www.itinforok.com Open in urlscan Pro
2606:4700::6812:1864 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.itinforok.com/game/mahjong_2.html
Effective URL:
https://www.itinforok.com/game/mahjong_2.html
Submission: On August 25 via api (August 25th 2024, 5:09:42 am UTC) from US — Scanned from US

Summary HTTP 48 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 1 countries across 7 domains to perform 48 HTTP transactions. The main IP is 2606:4700::6812:1864, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.itinforok.com.
TLS certificate: Issued by WE1 on July 6th 2024. Valid for: 3 months.

This is the only time www.itinforok.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
14	2606:4700::68... 2606:4700::6812:1864	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
5	2607:f8b0:400... 2607:f8b0:4006:80f::2002	15169 (GOOGLE) (GOOGLE)
11	2606:4700:310... 2606:4700:3108::ac42:2af7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2607:f8b0:400... 2607:f8b0:4006:81e::200e	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:820::2001	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81c::2001	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80b::2004	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:809::2002	15169 (GOOGLE) (GOOGLE)
48	10

14 2606:4700::6812:1864 (United States)

ASN13335 (CLOUDFLARENET, US)

www.itinforok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:80f::2002 (United States)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ep1.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700:3108::ac42:2af7 (United States)

ASN13335 (CLOUDFLARENET, US)

gamein.heiheigame.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2607:f8b0:4006:81e::200e (United States)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:820::2001 (United States)

ASN15169 (GOOGLE, US)

3f33479957c807c69886b8fba602a760.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81c::2001 (United States)

ASN15169 (GOOGLE, US)

ep2.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80b::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:809::2002 (United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	itinforok.com www.itinforok.com	121 KB
11	google.com fundingchoicesmessages.google.com — Cisco Umbrella Rank: 662 www.google.com — Cisco Umbrella Rank: 10	76 KB
11	heiheigame.com gamein.heiheigame.com	373 KB
4	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 280	180 KB
3	googlesyndication.com 3f33479957c807c69886b8fba602a760.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 203 pagead2.googlesyndication.com — Cisco Umbrella Rank: 157	75 KB
2	adtrafficquality.google ep1.adtrafficquality.google ep2.adtrafficquality.google	19 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 410	9 KB
48	7

	Domain	Requested by
14	www.itinforok.com	www.itinforok.com
11	gamein.heiheigame.com	www.itinforok.com
10	fundingchoicesmessages.google.com	securepubads.g.doubleclick.net
4	securepubads.g.doubleclick.net	www.itinforok.com securepubads.g.doubleclick.net
2	cdn.jsdelivr.net	www.itinforok.com
1	pagead2.googlesyndication.com
1	www.google.com	ep2.adtrafficquality.google
1	tpc.googlesyndication.com	ep2.adtrafficquality.google
1	ep2.adtrafficquality.google	securepubads.g.doubleclick.net
1	ep1.adtrafficquality.google	securepubads.g.doubleclick.net
1	3f33479957c807c69886b8fba602a760.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
48	11

This site contains no links.

Subject Issuer	Validity	Valid
itinforok.com WE1	`2024-07-06` - `2024-10-04`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
heiheigame.com WE1	`2024-08-10` - `2024-11-08`	3 months	crt.sh
*.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
adtrafficquality.google WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.itinforok.com/game/mahjong_2.html
Frame ID: CF74DD38E58D0B08E4A5E159373F0572
Requests: 44 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: 20CFAE3AB7ACD2F5FF7D4FE8F369CC17
Requests: 1 HTTP requests in this frame

Frame: https://3f33479957c807c69886b8fba602a760.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 71AB11CE41CBDA32FB93D0B1F5897421
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8C21294C27A920F6B17CC804DAD6714A
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 84867CCE535178EB5B31FEF6F75F1E7F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Html5 Games - Mahjong 2

Page URL History Show full URLs

http://www.itinforok.com/game/mahjong_2.html HTTP 307
https://www.itinforok.com/game/mahjong_2.html Page URL

Detected technologies

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

Swiper Slider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swiper(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

48
Requests

98 %
HTTPS

100 %
IPv6

7
Domains

11
Subdomains

10
IPs

1
Countries

853 kB
Transfer

1798 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.itinforok.com/game/mahjong_2.html HTTP 307
https://www.itinforok.com/game/mahjong_2.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

48 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request mahjong_2.html Show response
www.itinforok.com/game/
Redirect Chain

http://www.itinforok.com/game/mahjong_2.html
https://www.itinforok.com/game/mahjong_2.html

14 KB
4 KB

71ms
52ms

Document
text/html

2606:4700::6812:1864
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1864 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e6c6f8b5c8329f4fafc82340a5565d1feb5756db7dd159de52216cfd59eeff2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=86400
cf-cache-status: HIT
cf-ray: 8b89121dbfb17cab-EWR
content-encoding: br
content-type: text/html; charset=utf-8
date: Sun, 25 Aug 2024 05:09:35 GMT
expires: Mon, 26 Aug 2024 05:09:35 GMT
last-modified: Sat, 24 Aug 2024 11:51:31 GMT
server: cloudflare
vary: Accept-Encoding

Redirect headers

Location: https://www.itinforok.com/game/mahjong_2.html
Non-Authoritative-Reason: HttpsUpgrades

GET
H3 200 public.css
www.itinforok.com/static/themes/gametemp-q7/assets/css/ 3 KB
1 KB 54ms
53ms Stylesheet
text/css 2606:4700::6812:1864
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.itinforok.com/static/themes/gametemp-q7/assets/css/public.css
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1864 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dbafe77fe4ba49d10b50e2d35e37673260f6ef054512edf9ea9013532afa289a

Request headers

Referer: https://www.itinforok.com/game/mahjong_2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 01 Jun 2022 10:30:44 GMT
server: cloudflare
cf-polished: origSize=4154
etag: W/"62973fd4-103a"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 8b89121f18b37cab-EWR
alt-svc: h3=":443"; ma=86400
expires: Mon, 26 Aug 2024 05:09:35 GMT

GET
H3 200 swiper.min.css
www.itinforok.com/static/themes/gametemp-q7/assets/css/ 19 KB
4 KB 54ms
50ms Stylesheet
text/css 2606:4700::6812:1864
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.itinforok.com/static/themes/gametemp-q7/assets/css/swiper.min.css
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1864 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c207e653a1b44030d371cae76dbc884cfa7d6936525798d06be58b4cf45a9a5a

Request headers

Referer: https://www.itinforok.com/game/mahjong_2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 03 Aug 2020 06:20:52 GMT
server: cloudflare
etag: W/"5f27acc4-4d4d"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 8b89121f28b67cab-EWR
alt-svc: h3=":443"; ma=86400
expires: Mon, 26 Aug 2024 05:09:35 GMT

GET
H3 200 iconfont.js Show response
www.itinforok.com/static/themes/gametemp-q7/assets/font/ 52 KB
19 KB 57ms
52ms Script
application/javascript 2606:4700::6812:1864
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.itinforok.com/static/themes/gametemp-q7/assets/font/iconfont.js
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1864 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10bb72b14e202fffb0eb6dfb7fae8a91fc9c9c4f52429f2a3a281503454ad566

Request headers

Referer: https://www.itinforok.com/game/mahjong_2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Nov 2019 09:41:52 GMT
server: cloudflare
etag: W/"5dcd2160-ce10"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86400
cf-ray: 8b89121f28b97cab-EWR
alt-svc: h3=":443"; ma=86400
expires: Mon, 26 Aug 2024 05:09:35 GMT

GET
H3 200 swiper.min.js Show response
www.itinforok.com/static/themes/gametemp-q7/assets/js/ 125 KB
38 KB 55ms
48ms Script
application/javascript 2606:4700::6812:1864
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.itinforok.com/static/themes/gametemp-q7/assets/js/swiper.min.js
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1864 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ebd5d7878133be396f3f8338dafd4dd18e9147c49281573d431bda4a41600e5e

Request headers

Referer: https://www.itinforok.com/game/mahjong_2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 03 Aug 2020 06:20:52 GMT
server: cloudflare
etag: W/"5f27acc4-1f3cb"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86400
cf-ray: 8b89121f28bc7cab-EWR
alt-svc: h3=":443"; ma=86400
expires: Mon, 26 Aug 2024 05:09:35 GMT

GET
H3 200 lazyload.min.js Show response
www.itinforok.com/static/themes/gametemp-q7/assets/js/ 2 KB
1 KB 62ms
55ms Script
application/javascript 2606:4700::6812:1864
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.itinforok.com/static/themes/gametemp-q7/assets/js/lazyload.min.js
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1864 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b3baa10ac55f4eece0c7e666eaddd51872b8ce9273671626bcccec8f86ead78

Request headers

Referer: https://www.itinforok.com/game/mahjong_2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"1dc09d84-8a2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86400
cf-ray: 8b89121f28bf7cab-EWR
alt-svc: h3=":443"; ma=86400
expires: Mon, 26 Aug 2024 05:09:35 GMT

GET
H3 200 clipboard.js Show response
www.itinforok.com/static/themes/gametemp-q7/assets/js/ 10 KB
4 KB 63ms
56ms Script
application/javascript 2606:4700::6812:1864
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.itinforok.com/static/themes/gametemp-q7/assets/js/clipboard.js
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1864 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7a10a5cf1574ff5efbe38630ff3bd4fbf6fbc4a587393ff7cf3f7bbb985dc03

Request headers

Referer: https://www.itinforok.com/game/mahjong_2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 26 Sep 2019 07:58:28 GMT
server: cloudflare
cf-polished: origSize=10759
etag: W/"5d8c6fa4-2a07"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86400
cf-ray: 8b89121f28c07cab-EWR
alt-svc: h3=":443"; ma=86400
expires: Mon, 26 Aug 2024 05:09:35 GMT

GET
H3 200 fastclick.js Show response
www.itinforok.com/static/themes/gametemp-q7/assets/js/ 11 KB
3 KB 64ms
57ms Script
application/javascript 2606:4700::6812:1864
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.itinforok.com/static/themes/gametemp-q7/assets/js/fastclick.js
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1864 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3fe6546296a0a64c38f102a952b0e3d2cef6f8b99dc4f162dbb2b8baad21b190

Request headers

Referer: https://www.itinforok.com/game/mahjong_2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 26 Jan 2015 21:18:30 GMT
server: cloudflare
cf-polished: origSize=25965
etag: W/"54c6af26-656d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86400
cf-ray: 8b89121f28c17cab-EWR
alt-svc: h3=":443"; ma=86400
expires: Mon, 26 Aug 2024 05:09:35 GMT

GET
H3 200 jquery.min.js Show response
www.itinforok.com/static/themes/gametemp-q7/assets/js/ 82 KB
33 KB 62ms
56ms Script
application/javascript 2606:4700::6812:1864
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.itinforok.com/static/themes/gametemp-q7/assets/js/jquery.min.js
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1864 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 333c29e8bc3e1ab7b66e03bec3f64469da990700b9ace77b36c0f37f2f3b30b5

Request headers

Referer: https://www.itinforok.com/game/mahjong_2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 12 Mar 2021 02:48:12 GMT
server: cloudflare
etag: W/"604ad66c-14988"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86400
cf-ray: 8b89121f28c37cab-EWR
alt-svc: h3=":443"; ma=86400
expires: Mon, 26 Aug 2024 05:09:35 GMT

GET
H2 200 cookieconsent.min.css
cdn.jsdelivr.net/npm/cookieconsent@3/build/ 5 KB
2 KB 74ms
4ms Stylesheet
text/css 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.css

Requested by

Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

cd0d0b6e50ff01ff2f3a9a70d7cfb66a7c6cb9acf7a566325568be6d3bd31fc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 25 Aug 2024 05:09:35 GMT
x-content-type-options: nosniff
content-encoding: br
age: 22735
x-jsd-version: 3.1.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1363
x-served-by: cache-fra-eddf8230078-FRA, cache-lga21932-LGA
x-jsd-version-type: version
etag: W/"135e-3nthfC1sCV/yhiNebPZMMo2hpL8"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 detail.css
www.itinforok.com/static/themes/gametemp-q7/assets/css/ 3 KB
1 KB 80ms
74ms Stylesheet
text/css 2606:4700::6812:1864
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.itinforok.com/static/themes/gametemp-q7/assets/css/detail.css
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1864 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34de5d6ff81c0ebe478dce8adfd2c34442ff53850c9fdc0b1eb3aac585cb0c77

Request headers

Referer: https://www.itinforok.com/game/mahjong_2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
content-encoding: br
cf-cache-status: REVALIDATED
cf-bgj: minify
last-modified: Wed, 15 Apr 2020 03:36:56 GMT
server: cloudflare
cf-polished: origSize=4406
etag: W/"5e968158-1136"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 8b89121f28c47cab-EWR
alt-svc: h3=":443"; ma=86400
expires: Mon, 26 Aug 2024 05:09:35 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 102 KB
32 KB 264ms
36ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

350262864ddbd904e75f7c53c52a8075f311d48f0ebef37bb7c3f309a61b6efb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32358
x-xss-protection: 0
server: cafe
etag: 675 / 19960 / 31086373 / config-hash: 2814489205105287861
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 25 Aug 2024 05:09:35 GMT

GET
H3 200 38d6ea8053217ca6cc00df669d2be378.jpeg
gamein.heiheigame.com/uploads/gamepic/20231010/ 28 KB
29 KB 110ms
19ms Image
image/webp 2606:4700:3108::ac42:2af7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamein.heiheigame.com/uploads/gamepic/20231010/38d6ea8053217ca6cc00df669d2be378.jpeg
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2af7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 818f9db51b5a4fc1ffe02fc66a28c1c5cfebf42d902a3c5ff20bf2d7d2a3b211

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
cf-cache-status: HIT
age: 16648
cf-polished: qual=85, origFmt=jpeg, origSize=40509
content-disposition: inline; filename="38d6ea8053217ca6cc00df669d2be378.webp"
alt-svc: h3=":443"; ma=86400
content-length: 29112
cf-bgj: imgq:85,h2pri
last-modified: Tue, 10 Oct 2023 10:18:43 GMT
server: cloudflare
etag: "65252503-9e3d"
vary: Accept
access-control-allow-methods: GET,POST,OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 8b89121fbe834299-EWR
access-control-allow-headers: X-Requested-With
expires: Wed, 25 Sep 2024 05:09:35 GMT

GET
H3 200 4.png
www.itinforok.com/static/themes/gametemp-q7/assets/img/ 1 KB
2 KB 83ms
78ms Image
image/webp 2606:4700::6812:1864
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.itinforok.com/static/themes/gametemp-q7/assets/img/4.png
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1864 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4075f8697b09be6056f9032129f1c07d3a8c3b23122f425a23aa53f98609b44f

Request headers

Referer: https://www.itinforok.com/game/mahjong_2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
cf-cache-status: REVALIDATED
cf-polished: origFmt=png, origSize=2428
content-disposition: inline; filename="4.webp"
alt-svc: h3=":443"; ma=86400
content-length: 1294
cf-bgj: imgq:85,h2pri
last-modified: Sat, 10 Aug 2019 13:25:36 GMT
server: cloudflare
etag: "5d4ec5d0-97c"
vary: Accept
content-type: image/webp
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8b89121f28c57cab-EWR
expires: Tue, 24 Sep 2024 05:09:35 GMT

GET
H3 200 4e9441f1eb747db6db1a65af48a9f3c6.jpeg
gamein.heiheigame.com/uploads/gamepic/20230607/ 30 KB
30 KB 61ms
55ms Image
image/webp 2606:4700:3108::ac42:2af7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamein.heiheigame.com/uploads/gamepic/20230607/4e9441f1eb747db6db1a65af48a9f3c6.jpeg
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2af7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 94301074019302199045a880ab63cec6f49f268913b4087947962e4bdb714de8

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
cf-cache-status: HIT
cf-polished: qual=85, origFmt=jpeg, origSize=188515
content-disposition: inline; filename="4e9441f1eb747db6db1a65af48a9f3c6.webp"
alt-svc: h3=":443"; ma=86400
content-length: 30486
cf-bgj: imgq:85,h2pri
last-modified: Wed, 07 Jun 2023 02:28:05 GMT
server: cloudflare
etag: "647feb35-2e063"
vary: Accept
access-control-allow-methods: GET,POST,OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 8b89121fbe844299-EWR
access-control-allow-headers: X-Requested-With
expires: Wed, 25 Sep 2024 05:09:35 GMT

GET
H3 200 1e6427c32f020f1234958a05000321ea.jpeg
gamein.heiheigame.com/uploads/gamepic/20240428/ 39 KB
40 KB 72ms
71ms Image
image/webp 2606:4700:3108::ac42:2af7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamein.heiheigame.com/uploads/gamepic/20240428/1e6427c32f020f1234958a05000321ea.jpeg
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2af7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6552ce2cc10ab42d90b4f3a96ace38670aab097c42f17c371f1f50787d8d1cf0

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
cf-cache-status: REVALIDATED
cf-polished: qual=85, origFmt=jpeg, origSize=48315
content-disposition: inline; filename="1e6427c32f020f1234958a05000321ea.webp"
alt-svc: h3=":443"; ma=86400
content-length: 40290
cf-bgj: imgq:85,h2pri
last-modified: Sun, 28 Apr 2024 07:08:41 GMT
server: cloudflare
etag: "662df5f9-bcbb"
vary: Accept
access-control-allow-methods: GET,POST,OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 8b89121fdeae4299-EWR
access-control-allow-headers: X-Requested-With
expires: Wed, 25 Sep 2024 05:09:35 GMT

GET
H3 200 251cd622605b0259d9ec688f4ad4cfd9.jpg
gamein.heiheigame.com/uploads/gamepic/20231204/ 35 KB
36 KB 24ms
21ms Image
image/webp 2606:4700:3108::ac42:2af7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamein.heiheigame.com/uploads/gamepic/20231204/251cd622605b0259d9ec688f4ad4cfd9.jpg
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2af7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1d1519c81672a3153de33561c33af8843344b1469f333b41acff7616f2c8b101

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
cf-cache-status: HIT
age: 81141
cf-polished: qual=85, origFmt=jpeg, origSize=84794
content-disposition: inline; filename="251cd622605b0259d9ec688f4ad4cfd9.webp"
alt-svc: h3=":443"; ma=86400
content-length: 36236
cf-bgj: imgq:85,h2pri
last-modified: Mon, 04 Dec 2023 08:13:32 GMT
server: cloudflare
etag: "656d8a2c-14b3a"
vary: Accept
access-control-allow-methods: GET,POST,OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 8b89121ffebb4299-EWR
access-control-allow-headers: X-Requested-With
expires: Wed, 25 Sep 2024 05:09:35 GMT

GET
H3 200 e5f87483844f3b8b16824244114d2261.jpg
gamein.heiheigame.com/uploads/gamepic/20230706/ 24 KB
24 KB 76ms
73ms Image
image/webp 2606:4700:3108::ac42:2af7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamein.heiheigame.com/uploads/gamepic/20230706/e5f87483844f3b8b16824244114d2261.jpg
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2af7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae4497cbcec783a2f144757d88d99f3292bd30ba0d96421a9857978ae8d57430

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
cf-cache-status: REVALIDATED
cf-polished: qual=85, origFmt=jpeg, origSize=28068
content-disposition: inline; filename="e5f87483844f3b8b16824244114d2261.webp"
alt-svc: h3=":443"; ma=86400
content-length: 24448
cf-bgj: imgq:85,h2pri
last-modified: Thu, 06 Jul 2023 04:55:46 GMT
server: cloudflare
etag: "64a64952-6da4"
vary: Accept
access-control-allow-methods: GET,POST,OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 8b89121ffec34299-EWR
access-control-allow-headers: X-Requested-With
expires: Wed, 25 Sep 2024 05:09:35 GMT

GET
H3 200 dc48a2b4f8bef75e4ca878024997ce84.jpeg
gamein.heiheigame.com/uploads/gamepic/20230531/ 21 KB
21 KB 53ms
50ms Image
image/webp 2606:4700:3108::ac42:2af7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamein.heiheigame.com/uploads/gamepic/20230531/dc48a2b4f8bef75e4ca878024997ce84.jpeg
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2af7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e78b7de5b4f43d571dc1e028e1efd80da8ac296936dbe67e38e9f145d58895cc

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
cf-cache-status: HIT
cf-polished: qual=85, origFmt=jpeg, origSize=24037
content-disposition: inline; filename="dc48a2b4f8bef75e4ca878024997ce84.webp"
alt-svc: h3=":443"; ma=86400
content-length: 21064
cf-bgj: imgq:85,h2pri
last-modified: Wed, 31 May 2023 09:38:44 GMT
server: cloudflare
etag: "647715a4-5de5"
vary: Accept
access-control-allow-methods: GET,POST,OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 8b89121ffec44299-EWR
access-control-allow-headers: X-Requested-With
expires: Wed, 25 Sep 2024 05:09:35 GMT

GET
H3 200 0688ed21ccbe002fc6c6f7be927986cf.png
gamein.heiheigame.com/uploads/gamepic/20230619/ 17 KB
18 KB 76ms
73ms Image
image/webp 2606:4700:3108::ac42:2af7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamein.heiheigame.com/uploads/gamepic/20230619/0688ed21ccbe002fc6c6f7be927986cf.png
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2af7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3569ece954db13321193f6142109c9f773001fd5bc23a796145fb98c9b07857d

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
cf-cache-status: REVALIDATED
cf-polished: origFmt=png, origSize=19231
content-disposition: inline; filename="0688ed21ccbe002fc6c6f7be927986cf.webp"
alt-svc: h3=":443"; ma=86400
content-length: 17774
cf-bgj: imgq:85,h2pri
last-modified: Mon, 19 Jun 2023 06:22:31 GMT
server: cloudflare
etag: "648ff427-4b1f"
vary: Accept
access-control-allow-methods: GET,POST,OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 8b89121ffec64299-EWR
access-control-allow-headers: X-Requested-With
expires: Wed, 25 Sep 2024 05:09:35 GMT

GET
H3 200 9b22cc8dc38302299729ec23765a2a1f.jpg
gamein.heiheigame.com/uploads/gamepic/20231120/ 34 KB
34 KB 24ms
21ms Image
image/webp 2606:4700:3108::ac42:2af7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamein.heiheigame.com/uploads/gamepic/20231120/9b22cc8dc38302299729ec23765a2a1f.jpg
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2af7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49b0284db10875c9dc14f1dc04e22069531071b444e5ed03e81bffcda28abc0a

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
cf-cache-status: HIT
age: 81141
cf-polished: qual=85, origFmt=jpeg, origSize=35934
content-disposition: inline; filename="9b22cc8dc38302299729ec23765a2a1f.webp"
alt-svc: h3=":443"; ma=86400
content-length: 34306
cf-bgj: imgq:85,h2pri
last-modified: Mon, 20 Nov 2023 05:59:44 GMT
server: cloudflare
etag: "655af5d0-8c5e"
vary: Accept
access-control-allow-methods: GET,POST,OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 8b89121ffec84299-EWR
access-control-allow-headers: X-Requested-With
expires: Wed, 25 Sep 2024 05:09:35 GMT

GET
H3 200 ce3cda0a4976a07eacad254a0cd117df.png
gamein.heiheigame.com/uploads/gamepic/20230825/ 15 KB
15 KB 25ms
21ms Image
image/webp 2606:4700:3108::ac42:2af7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamein.heiheigame.com/uploads/gamepic/20230825/ce3cda0a4976a07eacad254a0cd117df.png
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2af7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a10051ce9a5dcabd83a86edf49f12cd25584ecd346fb86a34ded04d489022a5f

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
cf-cache-status: HIT
age: 50515
cf-polished: origFmt=png, origSize=16367
content-disposition: inline; filename="ce3cda0a4976a07eacad254a0cd117df.webp"
alt-svc: h3=":443"; ma=86400
content-length: 15288
cf-bgj: imgq:85,h2pri
last-modified: Fri, 25 Aug 2023 06:04:12 GMT
server: cloudflare
etag: "64e8445c-3fef"
vary: Accept
access-control-allow-methods: GET,POST,OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 8b89121ffec94299-EWR
access-control-allow-headers: X-Requested-With
expires: Wed, 25 Sep 2024 05:09:35 GMT

GET
H3 200 fc6f13f8f44e08c4d40a5bbc6cd4a2e0.jpeg
gamein.heiheigame.com/uploads/gamepic/20230524/ 18 KB
18 KB 81ms
77ms Image
image/webp 2606:4700:3108::ac42:2af7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamein.heiheigame.com/uploads/gamepic/20230524/fc6f13f8f44e08c4d40a5bbc6cd4a2e0.jpeg
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2af7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68022e39ccce8d650e0f06a1c2e0aa02cf90f519be8ac30a6236e9b10394b785

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
cf-cache-status: REVALIDATED
cf-polished: qual=85, origFmt=jpeg, origSize=34088
content-disposition: inline; filename="fc6f13f8f44e08c4d40a5bbc6cd4a2e0.webp"
alt-svc: h3=":443"; ma=86400
content-length: 18250
cf-bgj: imgq:85,h2pri
last-modified: Wed, 24 May 2023 03:26:42 GMT
server: cloudflare
etag: "646d83f2-8528"
vary: Accept
access-control-allow-methods: GET,POST,OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 8b89121ffeca4299-EWR
access-control-allow-headers: X-Requested-With
expires: Wed, 25 Sep 2024 05:09:35 GMT

GET
H3 200 logo-mini.png
www.itinforok.com/static/themes/gametemp-q7/assets/img/ 2 KB
2 KB 55ms
52ms Image
image/webp 2606:4700::6812:1864
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.itinforok.com/static/themes/gametemp-q7/assets/img/logo-mini.png
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1864 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed32928001b662f8b75a5bd243d7d47f302cc1aebad177e4f8864b200e552e2c

Request headers

Referer: https://www.itinforok.com/game/mahjong_2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=5653
content-disposition: inline; filename="logo-mini.webp"
alt-svc: h3=":443"; ma=86400
content-length: 2260
cf-bgj: imgq:85,h2pri
last-modified: Sat, 10 Aug 2019 13:25:36 GMT
server: cloudflare
etag: "5d4ec5d0-1615"
vary: Accept
content-type: image/webp
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8b89121ff95a7cab-EWR
expires: Tue, 24 Sep 2024 05:09:35 GMT

GET
H2 200 cookieconsent.min.js Show response
cdn.jsdelivr.net/npm/cookieconsent@3/build/ 20 KB
7 KB 12ms
5ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js

Requested by

Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e55842a856a6d829feca3c3ad736c136b6c7549e9247274f78aa296259e06e24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 25 Aug 2024 05:09:35 GMT
x-content-type-options: nosniff
content-encoding: br
age: 34266
x-jsd-version: 3.1.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 7125
x-served-by: cache-fra-etou8220134-FRA, cache-lga21932-LGA
x-jsd-version-type: version
etag: W/"50d5-nLraS9YXyGxjjPLr3exyStWWkHs"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 iconfont.woff2
www.itinforok.com/static/themes/gametemp-q7/assets/font/ 6 KB
6 KB 50ms
49ms Font
font/woff2 2606:4700::6812:1864
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.itinforok.com/static/themes/gametemp-q7/assets/font/iconfont.woff2
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/static/themes/gametemp-q7/assets/css/public.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1864 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 78200390d6155fc70fa4469c1d49ed2a56375d426471f78c4ce6e1c629e7e84a

Request headers

Referer: https://www.itinforok.com/static/themes/gametemp-q7/assets/css/public.css
Origin: https://www.itinforok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
cf-cache-status: HIT
last-modified: Thu, 14 Nov 2019 09:41:52 GMT
server: cloudflare
etag: "5dcd2160-17a8"
vary: Accept-Encoding
content-type: font/woff2
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 8b89122049887cab-EWR
alt-svc: h3=":443"; ma=86400
content-length: 6056
expires: Mon, 26 Aug 2024 05:09:35 GMT

GET
H3 200 a5083e9a576c6a3c1a3a1ec5f75bce90.png
gamein.heiheigame.com/uploads/games/20231010/ 108 KB
108 KB 75ms
75ms Image
image/webp 2606:4700:3108::ac42:2af7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamein.heiheigame.com/uploads/games/20231010/a5083e9a576c6a3c1a3a1ec5f75bce90.png
Requested by: Host: www.itinforok.com
URL: https://www.itinforok.com/game/mahjong_2.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2af7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c1a41a75562b261e903ff334b6a7e8887587e2197f55765d6f34eb63780e6401

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
cf-cache-status: REVALIDATED
cf-polished: origFmt=png, origSize=123430
content-disposition: inline; filename="a5083e9a576c6a3c1a3a1ec5f75bce90.webp"
alt-svc: h3=":443"; ma=86400
content-length: 110244
cf-bgj: imgq:85,h2pri
last-modified: Tue, 10 Oct 2023 10:25:03 GMT
server: cloudflare
etag: "6525267f-1e226"
vary: Accept
access-control-allow-methods: GET,POST,OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 8b8912209f544299-EWR
access-control-allow-headers: X-Requested-With
expires: Wed, 25 Sep 2024 05:09:35 GMT

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202408210101/ 477 KB
148 KB 13ms
13ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202408210101/pubads_impl.js?cb=31086373

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4901035c256227aadc3655bc7945d34cb9cb8af83a5ed4c16660a9baa12cbe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 00:16:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17614
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 151908
x-xss-protection: 0
server: cafe
etag: 6965427813262533498
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 25 Aug 2025 00:16:01 GMT

GET
H2 200 22847393195 Show response
fundingchoicesmessages.google.com/i/ 202 KB
67 KB 88ms
56ms Script
application/javascript 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/22847393195?ers=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202408210101/pubads_impl.js?cb=31086373

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

673ab6c3b2914f43d01f986f63a1886bc07e5ca926674779468d88c308760d0d

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-10ESrTPQlAELWfQdxwnC3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:35 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-10ESrTPQlAELWfQdxwnC3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStDikmJw1pBiOO90h-k6EEt8fcmkBcRO6TNYQ4DYp34GaxwQt948xzodiJP-nWctAWJ3rYus_kC8JOIi65HEi6yGCpdYnYH4_rpLrM-BeO_HS6xHgViIh6P_56ptbAIn-mYuYlbSSMovjE_OzyspykwqLckvSktOSy1OLSpLLYo3MjAyMbAwtNQzMIkvMAAAANI-Tg"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxWVX3sDyL9fHyZ8OsNH_3_krSByAmH4Hza6EAJY9H9YbZ87FZPyRHqvNNI-DJdcjlkISyQILoPL9ECWZwWdso_Ydt71pjQXGYZxVjoh4Mv9dkHSNaklb1uonmb58saZDVS7v7STMA== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 47ms
45ms Script
application/javascript 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWVX3sDyL9fHyZ8OsNH_3_krSByAmH4Hza6EAJY9H9YbZ87FZPyRHqvNNI-DJdcjlkISyQILoPL9ECWZwWdso_Ydt71pjQXGYZxVjoh4Mv9dkHSNaklb1uonmb58saZDVS7v7STMA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI0NTYyNTc2LDIzMDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbN11dLCJodHRwczovL3d3dy5pdGluZm9yb2suY29tL2dhbWUvbWFoam9uZ18yLmh0bWwiLG51bGwsW1s4LCJuRWY4TXJJOHF4USJdLFs5LCJlbi1VUyJdLFsyMiwidHJ1ZSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.nEf8MrI8qxQ.es5.O/am=rGA/d=1/rs=AJlcJMxTQrgXGg_aot8evW1yAX3Z_mVnYw/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32a8d9434f6d5c259987db6d0d97183e5815d2476adae79d8df50c41a047475d

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-2IATKtBZOD3oVt_aaErmpQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:36 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-2IATKtBZOD3oVt_aaErmpQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjStDikmLw1JBiOO90h-k6EEt8fcmkBcRO6TNYQ4DYp34GaxwQt948xzodiJP-nWctAWJ3rYus_kC8JOIi65HEi6yGCpdYnYH4_rpLrM-BeO_HS6xHgViIm2PCz1Xb2AQOtL-QVtJIyi-MT87PKynKTCotyS9KS05LLU4tKkstijcyMDIxsDC01DMwiS8wAADH_j4K"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame 20CF 0
0 16ms
4ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/static/topics/topics_frame.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202408210101/pubads_impl.js?cb=31086373

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 1505
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000, stale-while-revalidate=3600
content-encoding: br
content-length: 29261
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 25 Aug 2024 04:44:31 GMT
expires: Sun, 25 Aug 2024 05:34:31 GMT
last-modified: Mon, 19 Aug 2024 19:44:00 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 887 B
463 B 244ms
244ms Fetch
text/plain 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2260003989756009&correlator=73919769058113&eid=31083340%2C31086373&output=ldjh&gdfp_req=1&vrg=202408210101&ptt=17&impl=fif&gdpr=0&iu_parts=22847393195%2Citinforok401h4%2Citinforok401h4-xq01&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1724562576057&lmt=1724500291&adxs=650&adys=242&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.itinforok.com%2Fgame%2Fmahjong_2.html&vis=1&psz=1200x266&msz=300x250&fws=4&ohw=1200&td=1&egid=57483&tan=67e303f2-8425-41df-a021-f163c95c6796&tdf=2&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1724562575212&idt=520&adks=2246757175&frm=20&eoidce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202408210101/pubads_impl.js?cb=31086373

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

688d565c685818ec95aeff214fc16c2b04198b9eeb711dee040ace718f8e66d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:36 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 432
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.itinforok.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
3f33479957c807c69886b8fba602a760.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 71AB 0
0 67ms
19ms Document
text/html 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3f33479957c807c69886b8fba602a760.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202408210101/pubads_impl.js?cb=31086373

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 25 Aug 2024 05:09:36 GMT
expires: Sun, 25 Aug 2024 05:09:36 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 AGSKWxXRO7BhB1YJeQagP2BxP18bzGWiPoAO9psXP19qbtz-K40x6-6b1sIj89dd4Oz5VXRyxgP2NeykzC2g-Tbeo0Nsl3Iynw4SBt4PpMSDIUWR_pylZEZhEz9FvHqBGDbo-7IsvtEysg== Show response
fundingchoicesmessages.google.com/f/ 10 KB
5 KB 47ms
46ms Script
application/javascript 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXRO7BhB1YJeQagP2BxP18bzGWiPoAO9psXP19qbtz-K40x6-6b1sIj89dd4Oz5VXRyxgP2NeykzC2g-Tbeo0Nsl3Iynw4SBt4PpMSDIUWR_pylZEZhEz9FvHqBGDbo-7IsvtEysg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI0NTYyNTc2LDEwNTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vd3d3Lml0aW5mb3Jvay5jb20vZ2FtZS9tYWhqb25nXzIuaHRtbCIsbnVsbCxbWzgsIm5FZjhNckk4cXhRIl0sWzksImVuLVVTIl0sWzIyLCJ0cnVlIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e32e1534423684d77a6175fd1cb2e6375493be5fcde1a99c70702d2090aed5e3

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-o--eQzo-V-a-a5SnB-meWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:36 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-o--eQzo-V-a-a5SnB-meWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjStDikmJw0JBiOO90h-k6EEt8fcmkBcRO6TNYQ4DYp34GaxwQt948xzodiJP-nWctAWJ3rYus_kC8JOIi65HEi6yGCpdYnYH4_rpLrM-BeO_HS6xHgViIm2PCz1Xb2AR2bGh1VNJIyi-MT87PKynKTCotyS9KS05LLU4tKkstijcyMDIxsDC01DMwiS8wAAC99j3l"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
ep1.adtrafficquality.google/getconfig/ 17 KB
13 KB 72ms
36ms XHR
application/json 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202408210101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202408210101/pubads_impl.js?cb=31086373

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd28938320aad6dd6a5866d6002c2f8f682714bd413478e51e6ea172a7f06bc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13048
x-xss-protection: 0

GET
H3 200 favicon.png
www.itinforok.com/static/themes/gametemp-q7/assets/img/ 2 KB
2 KB 47ms
46ms Other
image/webp 2606:4700::6812:1864
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.itinforok.com/static/themes/gametemp-q7/assets/img/favicon.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1864 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed32928001b662f8b75a5bd243d7d47f302cc1aebad177e4f8864b200e552e2c

Request headers

Referer: https://www.itinforok.com/game/mahjong_2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:36 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=5653
content-disposition: inline; filename="favicon.webp"
alt-svc: h3=":443"; ma=86400
content-length: 2260
cf-bgj: imgq:85,h2pri
last-modified: Sat, 10 Aug 2019 13:25:36 GMT
server: cloudflare
etag: "5d4ec5d0-1615"
vary: Accept
content-type: image/webp
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8b8912253cdb7cab-EWR
expires: Tue, 24 Sep 2024 05:09:36 GMT

GET
H2 200 sodar2.js Show response
ep2.adtrafficquality.google/sodar/ 17 KB
7 KB 422ms
17ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202408210101/pubads_impl.js?cb=31086373

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 25 Aug 2024 05:09:36 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8C21 0
0 25ms
6ms Document
text/html 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 328
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 25 Aug 2024 05:04:08 GMT
expires: Mon, 25 Aug 2025 05:04:08 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame 8486 0
0 101ms
27ms Document
text/html 2607:f8b0:4006:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-VDKPfDzZ581LTt6qhOh4yA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.itinforok.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-VDKPfDzZ581LTt6qhOh4yA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 25 Aug 2024 05:09:36 GMT
expires: Sun, 25 Aug 2024 05:09:36 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 ads203. Show response
fundingchoicesmessages.google.com/f/AGSKWxXoJ79eN_9ynf5mIdhS2iZ9Ol2En5CwHAEkJ8nEJKFi7_nc3Y-XN8NRbR6FKY0TydY-RNAn5hRGaUt__m_dmw_sUMJwLqLJ9joR-WYH1PkKZbLTXuRaw3CmmqjEvi_x0nEz-Ze38Gx5baHVFZvqCR2m8L7b3... 54 B
109 B 32ms
30ms Script
application/javascript 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXoJ79eN_9ynf5mIdhS2iZ9Ol2En5CwHAEkJ8nEJKFi7_nc3Y-XN8NRbR6FKY0TydY-RNAn5hRGaUt__m_dmw_sUMJwLqLJ9joR-WYH1PkKZbLTXuRaw3CmmqjEvi_x0nEz-Ze38Gx5baHVFZvqCR2m8L7b3ywStKhD1Yjs50dIpKbcmNq8MBIF900B/_/ad_image./adsservice./nativeads-/adl.php/ads203.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.nEf8MrI8qxQ.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMwiNORm21cHcsUw0ERxtgDNzwwHHw/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ef2585aaaf781e614cb0d907efcad61a75890968f2167f3fb0b03da87e7a5de7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1pbTGni4evJOjMMej0oESw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:36 GMT
content-security-policy: script-src 'report-sample' 'nonce-1pbTGni4evJOjMMej0oESw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjStDikmLw1JBiOO90h-k6EEt8fcmkBcRO6TNYQ4DYp34GaxwQt948xzodiJP-nWctAWJ3rYus_kC8JOIi65HEi6yGCpdYnYH4_rpLrM-BeO_HS6xHgViIh2PCz1Xb2AQ6dj79y6SkkZRfGJ-cn1dSlJlUWpJflJacllqcWlSWWhRvZGBkYmBhaKlnYBJfYAAAHU4-5g"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 lidar.js Show response
pagead2.googlesyndication.com/pagead/js/ 240 KB
75 KB 60ms
10ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/lidar.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2fdb053e18f0259a6bd2bafcd6bee058d53bfcddce31b2d979f02dab97db180

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 04:26:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2575
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76850
x-xss-protection: 0
server: cafe
etag: 4390541495429557699
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Sun, 25 Aug 2024 05:26:41 GMT

POST
H3 204 AGSKWxVEmQJ2ytQ1P8WOnSDliPH5H-rObXlznJURbfbvPAmdpjxCf2RVzfw6Jjsokmwvtqcdp1OYZpUcUv2p9rg_TjiUmt-aSofgVbOrzSG6t8GIKfo-3YRfklqgM7SaHwxlRBjdEoRbnw== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 42ms
27ms XHR
text/html 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVEmQJ2ytQ1P8WOnSDliPH5H-rObXlznJURbfbvPAmdpjxCf2RVzfw6Jjsokmwvtqcdp1OYZpUcUv2p9rg_TjiUmt-aSofgVbOrzSG6t8GIKfo-3YRfklqgM7SaHwxlRBjdEoRbnw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tyk2JWCwZ079hPeG-Sa6Mw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 25 Aug 2024 05:09:36 GMT
content-security-policy: script-src 'report-sample' 'nonce-tyk2JWCwZ079hPeG-Sa6Mw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tDikmLw05BicEqfwRoExO5aF1n9gXhJxEXWQ4kXWfd-vMR6FIiFeDgm_Fy1jU3gwqLFrcxKLkn5hfHJ-XklqXkluokpxbogdlFmUmlJfhEKO7UMpCInPz09My893sjAyMTAwshIz8A8vsAAAFTgLgM"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.itinforok.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVEmQJ2ytQ1P8WOnSDliPH5H-rObXlznJURbfbvPAmdpjxCf2RVzfw6Jjsokmwvtqcdp1OYZpUcUv2p9rg_TjiUmt-aSofgVbOrzSG6t8GIKfo-3YRfklqgM7SaHwxlRBjdEoRbnw== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 35ms
33ms XHR
text/html 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVEmQJ2ytQ1P8WOnSDliPH5H-rObXlznJURbfbvPAmdpjxCf2RVzfw6Jjsokmwvtqcdp1OYZpUcUv2p9rg_TjiUmt-aSofgVbOrzSG6t8GIKfo-3YRfklqgM7SaHwxlRBjdEoRbnw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-sSigrL7MAogBJBzu0cW2Yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 25 Aug 2024 05:09:36 GMT
content-security-policy: script-src 'report-sample' 'nonce-sSigrL7MAogBJBzu0cW2Yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tDikmJw0JBicEqfwRoExO5aF1n9gXhJxEXWQ4kXWfd-vMR6FIiFeDgm_Fy1jU1gxfndPcxKLkn5hfHJ-XklqXkluokpxbogdlFmUmlJfhEKO7UMpCInPz09My893sjAyMTAwshIz8A8vsAAAFhqLhk"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.itinforok.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVEmQJ2ytQ1P8WOnSDliPH5H-rObXlznJURbfbvPAmdpjxCf2RVzfw6Jjsokmwvtqcdp1OYZpUcUv2p9rg_TjiUmt-aSofgVbOrzSG6t8GIKfo-3YRfklqgM7SaHwxlRBjdEoRbnw== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 30ms
27ms XHR
text/html 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVEmQJ2ytQ1P8WOnSDliPH5H-rObXlznJURbfbvPAmdpjxCf2RVzfw6Jjsokmwvtqcdp1OYZpUcUv2p9rg_TjiUmt-aSofgVbOrzSG6t8GIKfo-3YRfklqgM7SaHwxlRBjdEoRbnw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-cWipRU1vuDT1oNET_GTE5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 25 Aug 2024 05:09:36 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-cWipRU1vuDT1oNET_GTE5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tDikmJw1ZBicEqfwRoExO5aF1n9gXhJxEXWQ4kXWfd-vMR6FIiFeDgm_Fy1jU3gxslpm5mVXJLyC-OT8_NKUvNKdBNTinVB7KLMpNKS_CIUdmoZSEVOfnp6Zl56vJGBkYmBhZGRnoF5fIEBAGeBLko"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.itinforok.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVEmQJ2ytQ1P8WOnSDliPH5H-rObXlznJURbfbvPAmdpjxCf2RVzfw6Jjsokmwvtqcdp1OYZpUcUv2p9rg_TjiUmt-aSofgVbOrzSG6t8GIKfo-3YRfklqgM7SaHwxlRBjdEoRbnw== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 30ms
27ms XHR
text/html 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVEmQJ2ytQ1P8WOnSDliPH5H-rObXlznJURbfbvPAmdpjxCf2RVzfw6Jjsokmwvtqcdp1OYZpUcUv2p9rg_TjiUmt-aSofgVbOrzSG6t8GIKfo-3YRfklqgM7SaHwxlRBjdEoRbnw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-QGAY1Ln3KYntuh5fXZZ9yA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 25 Aug 2024 05:09:36 GMT
content-security-policy: script-src 'report-sample' 'nonce-QGAY1Ln3KYntuh5fXZZ9yA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tDikmII1pBicEqfwRoExO5aF1n9gXhJxEXWQ4kXWfd-vMR6FIiFeDgm_Fy1jU1gRmvPdmYll6T8wvjk_LyS1LwS3cSUYl0QuygzqbQkvwiFnVoGUpGTn56emZceb2RgZGJgYWSkZ2AeX2AAAEXvLc4"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.itinforok.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxXzfC9Mr4Lx9_BHqwcoHqwM8XX-6kTC_vbGInhaEptbzMq2TN_GS3WVr6eSNbLBSOM_RfTJJB0HeJiVk-rjWWKL_Wi7zQ6Fkm2roZa5kFQUUg_TsbNtbzhIIYVROSUCOxsxciJOPQ== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 60ms
59ms Script
application/javascript 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXzfC9Mr4Lx9_BHqwcoHqwM8XX-6kTC_vbGInhaEptbzMq2TN_GS3WVr6eSNbLBSOM_RfTJJB0HeJiVk-rjWWKL_Wi7zQ6Fkm2roZa5kFQUUg_TsbNtbzhIIYVROSUCOxsxciJOPQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI0NTYyNTc2LDkwMzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cuaXRpbmZvcm9rLmNvbS9nYW1lL21haGpvbmdfMi5odG1sIixudWxsLFtbOCwibkVmOE1ySThxeFEiXSxbOSwiZW4tVVMiXSxbMjIsInRydWUiXSxbMTksIjIiXSxbMTcsIlswXSJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c5685a32a063675c15ab6c2ef6b8fd97e8602d961c4b53ce1016a449c0307a14

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-05ZMLT9Qp3-O5UjuGZjkrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 05:09:36 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-05ZMLT9Qp3-O5UjuGZjkrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjStDikmII1pBiOO90h-k6EEt8fcmkBcRO6TNYQ4DYp34GaxwQt948xzodiJP-nWctAWJ3rYus_kC8JOIi65HEi6yGCpdYnYH4_rpLrM-BeO_HS6xHgViIh2PCz1Xb2AQmXP2_m1lJIym_MD45P6-kKDOptCS_KC05LbU4tagstSjeyMDIxMDC0FLPwCS-wAAAIvs-7Q"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVzz78CUFT7X2wrj6XaK6TcPEAjEm-yY_TX_Wv_zi6UR7Ix_ftRFfqOFPK9xIbcMxtQ3-CxA3d0ojd7Cq1OjlhM9ogGBINCfIS0UGd_GbJVBAn_n-RCfqkMUr5RZjzCfIWI5BVHIQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 27ms
26ms XHR
text/html 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVzz78CUFT7X2wrj6XaK6TcPEAjEm-yY_TX_Wv_zi6UR7Ix_ftRFfqOFPK9xIbcMxtQ3-CxA3d0ojd7Cq1OjlhM9ogGBINCfIS0UGd_GbJVBAn_n-RCfqkMUr5RZjzCfIWI5BVHIQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-EULSU3IGSc3PC07mbQL8WQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.itinforok.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 25 Aug 2024 05:09:36 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-EULSU3IGSc3PC07mbQL8WQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tDikmII0pBicEqfwRoExO5aF1n9gXhJxEXWQ4kXWfd-vMR6FIiFeDgm_Fy1jU3gQs_ta8xKLkn5hfHJ-XklqXkluokpxbogdlFmUmlJfhEKO7UMpCInPz09My893sjAyMTAwshIz8A8vsAAAHckLno"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.itinforok.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET sodar
pagead2.googlesyndication.com/pagead/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202408210101&jk=2260003989756009&bg=!9Pel97jNAAag2_gngNs7ADQBe5WfOMBPo-N8442WBGiPry6AZYf2OnsH63Mr9dg2VXv9nXRk9BD3f6IogtdSHSBYVSVNAgAAAQlSAAAABWgBB34ANqtKH8QeNfeBYXMVEivFK5TvmXfOuYrMNCK3La_UbvDF8NHlKGXUbOoOoZk3umw1BK7IKQYOgJkDBhL1BLdGYSmC7JaU_ffPpI-H875-RZ5IC173COQWMlFuyGXdd1rdzTVJK2nwgwn1OCFM8cO28GfXWKwemCXj624VW_r21Cvgrsxf58jQWkzF7TKjHR_O3-j0AkwrFovvZmGfvZ9YKqxVKFm2AuilE93oeRiNRaQDcL9MXhh2loZqqe4HWIB_EoUWg1Sjy7_ixKwq4Ku_pyWY5qkL2YM_ZAe5bhufONwmZ-eqD_8-kbdspt99jwRxfEXupHmqDsaANROzTOdYmabgmPXSNinM6T1_-j_Mf8YPdV4lqZhG2Jl8eMvNjSb27IVQoBikLjOamRdMwL3B5dfay2LeLI0k1n6RiVHWSTcG5nG8w1rNyKdnk2bgBkvps_SHJOLr-6EGlT0lujYe-4fV1mgHi0SCxpqbj1JDIK1TL-ooMM4RipJokK84loVVlVYOc3XYIW1KNxU9Gt-wl6-zNXVgDEhFYE7tiV_rQrBP3onHo9wQvcpKc43IQxtS33fq6T4U5wx6l9b1Lq-T-qLnyARu3ZL3ey3GsFtYxFl9VrX9Cn6Ysjgrnc-krhe5up1Mhs_p7VmKcj6rZ8gYdXKXt6zWvvOaXRoHFojNbvDtt9mRvmTHAQptplMCHRW-giMVczvK2bT31gW77nqSH9r_wcV99AbYC_bTeOnYw_KCy6Jqh_aTN0fDEYm6ExQE1Ob92DQlcdskVJQ7YCgUmgLDvD59TNbkJHzJxtNiErFdTXS301W08lw_8Ne7rParb8Wluk6hNdRgJY9-7coyWazIt73DtX6tBMOW42zXBmnDJ_-YXYmjgPDmBT8yJksaISt0EGKYfUuKZB8if62qbFgg9LKYmJ6fi4RApfjwaRpoeDRvl96WYti2tBXEzUv__cp8iGCvaNVmCzaUzI2AgfOF0ffqYQoTgwS1IlERtmzNRFNG-4DaOLV5rWoPiACDoxdV3oMLXpueu8_ANpsFkHZyQ2PZVFGUL2LL7y5FMJSWaBVwQOpzVKawLVKihohFJziGeI7-oJnOKhsZORVPWQ

Verdicts & Comments Add Verdict or Comment

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 23:02:43	Name: test_cookie Value: CheckForPermission
.itinforok.com/	1970-01-21 08:24:18	Name: __gads Value: ID=526104fe124dacab:T=1724562576:RT=1724562576:S=ALNI_MYO0qXXa-KHHgf60gyk212dT8KysQ
.itinforok.com/	1970-01-21 08:24:18	Name: __gpi Value: UID=00000ed4f9d602c7:T=1724562576:RT=1724562576:S=ALNI_Ma5qvcvAHpCcmRcetJfK0KhEddj1g
.itinforok.com/	1970-01-21 03:21:54	Name: __eoi Value: ID=121ff9488edf1b30:T=1724562576:RT=1724562576:S=AA-AfjYEgmVWoF7sBIis_xWKlVjC
.itinforok.com/	1970-01-21 07:48:18	Name: FCNEC Value: %5B%5B%22AKsRol88zyNCrDZ3CBL6eamlzWMT45FB2rvA-qrPcJ7WizoAW9Dv4VqhOMZfFexb5ZLq4MTRqLywVFfU7PoHrWi9Daw2HD4zDWjtTk63v-c_Wi9uiiR23FsBllM69ZV5i6WSnkH_kOQdXNJ0pAbJs3IuRQCd4edDZQ%3D%3D%22%5D%5D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3f33479957c807c69886b8fba602a760.safeframe.googlesyndication.com
cdn.jsdelivr.net
ep1.adtrafficquality.google
ep2.adtrafficquality.google
fundingchoicesmessages.google.com
gamein.heiheigame.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.google.com
www.itinforok.com
pagead2.googlesyndication.com
2606:4700:3108::ac42:2af7
2606:4700::6812:1864
2607:f8b0:4006:809::2002
2607:f8b0:4006:80b::2004
2607:f8b0:4006:80f::2002
2607:f8b0:4006:81c::2001
2607:f8b0:4006:81e::200e
2607:f8b0:4006:820::2001
2a04:4e42:400::485
10bb72b14e202fffb0eb6dfb7fae8a91fc9c9c4f52429f2a3a281503454ad566
1d1519c81672a3153de33561c33af8843344b1469f333b41acff7616f2c8b101
32a8d9434f6d5c259987db6d0d97183e5815d2476adae79d8df50c41a047475d
333c29e8bc3e1ab7b66e03bec3f64469da990700b9ace77b36c0f37f2f3b30b5
34de5d6ff81c0ebe478dce8adfd2c34442ff53850c9fdc0b1eb3aac585cb0c77
350262864ddbd904e75f7c53c52a8075f311d48f0ebef37bb7c3f309a61b6efb
3569ece954db13321193f6142109c9f773001fd5bc23a796145fb98c9b07857d
3fe6546296a0a64c38f102a952b0e3d2cef6f8b99dc4f162dbb2b8baad21b190
4075f8697b09be6056f9032129f1c07d3a8c3b23122f425a23aa53f98609b44f
49b0284db10875c9dc14f1dc04e22069531071b444e5ed03e81bffcda28abc0a
5b3baa10ac55f4eece0c7e666eaddd51872b8ce9273671626bcccec8f86ead78
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6552ce2cc10ab42d90b4f3a96ace38670aab097c42f17c371f1f50787d8d1cf0
673ab6c3b2914f43d01f986f63a1886bc07e5ca926674779468d88c308760d0d
68022e39ccce8d650e0f06a1c2e0aa02cf90f519be8ac30a6236e9b10394b785
688d565c685818ec95aeff214fc16c2b04198b9eeb711dee040ace718f8e66d9
6e6c6f8b5c8329f4fafc82340a5565d1feb5756db7dd159de52216cfd59eeff2
78200390d6155fc70fa4469c1d49ed2a56375d426471f78c4ce6e1c629e7e84a
818f9db51b5a4fc1ffe02fc66a28c1c5cfebf42d902a3c5ff20bf2d7d2a3b211
94301074019302199045a880ab63cec6f49f268913b4087947962e4bdb714de8
a10051ce9a5dcabd83a86edf49f12cd25584ecd346fb86a34ded04d489022a5f
a2fdb053e18f0259a6bd2bafcd6bee058d53bfcddce31b2d979f02dab97db180
a4901035c256227aadc3655bc7945d34cb9cb8af83a5ed4c16660a9baa12cbe2
ae4497cbcec783a2f144757d88d99f3292bd30ba0d96421a9857978ae8d57430
c1a41a75562b261e903ff334b6a7e8887587e2197f55765d6f34eb63780e6401
c207e653a1b44030d371cae76dbc884cfa7d6936525798d06be58b4cf45a9a5a
c5685a32a063675c15ab6c2ef6b8fd97e8602d961c4b53ce1016a449c0307a14
c7a10a5cf1574ff5efbe38630ff3bd4fbf6fbc4a587393ff7cf3f7bbb985dc03
cd0d0b6e50ff01ff2f3a9a70d7cfb66a7c6cb9acf7a566325568be6d3bd31fc4
dbafe77fe4ba49d10b50e2d35e37673260f6ef054512edf9ea9013532afa289a
e32e1534423684d77a6175fd1cb2e6375493be5fcde1a99c70702d2090aed5e3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e55842a856a6d829feca3c3ad736c136b6c7549e9247274f78aa296259e06e24
e78b7de5b4f43d571dc1e028e1efd80da8ac296936dbe67e38e9f145d58895cc
ebd5d7878133be396f3f8338dafd4dd18e9147c49281573d431bda4a41600e5e
ed32928001b662f8b75a5bd243d7d47f302cc1aebad177e4f8864b200e552e2c
ef2585aaaf781e614cb0d907efcad61a75890968f2167f3fb0b03da87e7a5de7
fd28938320aad6dd6a5866d6002c2f8f682714bd413478e51e6ea172a7f06bc6

www.itinforok.com Open in urlscan Pro 2606:4700::6812:1864 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

48 Requests

98 %HTTPS

100 %IPv6

7 Domains

11 Subdomains

10 IPs

1 Countries

853 kBTransfer

1798 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

48 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.itinforok.com Open in urlscan Pro
2606:4700::6812:1864 Public Scan

Screenshot
Live screenshot

Full Image

48
Requests

98 %
HTTPS

100 %
IPv6

7
Domains

11
Subdomains

10
IPs

1
Countries

853 kB
Transfer

1798 kB
Size

5
Cookies

48 HTTP transactions
0 data transactions