svg
s0.2mdn.net/sadbundle/15205685216655332109/media/ Frame 4D72 1 KB
643 B 27ms
26ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15205685216655332109/media/9c69f07deadda884c61396a404004929.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15205685216655332109/8f0cec8041c165cafb6d32d04ed8f04b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa3efcb1022504df85ff9f59acd76923266eb8a078b3e746457223967d82ba2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:41:41 GMT
date: Thu, 04 Jan 2024 14:41:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119996
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 613
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 6d7052ff6df13eae564657f4b45cc79a.svg
s0.2mdn.net/sadbundle/15205685216655332109/media/ Frame 4D72 5 KB
3 KB 27ms
27ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15205685216655332109/media/6d7052ff6df13eae564657f4b45cc79a.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15205685216655332109/8f0cec8041c165cafb6d32d04ed8f04b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf195ab94cbfaf21aaae06763f8600b9801e4a8423311963e8e913cddc06150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15205685216655332109/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:41:41 GMT
date: Thu, 04 Jan 2024 14:41:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119996
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2640
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 9c69f07deadda884c61396a404004929.svg
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 842B 1 KB
643 B 26ms
26ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/9c69f07deadda884c61396a404004929.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/8f0cec8041c165cafb6d32d04ed8f04b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa3efcb1022504df85ff9f59acd76923266eb8a078b3e746457223967d82ba2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 14:54:27 GMT
date: Thu, 04 Jan 2024 14:54:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119230
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 613
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 6d7052ff6df13eae564657f4b45cc79a.svg
s0.2mdn.net/sadbundle/7135979241717318397/media/ Frame 842B 5 KB
3 KB 27ms
26ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7135979241717318397/media/6d7052ff6df13eae564657f4b45cc79a.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7135979241717318397/8f0cec8041c165cafb6d32d04ed8f04b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf195ab94cbfaf21aaae06763f8600b9801e4a8423311963e8e913cddc06150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7135979241717318397/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Sat, 04 Jan 2025 02:23:04 GMT
date: Fri, 05 Jan 2024 02:23:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77913
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2640
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 999 Show response
l1s.saturn.ms/ipfs/QmY7Aafrp8k95kGUoXbXovq3qTpZAiZqRozATC2sSf4gfD/ Frame 04F3 14 KB
15 KB 25ms
24ms Fetch
application/vnd.ipld.car 109.71.253.87
SYNLINQ synlinq.de

General

Check archive.org

Show headers Download Go to

Full URL

https://l1s.saturn.ms/ipfs/QmY7Aafrp8k95kGUoXbXovq3qTpZAiZqRozATC2sSf4gfD/999?format=car&dag-scope=entity&jwt=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI1NDE4YzI2Ny0xYjg3LTQ5MDUtODNkZC00M2YxYTA4MjRiZGMiLCJzdWIiOiJjMTFkYmJlMS1hMDA3LTRlNTktODZkNS1mYzY3ZGM4ZjMxN2MiLCJzdWJUeXBlIjoiY2xpZW50S2V5IiwiYWxsb3dfbGlzdCI6WyJhcmMuaW8iLCIqIl0sImlhdCI6MTcwNDQ5OTI5NSwiZXhwIjoxNzA0NTAyODk1fQ.uKTdQKkE02LmPOQI86qso4Vnlg4y-Xj_AlcKZYAhZhSa7-LLOTPEhZioPmYj8Zetdm3qaJFzOzJZfejKnMp9tg

Requested by

Host: unpkg.com
URL: https://unpkg.com/@filecoin-saturn/js-client@0.3.7/dist/strn.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

109.71.253.87 , Germany, ASN44486 (SYNLINQ synlinq.de, DE),

Reverse DNS

default.reselling.services

Software

nginx /

Resource Hash

2de77914ba1b74ab8b987960597986e7bbc430c722d55ca6a124cecbd4addb67

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.1clic1don.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 00:01:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
saturn-cache-status: HIT
content-disposition: attachment; filename="QmY7Aafrp8k95kGUoXbXovq3qTpZAiZqRozATC2sSf4gfD_999.car"
server-timing: started-finding-candidates;dur=0.042468;candidates-found=303512030;candidates-filtered=303548315,retrieval-Bitswap;dur=136.04327;first-byte-received=5488443164, shim; dur=5626.240554, shim_lassie; dur=5626.158715, shim_lassie_headers; dur=5626.015517, shim_lassie_body; dur=0.23843699999999998, nginx;dur=0, nginx_uct;dur=, nginx_uht;dur=, nginx_urt;dur=
saturn-node-id: d17e87ae-e03d-4696-9704-3d7ed0485e96
server: nginx
saturn-node-version: 1095_62e6d14
etag: "QmY7Aafrp8k95kGUoXbXovq3qTpZAiZqRozATC2sSf4gfD.car.d7n99d7epvbb4"
x-lassie-version: lassie/v0.19.2-f7b051a
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/vnd.ipld.car;version=1;order=dfs;dups=y
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=29030400, immutable
x-ipfs-path: /ipfs/QmY7Aafrp8k95kGUoXbXovq3qTpZAiZqRozATC2sSf4gfD/999
saturn-transfer-id: 537ae33812fe884bfe8fb9dde6ebe134
accept-ranges: none
timing-allow-origin: *
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Traceparent

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
URL: file:///C:/Users/DARIUS~1/AppData/Local/Temp/moz-screenshot-3.jpg

Domain
URL: file:///C:/Users/DARIUS~1/AppData/Local/Temp/moz-screenshot.jpg

Domain: www.gambling-affiliation.com
URL: http://www.gambling-affiliation.com/tracking/flash.php?idv=1930&ids=17359&idc=124

Domain: tracker.arc.io
URL: https://tracker.arc.io/

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ad4m.at/cookie-frame.html	1970-01-20 18:11:31	Name: userId Value: 0W0T-maxvZEt6azcYY6fBQkD_CcKti3y
.turfpmu.fr.gd/	1969-12-31 23:59:59	Name: PHPSESSID Value: 088cb77d4dee0e8e4fbe42a7ad76ce8b
.1clic1don.fr/	1970-01-21 02:13:55	Name: cf_clearance Value: 8fAzPeEGBRDTSiyOut4KIhzOcosSyLEVOvJuFlh83rA-1704499293-0-2-e3aa8ad5.ed5443da.68984887-0.2.1704499293
core.arc.io/	1970-01-21 02:13:55	Name: _immortal\|Arc_nodeId Value: HTrUEVWiUiCLg6t3YpNQya
.magsrv.com/	1970-01-21 03:04:19	Name: __uvt Value: a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226598985dd37209.040047574070208585%22%3B%7D
.magsrv.com/	1970-01-20 17:29:45	Name: c-tag Value: %7B%22tag-video%22%3A%22v4%7C%7CFRA%7C4983934%7C80773710%7C0%7C%7C508%7C48%7C2%7C40%7C0%7C0%7C0%7C502%7C0%7C0%7C0%7C0%7C2%7C2%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cpornito.de%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1704499293%7C0e3adda9d3ffe56b2aea79071d92c48b%7Cok%22%7D
.fr.gd/	1970-01-21 02:49:55	Name: __gads Value: ID=9be9e983b1ba86e1:T=1704499293:RT=1704499293:S=ALNI_MYK48wXbxpFRziw3ZCrOHV2iy0AVw
.fr.gd/	1970-01-21 02:49:55	Name: __gpi Value: UID=00000d3a1380d382:T=1704499293:RT=1704499293:S=ALNI_MYnqATfW3GZQd7ifni-fosWlqah4A
.doubleclick.net/	1970-01-21 02:49:55	Name: IDE Value: AHWqTUmC2rECQjLe2wn1wTtX2xNDTNMnkyljyZSXDkc5HOCrNzwcBHMenkLCmU0P
.casalemedia.com/	1970-01-20 19:37:55	Name: CMPS Value: 5154
.adnxs.com/	1970-01-20 19:37:55	Name: uuid2 Value: 3819025251571175115
.zecplus.de/	1970-01-21 02:13:55	Name: tsv Value: kIE!IVJHWZBOpSo!AQ\|FvhA!A!~I6Y5xueA*33
.adnxs.com/	1970-01-21 03:04:19	Name: XANDR_PANID Value: hj15k0H0y3HewWTGf7pNgrMlKM_edpOSujOfTK9K85MER3EDbrP36Q0AQfvvADkBUnX2e-1L9La3hXHk5u7R5fc-9qCV5zAwEKEFOEOc7Tk.
.adnxs.com/	1970-01-20 19:37:55	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVNnO=Xq!]tbPl1M>e)ZlrFUfJ+tGXxoa`VoZPQ1d`SZ/uh!Rg+u-<Uu1mQ<9j9S7PS/3If)y3KL9D3I?+qDn)y'
.casalemedia.com/	1970-01-21 02:13:55	Name: CMID Value: ZZiYXjsyNev1t-M37E5xjAAA
.casalemedia.com/	1970-01-20 19:37:55	Name: CMPRO Value: 5154
.awin1.com/	1970-01-20 17:31:12	Name: awpv22835 Value: 412871\|1704499294\|c0f1c970-ac26-11ee-94b4-2233c304522e
.awin1.com/	1970-01-20 17:31:12	Name: awpv14702 Value: 412871\|1704499294\|c0f1f080-ac26-11ee-8694-226555b1c0ac
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 365825:2531885
.s.magsrv.com/	1970-01-21 03:04:19	Name: __uvt Value: a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226598985dd37209.040047574070208585%22%3B%7D
.arc.io/	1970-01-21 03:04:19	Name: widgetOptState Value: {%22state%22:%22UNDECIDED%22%2C%22date%22:%222024-01-06T00:01:33.373Z%22%2C%22dismissedAt%22:null}

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://turfpmu.fr.gd/#(Line 296) Message: Not allowed to load local resource: file:///C:/Users/DARIUS~1/AppData/Local/Temp/moz-screenshot-3.jpg
javascript	error	URL: https://turfpmu.fr.gd/#(Line 296) Message: Not allowed to load local resource: file:///C:/Users/DARIUS~1/AppData/Local/Temp/moz-screenshot.jpg
network	error	URL: https://www.allosponsor.com/cgi-bin/iframe_sponsor.eur?num_site_aff=88241&type=1&popinto=1&s=1 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: https://turfpmu.fr.gd/# Message: Mixed Content: The page at 'https://turfpmu.fr.gd/#' was loaded over HTTPS, but requested an insecure script 'http://www.gambling-affiliation.com/tracking/flash.php?idv=1930&ids=17359&idc=124'. This request has been blocked; the content must be served over HTTPS.
network	error	URL: https://billigerscheiss.de/?t=1704499293&ln=1 Message: Failed to load resource: the server responded with a status of 500 ()
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.


1.bp.blogspot.com
2.bp.blogspot.com
3.bp.blogspot.com
4.bp.blogspot.com
a.magsrv.com
ad.a-ads.com
ad.doubleclick.net
ad4m.at
admediatex.net
adnade.net
adz2you.xyz
arc.io
as.ad4m.at
assets.ad4m.at
billigerscheiss.de
blogger.googleusercontent.com
cdn-binance.com
cdnjs.cloudflare.com
cduspenden.de
cids.arc.io
cm.g.doubleclick.net
consent.cookiefirst.com
core.arc.io
deli.misaglam.com
deliver.adnade.net
dsum-sec.casalemedia.com
edge.cookiefirst.com
embed.chatlotto.de
googleads.g.doubleclick.net
ib.adnxs.com
img.webme.com
l1s.saturn.ms
pagead2.googlesyndication.com
payment.allopass.com
pornito.de
pubdirecte.com
s.magsrv.com
s0.2mdn.net
shsorb.zecplus.de
static.a-ads.com
static.arc.io
su4hesnyinnwvtk3h2rkauh5ja0qrisq.lambda-url.us-west-2.on.aws
theme.webme.com
tool.hubu.link
tpc.googlesyndication.com
tracker.arc.io
turfpmu.fr.gd
u3y8v8u4.aucdn.net
unpkg.com
warden.arc.io
wtheme.webme.com
www.1clic1don.fr
www.allosponsor.com
www.awin1.com
www.gambling-affiliation.com
www.google.com
www.googletagservices.com
www.linkredirect.biz

tracker.arc.io
www.gambling-affiliation.com
104.102.45.165
108.138.36.22
109.71.253.87
142.250.181.226
142.250.184.198
172.64.151.101
178.162.223.113
178.162.223.114
178.254.33.33
178.254.36.108
18.223.141.84
185.119.26.1
185.89.210.212
193.238.27.28
195.90.208.185
212.83.183.115
213.239.209.209
2400:52e0:1e00::1080:1
2400:52e0:1e00::1081:1
2400:52e0:1e00::1082:1
2600:1f14:50b:9a02:7ee3:88d3:161c:de93
2606:4700:20::ac43:4a81
2606:4700:3031::ac43:a2c8
2606:4700::6810:7eaf
2606:4700::6811:190e
2a00:1450:4001:809::2004
2a00:1450:4001:810::2006
2a00:1450:4001:81c::2001
2a00:1450:4001:81c::2002
2a00:1450:4001:828::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2001
2a00:1450:4001:830::2002
2a00:6800:3:a0b::2
2a02:6ea0:c700::11
2a02:6ea0:c700::21
2a06:98c1:3120::3
34.77.79.66
95.142.100.82
95.211.229.248
01d8d3a192ae9fc60e6f857b9341d7aeec4d05fc2e2dc3317f65413f8cfb4992
02a07fe7bfd469d1add5863b2de14c77aae44a5032f237b51c9ff2909fe9f1f5
03146b321da29afb9e3baf359d91c3046585f832bcb78ad48b4ec73973bfdc0b
04354830bc126f72b690b0af545d49fecf86f306c993270038e2dc80fa027d50
067ac57b40fe26760f8cfeff14816138c5f4a1a0517d412c489995a5ae711461
0a16b9c0bc8878077a0ffd9cae294a1d1faff634bcaad2e18f57223a50b4ca58
0b0243f138db50afdb28a54242c35a35b8b6fc3b75dc54b48b692e1079f0ef65
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0db16c25165bfd35ea9114187f3e97d7084a33135cb56fe276f6cdd2ab675647
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
0fcda5c7cd85ad0bf177097f88fb60b68b419145245ca55dad308f406d958336
0ff70c3d9aedd4f0ca4024d40c709184fc5f3376ed65e14dd3bb6fb047d6b26a
103e1603570a5c02fec6089f08c3909aa9a42f00b2e969f23d726b191d4f653b
111fe18c1bafe22681d861b4667e4f76bf3734947b9cc1dc01fae3b3e258eea8
11ddde88c29ef7e51f5c03da7fde285085469879139d006f631a62dba9bbd069
15dd17bc017fd6b5c5874bf0c0f127131b09f9f8a4a5f596aa846269f4bad7c9
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
170fc28046efe0a2310c72af9f6d88c39458c227d4b9d7f77738f78cf1c3a11f
171e2569e608b742edc6927b3285c52256203a6bfbe958f35d78f59639b6fb66
17deedac533c71f5d9bd4afad0ff830415948ddd4f69ce42ccedada14639c605
1855fefe02102472065e0d98d2fcc8faed8c106ac8269aba472ff044942b409b
19311967464cd6447bb7fba382aa67939dcca903a56f1ac925ac2a80ff33642e
1c193778fdb97d0a29545d7350504dff96d7a23f511543a8b79a4b766aa5531a
1c55b41959563971bf06bb948fa2ddf094f68fab24127dce3a6caae6bf8942fc
1cb39101c389d4305ac411f71f3871aac67c756b4a2582df69f97b4ce34fdcf9
1dfdf221119134c8cc871c379eb3b770d1bad06ec9ba2d64c11db61cc5ce9176
21d2c4a337fb0df27376038630a9c87d292ecf4bcb10d4fc7f4151601b76afd6
23a85117368e2099ec415c89cd9a0d4d46fb3f773ee9ba8e6cf92b797f94d743
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
297eb4b72cc7f085d06f2fbc5a61c8bbca3848e8077fd489d4ee57a329195fcf
2b326cd1d48c3a0f86c6171f03b3b21426229afaf932a747e6e792ae2dda1491
2c9c5820db6f7a8a6c3912b60454a491326c2712a0db3ba10c751b0bc3816469
2d69a91e3b105d9ced4a5c0244a9dc3905f8eb061e72cb5518db5ef6d0d0635d
2de77914ba1b74ab8b987960597986e7bbc430c722d55ca6a124cecbd4addb67
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ec54658033eda36acacf610298fdcf8be19d80f97b9c2a75503aa11d8d915da
2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f
30396828f2c2fb5e4e4d9c26b0286552cf17243411ac0d5d8b97e1fd9a7595c0
31501078b411835882c834ed620bebe77a2b8ff3664514358cda957fba8c247d
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3182b5f30cce813fa8ce567f701c58f8d2019fb8d802240b072575156e8f9982
3465ab3f72d4c3ddc2943112cabd7d5bf5faec502ce18319571234957329a1b0
3502f91083d0518e5c7bda61485e6ddc386d7a616e210079c6fb196a2ea104ff
35e8d96d42f0ffa258060a98b45f013829bc57b3ae7be71c9f54c037b6e0e707
36d54e4a3480145a1431b15dbe05120a18da23bd5221b4f86324775f6a7dcdc7
3cf6840e5a834cc04350c950414f3d77a725ebdf0baa0e5ae28f2300fed0a912
3d285ed1fe07a83d5e1bf07ea6286563c6f1a34d9fca06fffbebeb5aab9d029a
3fdcde931b9062ae5f90667dae03579fd6a0c01e48cdd12a3dfee0043ab1ee57
401462f0c5d5280a2c9368df4627350893799f5fc63f8224ff9f60ae62d03a48
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
44260867bddea6dbd4e4cad76ddc27cbb117382dfec087853087df27bc0ab594
449902b23f3a9b228798443448460461023e4332932bc0d2445249241c755eae
4665222bb5348343e7c6647e77c7c430a6b0dbaa6eaf156e71b7df9853530bc7
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c1b3e1f2427be52ddd1ce67e385d4edb0e1f77085d5ad0c76711aa41ec82533
5538ae8d49ed505cc5b0d6c242cb2d4ae66ccff64f4b8031c2fe97549700268f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5609fc54573f20fa40c4e69d16754feedab29dccee56b4e276026d2c789df6b0
561b2814d3c09e62a92442c946307918f7f63f833c84876c08bd4c406767e53b
59e50d4289f223d9c475d992d8069c2b799704feefdd7e8eabebd2a49bb31df1
5ae252582e588d8bdc6cd5c65e064277a3edeba7b7d919ee59cf4123e7beae91
5ae7a1adba46f58f5d59595820d30f22673c04f6f3b54ae1f220a4a49cc7ec6c
5c8aaf3a0a4a9840eef8109904bf9d8ca3cf0933567fc63c82f239b7bd344ce3
5deec59d8ecaebf084aeb4dfdd665b3b5ae8aefa8a7cc7f76707524772912bcd
5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393
5fe6d6f3586a8cd3eb4854532649dadd38d5c783ebc54e18f4ee53760cdea049
6073a5b7084b6468f138b66a8bc4b0d9ad1128f9a2c480778d2b74a8929e23c0
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
636d87a4f01e021da2c7b7e4b8df5ca7052ca4ba4f1cab9bf2366ce0f2146200
65138a48b724e8ab3a71783ad462dc20ebe73578473396fd8e67034014f98d34
66ca37fff82b4c704deedd773e690c7a0a3a0d28014376b00fe5222fda4ee688
6bbd36ef2ed3cfff7447866d022aa96df2b0c3d0c7cd00470e6e9605d5435038
6cc44d0e11fa922fc41e655921e338fabcaa9d6b7d5001872669c74de8038e00
71034e9ee13299595623ad3a7fcdcc07b542bc82c2da1766303c9e64eeb36599
72853f2308c487532cb505ff7fec1df99dca4cbfd22c5b36ce42408d8a0cfbac
74056dd6ae8637cee0a31e03b4a1816678b7f79bffb029efba79ee1b2962961c
78e7bc13894404b1ba54e53b54236055db3e003b84ba222a6fb70b8a53a7ed28
7a4a51ab0b9301083e145526762d065e622a0ec8cfb5a866cd6b20c87087ff08
7ab4d7fa5143c2c1e71268f955e047a7c53d21523046fb27d3c70a9fb9065dd0
7df956c080a1bb3ed36decdc5b978505ddf07aa8d4b1b69e6ded3a9773464a2b
7ff761f2ba0d8641eed5cbd75d0d86f2c82e1171c6b85db25b9f0e56da21e4be
81b3e7770b707145af6a1a5b7a7648db3e08a24ad88a37e39ad41d8cbeeda3a6
81bb9ca7f132df1282fb961eb59ce5e0bfb23c3946f578d046088da672650d12
81dc394a237cf0f94b1b7d9c292ce9c696010601f009147a7348c62e4c59eb3d
82b11db00f6e3b6d8ed252d0067df0bcad2e0a9f872ee66a3d0a2f2b8d2b73c1
832eadecfff714afac1bc437d9d9a7a282c122a6917f111f7d3c6fb9896c38f9
841daeb38076ca3b8f1023b2ed02d28409b48ed9613eebf2f739dc7d2183f93b
843cf53ffec1cba4d93bc2bcc54e6570b7995d1be89015902df534357b9268b0
856c41d7d47bba74b107e526ef8f49968fb2a3a129cdc3c5ef5899ba3c2dc181
887ee4fd5820088063e31ee2e61869155c1438e27e9f1b116d8fe3bf60829ea7
8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603
8b3c0b997903e76f4594fd66d2c867b399a1edca547476bd8f069afc154e9537
8bcef4d15a0c7757ddd9eb4e6a81f65d7aedc5fe6f4ba95d90c5a63381f156ad
8eb600d1bfa136d87da7690cd2032c1906a76dcc1df0dc43fd0eb219d5356e68
8fe9d28d12e8c33e9f1d5ab109c2570547ee6648ca11fdd79b7523c6d2e2f6a2
91e2d593494a0d39a583c3a23e2564d1a52e5162c2efe4445d0eaecfbcb6ca29
9361a227e46d544fc4fdc27db966411d1f4d0ab05a4938349e614f63885cdb66
97205041759d0463b2c2849f7275898fd81a783165f9ad4b22162b6f2beeceb5
9b08cb6068e70fb67de0576ef27d427a403e1f0055777b7fc5d736963e6c1ea6
9cde9aa44670bcfa2e04173bcb9bc77ce7f3936000e3e95cd8f1d62ce6673f15
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0fd2a1324a78ad64662e4d43d9ffb6809cf95acbcc99d88f7a5d261a038b18f
a12ac29d1617bc71b7d520627ea3f63ccd6e8deed2254c97d274f03b6449579e
a3abc4a42e468252822b67bdbd5659d2642720b4a8f2abbce1121ff7e85de612
a69e10afec2b721579567e7e6297569846984eb67dffe3a803444e4453077f13
a71d6f4cc3c12fd6cf030c428a337fa6a8158d462fe21f0702abd238c6a58402
a77bee92347b9bbd0786d53fe05e0d5c3d486c5db3f4682d9f4dfc21960542e9
a8f896757199dafc7487174ae544878f525a1580b59cac5f6daa859c257d6c58
aa420362f766c5ef90bd60b72610df9dcb600728866f887d8dd1ed76134e6ed3
aa8e3adbf0b5c901a3909a38faa3cddd4ae183dff1fec4c954d2bab3aa40f3c4
aba329695897af7bffa4d282dcf3573d0463f847a01f28efe7c41aa51beb41ee
ae05b18aae5483651f30c1a04078268141f1704596cfed6b37175802bd0c89ac
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1e3161de1cce033d34d742887b53c870770b79b62f8913caff08d0f469665c8
b2cbc3a472cb47beaa472ef9445e776bb6f053b311318948d7ebbffda0e02bfc
b364babb52cb930beb7e5e61f549d739c155b2f8a24415bb8b401b0d6cb3eddb
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79
b85d577c9372317faa6365a789a52e6217c407d61e1c637ecb088e7b075e39ba
b9455bc7fa2544fea83bbe69418fa2231819e0f57b899aecf711d4e94b7ffb2d
bb0f8d0ddd86c8950343123306347b29b3dfb334281d37a69069bd2dbe73f42a
c1028557934275fefa71b3860b6bb33797343a5fdc8d734119fb5374dc0a91fa
c331eb86d87b1684540ddb6544a96d3f9b975141681f028ae97b0c5bcf4b64b3
c3c8a840523cbfaf32de76e8decd6d6aa6a3914ea36f811c4c8b0a1190368ed4
c4553db9c6f8ac8363f52730234c6e6978828fd5638df4d0dbcfd8bec71a08ca
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c93069eed6230d93575f3e02cd7f0f6b9297f5e96e0fba2ae1c3223485e6b3f2
cae15024a69f06fc2e124b25d160a09646d0b9feccf70136040143873803f7c9
caf195ab94cbfaf21aaae06763f8600b9801e4a8423311963e8e913cddc06150
cdd2c81aadd2f0eeb770acc7652cf1c421271c05886f0ef337264c6fada0e142
d012cfa1d2f449adb90718ea5189ff71ba01da8e271e2d14af1969d6aa8d9423
d0963e266a793bcf10ba3e5e75fd4a8f3cce1eab2d2899cbb741079edbdcdb18
d25c183a7ea5847b7502fdec80211907a7dd9dbb824461c1592809e467a2c64c
d409d094ae5ddbd68925759dfa8655ddc9709693dc0906e4dfe6ff588d837511
d4a8d14f34fb8740b9acb5123e475eaae20d83907e0e14dd267d63e93e7f82da
d5f83459cd7022769a57a436f24ed1540369eec2ebbec331275d46d8cfbea98c
d7fc375178c93a2fc15fd888e30170eedf4ef3d04497e7f951ab7bfe0c921693
db56d38a70b5e4aa3b1f567279fe9ba7b21525e5001f8080bf1a5b6fcaeffc40
dcc45fa8c015a15822ff8cfa426bfc130f26cfdca3be4b4d06ec5896890aa155
dd694ce4f5c42e852c4fefe654d7e946e3febca32a9b225f0d2533c4c09a7af4
de7a53bd6dd86a48393788feb7c5bd0940346d7641c5bf83a7ac740745332bd0
dfa308fad7980f1f2df59e13a7ffe2816742da7aa50150ccf680eaf296b34e56
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b7ee94c51c8914ecc612bcc96eaf415b827809088f69013e8bcde7018c5081
e433154269640d4406564936982e98152c37ec2bbaffc22e9ce7b852ee4d1045
e7037a6f46bae447d2244fc31568814f03fda73a034afd27b035e858be8319f6
e7902b56545718b3f9dcc015b4acab60270239d559b0adaae9e5c81dd95a89a1
e8e59257cc797123383f4dea6d1a72f6fb729342e3b23b75f311b70f0dc1ef96
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
e9ce2ffeea5b16b30a437724a8e2d62c3fb24c79946ee6b2b9dd04e5f925ee27
e9fc8d6674aeafb947323cae49be6b79b03e4b1d11bd0c93d447e347016f6a81
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ebb41edaf0a527aac2d8d639b600c6a443c126333c1318feee0c26220db0fb2d
ec70fdd6fa4ea1e80b04cebbe98e801e6a658237b69155d41abe0b0b8801dc96
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef807d7beb7afd4ddb5cddd3f9b0c5eb11d36d5724330a3a8021d92fc141c5dd
f17162509aa299eda5fa26437cd4174d29262726a14272d573febdd02713484f
f4302dca380ee69b5fc3ac2db66bd9838c5ba6f34373e6442dc3d2d14b6f187c
f56e324451f70fa2d4ddf9645bcffd6afe8e848b4b1f0580456e70247aeb9730
f87a4b2a4acbaa053da2e6df56367f4396be15a72f719cedd071e7812725a443
f96bf06d27816ef7237fe7998dab7276e073559337e0f3e8a55514f7f1046307
fa3efcb1022504df85ff9f59acd76923266eb8a078b3e746457223967d82ba2e
fb1d7b6144bde90327cd64b86e7742a9b11a3b2b3658d71dd80115195ff2debb
fb2b1971e54b31144a8794057598aba69ebe1d416c8c75d3a142942917f5e58b
fba7b9242113390e99277bd207daba9b5b1bf029ae5a5867472cf0d8c589b05d
fd6bf4f74881850baa384bed84f6dfb9b5258c6771524a4a226b2b344a61f096

turfpmu.fr.gd Open in urlscan Pro 193.238.27.28 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

267 Requests

93 %HTTPS

50 %IPv6

40 Domains

59 Subdomains

41 IPs

5 Countries

6825 kBTransfer

13820 kBSize

21 Cookies

14 Outgoing links

Redirected requests

267 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 17 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

turfpmu.fr.gd Open in urlscan Pro
193.238.27.28 Public Scan

Screenshot
Live screenshot

Full Image

267
Requests

93 %
HTTPS

50 %
IPv6

40
Domains

59
Subdomains

41
IPs

5
Countries

6825 kB
Transfer

13820 kB
Size

21
Cookies

267 HTTP transactions
17 data transactions