lucky63.co.uk Open in urlscan Pro
2a02:4780:1e:ff1f:cae6:c11e:295e:599 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://lucky63.co.uk/
Submission: On February 18 via api (February 18th 2024, 12:02:22 am UTC) from US — Scanned from US

Summary HTTP 50 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 9 domains to perform 50 HTTP transactions. The main IP is 2a02:4780:1e:ff1f:cae6:c11e:295e:599, located in Asheville, United States and belongs to AS-HOSTINGER, CY. The main domain is lucky63.co.uk.
TLS certificate: Issued by R3 on February 16th 2024. Valid for: 3 months.

This is the only time lucky63.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	2a02:4780:1e:... 2a02:4780:1e:ff1f:cae6:c11e:295e:599	47583 (AS-HOSTINGER) (AS-HOSTINGER)
4	20.93.81.72 20.93.81.72	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2606:4700::68... 2606:4700::6812:bd8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.19.153.16 104.19.153.16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.14.153.212 23.14.153.212	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2620:1ec:29:1... 2620:1ec:29:1::40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	142.251.16.149 142.251.16.149	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c1d::94	15169 (GOOGLE) (GOOGLE)
16	2607:f8b0:400... 2607:f8b0:4004:c08::9c	15169 (GOOGLE) (GOOGLE)
4	172.253.62.154 172.253.62.154	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:4004:c09::84	15169 (GOOGLE) (GOOGLE)
50	11

6 2a02:4780:1e:ff1f:cae6:c11e:295e:599 (Asheville, United States)

ASN47583 (AS-HOSTINGER, CY)

lucky63.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 20.93.81.72 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

campaigns.williamhill.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:bd8 (United States)

ASN13335 (CLOUDFLARENET, US)

mediaserver.entainpartners.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.153.16 (None, )

ASN13335 (CLOUDFLARENET, US)

ads.betfair.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.14.153.212 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-14-153-212.deploy.static.akamaitechnologies.com

servedby.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:29:1::40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

wlwilliamhill.eacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.16.149 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f149.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c1d::94 (Washington, United States)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2607:f8b0:4004:c08::9c (Washington, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.253.62.154 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f154.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4004:c09::84 (Washington, United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 120 tpc.googlesyndication.com — Cisco Umbrella Rank: 158	282 KB
6	doubleclick.net ad.doubleclick.net — Cisco Umbrella Rank: 149 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 551	61 KB
6	lucky63.co.uk lucky63.co.uk	60 KB
4	eacdn.com wlwilliamhill.eacdn.com — Cisco Umbrella Rank: 844666	7 KB
4	entainpartners.com mediaserver.entainpartners.com — Cisco Umbrella Rank: 190268	56 KB
4	williamhill.com campaigns.williamhill.com — Cisco Umbrella Rank: 493031	5 KB
2	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 328	269 KB
1	flashtalking.com servedby.flashtalking.com — Cisco Umbrella Rank: 1052
1	betfair.com ads.betfair.com	2 KB
50	9

	Domain	Requested by
16	pagead2.googlesyndication.com	ad.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com campaigns.williamhill.com
6	tpc.googlesyndication.com	ad.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
6	lucky63.co.uk	lucky63.co.uk
4	googleads4.g.doubleclick.net	ad.doubleclick.net
4	wlwilliamhill.eacdn.com	campaigns.williamhill.com
4	mediaserver.entainpartners.com	lucky63.co.uk mediaserver.entainpartners.com
4	campaigns.williamhill.com	lucky63.co.uk wlwilliamhill.eacdn.com
2	s0.2mdn.net	ad.doubleclick.net
2	ad.doubleclick.net	wlwilliamhill.eacdn.com
1	servedby.flashtalking.com	ads.betfair.com
1	ads.betfair.com	lucky63.co.uk
50	11

This site contains links to these domains. Also see Links.

Domain
campaigns.williamhill.com
mediaserver.gvcaffiliates.com
ads.betfair.com
www.lucky63.co.uk
www.gambleaware.org.uk
www.gamblingtherapy.org
www.gamblersanonymous.org.uk
www.gambleaware.co.uk

Subject Issuer	Validity	Valid
lucky63.co.uk R3	`2024-02-16` - `2024-05-16`	3 months	crt.sh
campaigns.williamhill.com HydrantID Server CA O1	`2023-11-07` - `2024-12-01`	a year	crt.sh
mediaserver.entainpartners.com Cloudflare Inc ECC CA-3	`2024-01-11` - `2024-12-31`	a year	crt.sh
site.promotions.betfair.com GTS CA 1P5	`2024-01-11` - `2024-04-10`	3 months	crt.sh
servedby.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-14` - `2024-09-14`	a year	crt.sh
ia-prod-azurecdn.eacdn.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-24` - `2024-11-29`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh

This page contains 14 frames:

Primary Page: https://lucky63.co.uk/
Frame ID: 22C07E42B407E03933FBA8DF6C0B78CA
Requests: 6 HTTP requests in this frame

Frame: https://campaigns.williamhill.com/I.ashx?btag=a_46719b_242c_&affid=1213670&siteid=46719&adid=242&c=
Frame ID: 0E759B99552572A82F730B3F3DF3FB14
Requests: 3 HTTP requests in this frame

Frame: https://campaigns.williamhill.com/I.ashx?btag=a_46719b_251c_&affid=1213670&siteid=46719&adid=251&c=
Frame ID: 404C9B06A29EC8FE2757FEEE87CD8F66
Requests: 3 HTTP requests in this frame

Frame: https://mediaserver.entainpartners.com/renderBanner.do?zoneId=2023057&t=f&v=1&securedDomain=y
Frame ID: 11FF8099AFE8208D70651D346334FB11
Requests: 2 HTTP requests in this frame

Frame: https://ads.betfair.com/ad.aspx?bid=9031&pid=9241
Frame ID: 7681A99FA1885932B9AE10BC5F8B91F4
Requests: 2 HTTP requests in this frame

Frame: https://mediaserver.entainpartners.com/renderBanner.do?zoneId=2022761&t=f&v=1&securedDomain=y
Frame ID: 1222810CD14E2F6F9F2D83EC85F75D5C
Requests: 2 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N189204.277573INCOMEACCESS/B23702687.265584723;sz=728x90;kw=[url_encoded_publisher_data];click=https://campaigns.williamhill.com/C.ashx?btag=a_46719b_251c_&affid=1213670&siteid=46719&adid=251&c=&MediaID=309&IsAd=1&IAref=https%3A%2F%2Flucky63.co.uk%2F&asclurl=;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Frame ID: C697B3257992C20044BFD7E273213ADE
Requests: 11 HTTP requests in this frame

Frame: https://campaigns.williamhill.com/T.ashx?btag=a_46719b_251c_&affid=1213670&siteid=46719&adid=251&c=&t=638438113385420000&MediaID=309&MediaIndex=0&XYZ=120%261%26148%26%26%26%260%260%26%26
Frame ID: E53BEF3053710E4E964AC972D65DEC18
Requests: 1 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N189204.277573INCOMEACCESS/B23702687.265584750;sz=300x250;kw=[url_encoded_publisher_data];click=https://campaigns.williamhill.com/C.ashx?btag=a_46719b_242c_&affid=1213670&siteid=46719&adid=242&c=&MediaID=300&IsAd=1&IAref=https%3A%2F%2Flucky63.co.uk%2F&asclurl=;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Frame ID: FC24188C241536E71DDB5347C382F78F
Requests: 11 HTTP requests in this frame

Frame: https://campaigns.williamhill.com/T.ashx?btag=a_46719b_242c_&affid=1213670&siteid=46719&adid=242&c=&t=638438113387760000&MediaID=300&MediaIndex=0&XYZ=120%261%26148%26%26%26%260%260%26%26
Frame ID: 7563CA0A972F000E016C095B2AB6AF0D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 08816DC382D754D0B76DB3AD99348CD6
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 553923B02C6F0C16283D147262473535
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js
Frame ID: 80EBB1EB508AD79E5A4D0EA1BF9B6760
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js
Frame ID: 4A7EA2F05C0821495214EB9B4C739D8E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Lucky 63 : bet explanation

Detected technologies

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Page Statistics

50
Requests

100 %
HTTPS

55 %
IPv6

9
Domains

11
Subdomains

11
IPs

3
Countries

743 kB
Transfer

1365 kB
Size

8
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://campaigns.williamhill.com/C.ashx?btag=a_46719b_793c_&affid=1213670&siteid=46719&adid=793&c=
Title: William Hill

Search URL Search Domain Scan URL

URL: https://mediaserver.gvcaffiliates.com/renderBanner.do?zoneId=1993400
Title: Ladbrokes

Search URL Search Domain Scan URL

URL: http://ads.betfair.com/redirect.aspx?pid=9241&bid=3339
Title: Betfair

Search URL Search Domain Scan URL

URL: https://mediaserver.gvcaffiliates.com/renderBanner.do?zoneId=1993408
Title: Coral

Search URL Search Domain Scan URL

URL: http://www.lucky63.co.uk/
Title: www.lucky63.co.uk

Search URL Search Domain Scan URL

URL: http://www.gambleaware.org.uk/
Title: BeGambleAware

Search URL Search Domain Scan URL

URL: http://www.gamblingtherapy.org/
Title: Gambling Therapy

Search URL Search Domain Scan URL

URL: http://www.gamblersanonymous.org.uk/
Title: Gamblers Anonymous

Search URL Search Domain Scan URL

URL: http://www.gambleaware.co.uk/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

50 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
lucky63.co.uk/ 7 KB
3 KB 1100ms
502ms Document
text/html 2a02:4780:1e:ff1f:cae6:c11e:295e:599
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://lucky63.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1e:ff1f:cae6:c11e:295e:599 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

hcdn /

Resource Hash

07c3c7ee7fdf2bd02700462dba70f22cc8b5f846ab0b30cb286bce32f9992e92

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-encoding: br
content-length: 2408
content-security-policy: upgrade-insecure-requests
content-type: text/html
date: Sun, 18 Feb 2024 00:02:16 GMT
etag: "1dee-60a4295e-7acc8172df63d05;br"
last-modified: Tue, 18 May 2021 20:53:50 GMT
platform: hostinger
server: hcdn
x-hcdn-cache-status: DYNAMIC
x-hcdn-request-id: ff8b9eb4a9fde82a69ed026353d96818-phx-edge1
x-hcdn-upstream-rt: 0.418
x-turbo-charged-by: LiteSpeed

GET
H2 200 law.js Show response
lucky63.co.uk/ 2 KB
1 KB 767ms
765ms Script
application/x-javascript 2a02:4780:1e:ff1f:cae6:c11e:295e:599
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://lucky63.co.uk/law.js

Requested by

Host: lucky63.co.uk
URL: https://lucky63.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1e:ff1f:cae6:c11e:295e:599 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

hcdn /

Resource Hash

ad35522dc0e9dea8cf27f3ef4613b33c1efce4e601ac449e43366c6fde684efd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://lucky63.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:16 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=86400
content-length: 964
x-hcdn-cache-status: MISS
last-modified: Mon, 24 Sep 2018 09:41:24 GMT
server: hcdn
etag: "94e-5ba8b144-71348dc824e61fa2;br"
x-hcdn-request-id: d9c735e4a5b176a8bf1f9cb2b5daea59-phx-edge1
content-type: application/x-javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
x-hcdn-upstream-rt: 0.416
accept-ranges: bytes
platform: hostinger
expires: Sun, 25 Feb 2024 00:02:16 GMT

GET
H2 200 lucky63.jpg
lucky63.co.uk/ 5 KB
5 KB 773ms
772ms Image
image/webp 2a02:4780:1e:ff1f:cae6:c11e:295e:599
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lucky63.co.uk/lucky63.jpg
Requested by: Host: lucky63.co.uk
URL: https://lucky63.co.uk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:4780:1e:ff1f:cae6:c11e:295e:599 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: hcdn /
Resource Hash: 839c2f9894eea642b69290447c20e6396b756e30402fe24559fd9db1caa2cf84

Request headers

accept-language: en-US,en;q=0.9
Referer: https://lucky63.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:16 GMT
x-hcdn-cache-status: MISS
server: hcdn
x-hcdn-request-id: 7f16a501b85fbe854f263bd191d22493-phx-edge1
content-type: image/webp
cache-control: public, max-age=604800
x-hcdn-image-optimizer: f:webp q:85 w:1600
x-hcdn-upstream-rt: 0.428
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 5254

GET
H2 200 lucky-63.jpg
lucky63.co.uk/ 44 KB
45 KB 1204ms
1204ms Image
image/webp 2a02:4780:1e:ff1f:cae6:c11e:295e:599
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lucky63.co.uk/lucky-63.jpg
Requested by: Host: lucky63.co.uk
URL: https://lucky63.co.uk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:4780:1e:ff1f:cae6:c11e:295e:599 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: hcdn /
Resource Hash: 495c45e997d5d26747fd23b8c98dbdbeed4f20575a5d5aaaf9d4f2375b58b933

Request headers

accept-language: en-US,en;q=0.9
Referer: https://lucky63.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:17 GMT
x-hcdn-cache-status: MISS
server: hcdn
x-hcdn-request-id: 7949a6d29adf86c2459b1c23e9af9a55-phx-edge1
content-type: image/webp
cache-control: public, max-age=604800
x-hcdn-image-optimizer: f:webp q:85 w:1600
x-hcdn-upstream-rt: 0.884
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 45320

GET
H2 200 728_GA.jpg
lucky63.co.uk/ 4 KB
4 KB 626ms
626ms Image
image/webp 2a02:4780:1e:ff1f:cae6:c11e:295e:599
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lucky63.co.uk/728_GA.jpg
Requested by: Host: lucky63.co.uk
URL: https://lucky63.co.uk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:4780:1e:ff1f:cae6:c11e:295e:599 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: hcdn /
Resource Hash: 808a282563111c00f2cdb143f48b1ef2102e6f4ac33aae4340dea558648f3203

Request headers

accept-language: en-US,en;q=0.9
Referer: https://lucky63.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:17 GMT
x-hcdn-cache-status: MISS
server: hcdn
x-hcdn-request-id: 7ba3250c2ee259a8ce7b41ce7fa25f40-phx-edge1
content-type: image/webp
cache-control: public, max-age=604800
x-hcdn-image-optimizer: f:webp q:85 w:1600
x-hcdn-upstream-rt: 0.557
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 3910

GET
H/1.1 200
OK I.ashx Show response
campaigns.williamhill.com/ Frame 0E75 1 KB
2 KB 1491ms
1178ms Document
text/html 20.93.81.72
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://campaigns.williamhill.com/I.ashx?btag=a_46719b_242c_&affid=1213670&siteid=46719&adid=242&c=

Requested by

Host: lucky63.co.uk
URL: https://lucky63.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

20.93.81.72 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

ce6a35cfacbf12b3470ae2e72de2de80279c0d886717af3ebb72213f1cdb65d4

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://lucky63.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: private
Connection: keep-alive
Content-Length: 1447
Content-Type: text/html; charset=utf-8
Date: Sun, 18 Feb 2024 00:02:18 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H/1.1 200
OK I.ashx Show response
campaigns.williamhill.com/ Frame 404C 1 KB
2 KB 1434ms
1144ms Document
text/html 20.93.81.72
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://campaigns.williamhill.com/I.ashx?btag=a_46719b_251c_&affid=1213670&siteid=46719&adid=251&c=

Requested by

Host: lucky63.co.uk
URL: https://lucky63.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

20.93.81.72 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

ab4deb91469cd1b15f86d9c628c7268aad1c8df95cbadfabb4eec6e747846ac5

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://lucky63.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: private
Connection: keep-alive
Content-Length: 1447
Content-Type: text/html; charset=utf-8
Date: Sun, 18 Feb 2024 00:02:18 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H2 200 renderBanner.do Show response
mediaserver.entainpartners.com/ Frame 11FF 472 B
832 B 528ms
482ms Document
text/html 2606:4700::6812:bd8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mediaserver.entainpartners.com/renderBanner.do?zoneId=2023057&t=f&v=1&securedDomain=y
Requested by: Host: lucky63.co.uk
URL: https://lucky63.co.uk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:bd8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f50f9b0e39aec9e0925fac24549056da468d240f610ba786e28df429c4f4637e

Request headers

Referer: https://lucky63.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 857200184f3b3320-EWR
content-encoding: gzip
content-language: en-US
content-type: text/html;charset=ISO-8859-1
date: Sun, 18 Feb 2024 00:02:17 GMT
server: cloudflare
vary: Accept-Encoding
x-ua-compatible: IE=EmulateIE7

GET
H2 200 ad.aspx Show response
ads.betfair.com/ Frame 7681 2 KB
2 KB 477ms
428ms Document
text/html 104.19.153.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.betfair.com/ad.aspx?bid=9031&pid=9241

Requested by

Host: lucky63.co.uk
URL: https://lucky63.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.153.16 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cace0036cd313527798094338c29c975646fe4e3399576af962721bc4dade966

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-expose-headers: Request-Context
alt-svc: h3=":443"; ma=86400
cache-control: private,no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 857200184f165e7e-EWR
content-encoding: br
content-type: text/html; charset=utf-8
date: Sun, 18 Feb 2024 00:02:17 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NfFxW36r8WJSmsbkhGycHQgi97gnVy5ZhWIN9rmy2XQ9ZsOJD%2B02uSgHzxhYpara3ll7rujq3Icy7QDrhGrLk2N%2FvLET7xxYwkU9tn6eU9oFUDSfuburyG31ZOMNVD8GJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
x-azure-ref: 20240218T000217Z-8km3mesgs10r5fsve6b4g6n9r400000002b0000000006kbb
x-cache: CONFIG_NOCACHE
x-content-type-options: nosniff

GET
H2 200 renderBanner.do Show response
mediaserver.entainpartners.com/ Frame 1222 468 B
664 B 527ms
483ms Document
text/html 2606:4700::6812:bd8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mediaserver.entainpartners.com/renderBanner.do?zoneId=2022761&t=f&v=1&securedDomain=y
Requested by: Host: lucky63.co.uk
URL: https://lucky63.co.uk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:bd8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ecda085b65681b94de4bc6a4adae55c72f46e45978de715bafd7092d2d59d92

Request headers

Referer: https://lucky63.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 857200184f3a3320-EWR
content-encoding: gzip
content-language: en-US
content-type: text/html;charset=ISO-8859-1
date: Sun, 18 Feb 2024 00:02:17 GMT
server: cloudflare
vary: Accept-Encoding
x-ua-compatible: IE=EmulateIE7

GET
H2 404 gradient.jpg
lucky63.co.uk/ 2 KB
2 KB 529ms
528ms Image
text/html 2a02:4780:1e:ff1f:cae6:c11e:295e:599
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lucky63.co.uk/gradient.jpg
Requested by: Host: lucky63.co.uk
URL: https://lucky63.co.uk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:4780:1e:ff1f:cae6:c11e:295e:599 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: hcdn /
Resource Hash: 3d70ce95eb1eb78620cc57fe1a6a479e6f2d70508bf813238e573863df000d6e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://lucky63.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:17 GMT
content-encoding: br
last-modified: Tue, 12 Dec 2023 20:12:09 GMT
server: hcdn
etag: W/"999-6578be99-94861dc139f7f2c7;;;"
x-hcdn-request-id: 85ae706cd2af0ab9684fd91c6b569544-phx-edge1
content-type: text/html
x-turbo-charged-by: LiteSpeed
platform: hostinger
alt-svc: h3=":443"; ma=86400
content-length: 914

GET
H/1.1 404
Not Found /
servedby.flashtalking.com/imp/1/103922;3605126;201;js;netrefercom;BFUKIENetreferSportsGenericFootball728x90/ Frame 7681 0
0 91ms
53ms Script
text/html 23.14.153.212
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://servedby.flashtalking.com/imp/1/103922;3605126;201;js;netrefercom;BFUKIENetreferSportsGenericFootball728x90/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_agentEnv=0&ft_referrer=&cachebuster=595637.8077961926
Requested by: Host: ads.betfair.com
URL: https://ads.betfair.com/ad.aspx?bid=9031&pid=9241
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.14.153.212 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-14-153-212.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.betfair.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

GET
H2 200 293253_728_x_90.gif
mediaserver.entainpartners.com/images/AdServer/Ladbrokes/Sports/ Frame 11FF 23 KB
23 KB 502ms
502ms Image
image/gif 2606:4700::6812:bd8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mediaserver.entainpartners.com/images/AdServer/Ladbrokes/Sports/293253_728_x_90.gif
Requested by: Host: mediaserver.entainpartners.com
URL: https://mediaserver.entainpartners.com/renderBanner.do?zoneId=2023057&t=f&v=1&securedDomain=y
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:bd8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40a519ee9c37f62f2574138e8e6d13a09ff8c5391cddc258f2e63eb654bc3936

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mediaserver.entainpartners.com/renderBanner.do?zoneId=2023057&t=f&v=1&securedDomain=y
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:17 GMT
cf-cache-status: MISS
last-modified: Tue, 09 Mar 2021 15:35:15 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=14400, public
accept-ranges: bytes
cf-ray: 8572001b59fc3320-EWR
content-length: 23148
x-ua-compatible: IE=EmulateIE7

GET
H2 200 291369_728x90_DMP.gif
mediaserver.entainpartners.com/images/AdServer/Coral/Sports/ Frame 1222 31 KB
31 KB 505ms
505ms Image
image/gif 2606:4700::6812:bd8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mediaserver.entainpartners.com/images/AdServer/Coral/Sports/291369_728x90_DMP.gif
Requested by: Host: mediaserver.entainpartners.com
URL: https://mediaserver.entainpartners.com/renderBanner.do?zoneId=2022761&t=f&v=1&securedDomain=y
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:bd8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5186d61ba8150f3d27523586777a11e14ef10801ad056f88b70e3f1752f21f1d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mediaserver.entainpartners.com/renderBanner.do?zoneId=2022761&t=f&v=1&securedDomain=y
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:17 GMT
cf-cache-status: MISS
last-modified: Tue, 09 Mar 2021 16:35:16 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=14400, public
accept-ranges: bytes
cf-ray: 8572001b59fe3320-EWR
content-length: 32109
x-ua-compatible: IE=EmulateIE7

GET
H2 200 s.5.6.min.js Show response
wlwilliamhill.eacdn.com/TrafficOpt/ Frame 404C 7 KB
3 KB 148ms
47ms Script
application/javascript 2620:1ec:29:1::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://wlwilliamhill.eacdn.com/TrafficOpt/s.5.6.min.js?t=1
Requested by: Host: campaigns.williamhill.com
URL: https://campaigns.williamhill.com/I.ashx?btag=a_46719b_251c_&affid=1213670&siteid=46719&adid=251&c=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: f86bef16c190006cbf5b68c68ceab38d5360d9fd6b2c47010265bd023fd4e939

Request headers

accept-language: en-US,en;q=0.9
Referer: https://campaigns.williamhill.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:17 GMT
content-encoding: br
last-modified: Wed, 30 Mar 2016 16:08:31 GMT
etag: "56fbf9ff-1a7b"
x-azure-ref: 0CknRZQAAAACytKcmE50sQor6C0P2Edq9TU5aMjIxMDYwNjEyMDMxADU4YjJhYjU3LThkNzYtNDFjMS04Mzk2LTJmZjgwODZlNThkYw==
x-cache: TCP_HIT
content-type: application/javascript
cache-control: max-age=0, no-cache
accept-ranges: bytes

GET
H2 200 Ad_251.js Show response
wlwilliamhill.eacdn.com/wlwilliamhill/img/js/ Frame 404C 1 KB
883 B 149ms
48ms Script
application/javascript 2620:1ec:29:1::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://wlwilliamhill.eacdn.com/wlwilliamhill/img/js/Ad_251.js?t=2024021800
Requested by: Host: campaigns.williamhill.com
URL: https://campaigns.williamhill.com/I.ashx?btag=a_46719b_251c_&affid=1213670&siteid=46719&adid=251&c=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 09ef658fe8ad9abca2867f44b68b716cbfd3c10ba7620f6586f708af5cccb61e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://campaigns.williamhill.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:17 GMT
content-encoding: br
last-modified: Mon, 20 Nov 2023 08:32:23 GMT
etag: "655b1997-58b"
x-azure-ref: 0CknRZQAAAAAcFdUinBPbRo4yTL3dd9wwTU5aMjIxMDYwNjEyMDMxADU4YjJhYjU3LThkNzYtNDFjMS04Mzk2LTJmZjgwODZlNThkYw==
x-cache: TCP_HIT
content-type: application/javascript
cache-control: max-age=0, no-cache
accept-ranges: bytes

GET
H2 200 s.5.6.min.js Show response
wlwilliamhill.eacdn.com/TrafficOpt/ Frame 0E75 7 KB
3 KB 94ms
48ms Script
application/javascript 2620:1ec:29:1::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://wlwilliamhill.eacdn.com/TrafficOpt/s.5.6.min.js?t=1
Requested by: Host: campaigns.williamhill.com
URL: https://campaigns.williamhill.com/I.ashx?btag=a_46719b_242c_&affid=1213670&siteid=46719&adid=242&c=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: f86bef16c190006cbf5b68c68ceab38d5360d9fd6b2c47010265bd023fd4e939

Request headers

accept-language: en-US,en;q=0.9
Referer: https://campaigns.williamhill.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:17 GMT
content-encoding: br
last-modified: Wed, 30 Mar 2016 16:08:31 GMT
etag: "56fbf9ff-1a7b"
x-azure-ref: 0CknRZQAAAAA/ZKAtmtHfQZT6ZYWqXJqzTU5aMjIxMDYwNjEyMDMxADU4YjJhYjU3LThkNzYtNDFjMS04Mzk2LTJmZjgwODZlNThkYw==
x-cache: TCP_HIT
content-type: application/javascript
cache-control: max-age=0, no-cache
accept-ranges: bytes

GET
H2 200 Ad_242.js Show response
wlwilliamhill.eacdn.com/wlwilliamhill/img/js/ Frame 0E75 1 KB
901 B 331ms
285ms Script
application/javascript 2620:1ec:29:1::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://wlwilliamhill.eacdn.com/wlwilliamhill/img/js/Ad_242.js?t=2024021800
Requested by: Host: campaigns.williamhill.com
URL: https://campaigns.williamhill.com/I.ashx?btag=a_46719b_242c_&affid=1213670&siteid=46719&adid=242&c=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e45e56433de4ca5cb7775f3a8aa333e4d9be0df20d1906a7c41daefd0c078b6a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://campaigns.williamhill.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:17 GMT
content-encoding: br
last-modified: Mon, 20 Nov 2023 08:32:18 GMT
etag: "655b1992-58e"
x-azure-ref: 0CknRZQAAAACNIylKI5xEQaFsK9+mOkHnTU5aMjIxMDYwNjEyMDMxADU4YjJhYjU3LThkNzYtNDFjMS04Mzk2LTJmZjgwODZlNThkYw==
x-cache: TCP_MISS
content-type: application/javascript
cache-control: max-age=0, no-cache
accept-ranges: bytes

GET
H2 200 C.ashx Show response
ad.doubleclick.net/ddm/adi/N189204.277573INCOMEACCESS/B23702687.265584723;sz=728x90;kw=[url_encoded_publisher_data];click=https://campaigns.williamhill.com/ Frame C697 64 KB
30 KB 98ms
58ms Document
text/html 142.251.16.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adi/N189204.277573INCOMEACCESS/B23702687.265584723;sz=728x90;kw=[url_encoded_publisher_data];click=https://campaigns.williamhill.com/C.ashx?btag=a_46719b_251c_&affid=1213670&siteid=46719&adid=251&c=&MediaID=309&IsAd=1&IAref=https%3A%2F%2Flucky63.co.uk%2F&asclurl=;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Requested by

Host: wlwilliamhill.eacdn.com
URL: https://wlwilliamhill.eacdn.com/TrafficOpt/s.5.6.min.js?t=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.149 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f149.1e100.net

Software

cafe /

Resource Hash

55b0d5c5320e5cdba88b764bf69f5dc1c5eaeba94897d4988a8b32f7b373909f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://campaigns.williamhill.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 30397
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 18 Feb 2024 00:02:18 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK T.ashx Show response
campaigns.williamhill.com/ Frame E53B 0
765 B 1485ms
1485ms Document
text/plain 20.93.81.72
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://campaigns.williamhill.com/T.ashx?btag=a_46719b_251c_&affid=1213670&siteid=46719&adid=251&c=&t=638438113385420000&MediaID=309&MediaIndex=0&XYZ=120%261%26148%26%26%26%260%260%26%26

Requested by

Host: wlwilliamhill.eacdn.com
URL: https://wlwilliamhill.eacdn.com/TrafficOpt/s.5.6.min.js?t=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

20.93.81.72 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://campaigns.williamhill.com/I.ashx?btag=a_46719b_251c_&affid=1213670&siteid=46719&adid=251&c=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: private
Connection: keep-alive
Content-Length: 0
Date: Sun, 18 Feb 2024 00:02:19 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 5.3
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H2 200 10632851464355920200
s0.2mdn.net/simgad/ Frame C697 118 KB
119 KB 112ms
52ms Image
image/gif 2607:f8b0:4004:c1d::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/10632851464355920200

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N189204.277573INCOMEACCESS/B23702687.265584723;sz=728x90;kw=[url_encoded_publisher_data];click=https://campaigns.williamhill.com/C.ashx?btag=a_46719b_251c_&affid=1213670&siteid=46719&adid=251&c=&MediaID=309&IsAd=1&IAref=https%3A%2F%2Flucky63.co.uk%2F&asclurl=;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf670f99006a6e87aa898d96f0fc02a2ed98ca10e73b66bfe845d5b8cd2be07f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
date: Sun, 18 Feb 2024 00:02:18 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121290
x-xss-protection: 0
last-modified: Wed, 11 Oct 2023 14:32:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 17 Feb 2025 00:02:18 GMT

GET
H2 200 sodar_loader.js Show response
pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/xfa/ Frame C697 10 KB
4 KB 113ms
54ms Script
text/javascript 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/xfa/sodar_loader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8850868d209c4c086eca4579b496846168800fe4ac4728162508e0dc35fa3537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 23:22:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2409
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4124
x-xss-protection: 0
server: cafe
etag: 9042593224187393105
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Mar 2024 23:22:09 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/elements/html/ Frame C697 12 KB
5 KB 112ms
53ms Script
text/javascript 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 23:09:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3170
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4383
x-xss-protection: 0
server: cafe
etag: 1583492410672046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Mar 2024 23:09:28 GMT

GET
H2 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame C697 204 KB
62 KB 105ms
54ms Script
text/javascript 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 23:09:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62824
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 18 Feb 2024 00:09:49 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C697 0
0 171ms
126ms Fetch
image/gif 172.253.62.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvCWCKyyz5n0XUe2Ht2YvQ9PY913o5KUpZs_k6bBpZ9rHS6NPqbzga8eDdz28eXkqUni1BeW2C801cxQQ1g-xTyzFpRthRA-SRz3s72u109WwLtAWvLZ3DvohmdWmgclMn2IekmjzwxEMPkYpHP5df3_Q-tGOccm7ErB7ZiA32PgAMr6cVtQxw&sai=AMfl-YRrvwkB-bj363brcmoOa_Zn0GJRIYd6dviAZm76RUqLiyT1S4rXk_GT_YiGuFJlJpnK2Mtib7kmGFmXOY0&sig=Cg0ArKJSzBLOQEsLtCRFEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20240215.66638&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:18 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 18 Feb 2024 00:02:18 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame C697 41 KB
14 KB 124ms
40ms Script
text/javascript 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 14:09:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35540
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 16 Feb 2025 14:09:58 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame C697 8 KB
6 KB 209ms
87ms XHR
application/json 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=r20100101&st=int

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/xfa/sodar_loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

266fc7cb46902d5fc75e39cd043a7c098acf33201a02a249d2104746546baea1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5882
x-xss-protection: 0

GET
H2 200 C.ashx Show response
ad.doubleclick.net/ddm/adi/N189204.277573INCOMEACCESS/B23702687.265584750;sz=300x250;kw=[url_encoded_publisher_data];click=https://campaigns.williamhill.com/ Frame FC24 64 KB
30 KB 67ms
64ms Document
text/html 142.251.16.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adi/N189204.277573INCOMEACCESS/B23702687.265584750;sz=300x250;kw=[url_encoded_publisher_data];click=https://campaigns.williamhill.com/C.ashx?btag=a_46719b_242c_&affid=1213670&siteid=46719&adid=242&c=&MediaID=300&IsAd=1&IAref=https%3A%2F%2Flucky63.co.uk%2F&asclurl=;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Requested by

Host: wlwilliamhill.eacdn.com
URL: https://wlwilliamhill.eacdn.com/TrafficOpt/s.5.6.min.js?t=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.149 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f149.1e100.net

Software

cafe /

Resource Hash

7c2172e9583e17d785ad7f32f0731c6ff99658a39895c42c0d1e7b5e4b5a3906

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://campaigns.williamhill.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 30523
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 18 Feb 2024 00:02:18 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK T.ashx Show response
campaigns.williamhill.com/ Frame 7563 0
765 B 2391ms
2390ms Document
text/plain 20.93.81.72
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://campaigns.williamhill.com/T.ashx?btag=a_46719b_242c_&affid=1213670&siteid=46719&adid=242&c=&t=638438113387760000&MediaID=300&MediaIndex=0&XYZ=120%261%26148%26%26%26%260%260%26%26

Requested by

Host: wlwilliamhill.eacdn.com
URL: https://wlwilliamhill.eacdn.com/TrafficOpt/s.5.6.min.js?t=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

20.93.81.72 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://campaigns.williamhill.com/I.ashx?btag=a_46719b_242c_&affid=1213670&siteid=46719&adid=242&c=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: private
Connection: keep-alive
Content-Length: 0
Date: Sun, 18 Feb 2024 00:02:20 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 5.3
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 0881 38 KB
13 KB 113ms
112ms Document
text/html 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 248909
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 02:53:49 GMT
expires: Fri, 14 Feb 2025 02:53:49 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 6776102513870816607
s0.2mdn.net/simgad/ Frame FC24 150 KB
150 KB 128ms
126ms Image
image/gif 2607:f8b0:4004:c1d::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/6776102513870816607

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N189204.277573INCOMEACCESS/B23702687.265584750;sz=300x250;kw=[url_encoded_publisher_data];click=https://campaigns.williamhill.com/C.ashx?btag=a_46719b_242c_&affid=1213670&siteid=46719&adid=242&c=&MediaID=300&IsAd=1&IAref=https%3A%2F%2Flucky63.co.uk%2F&asclurl=;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

500ab78402d9f54b7f202a159091a98c3d577ad7363d05242d3e6b8cce973be7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
date: Sun, 18 Feb 2024 00:02:18 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 153736
x-xss-protection: 0
last-modified: Wed, 11 Oct 2023 14:32:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 17 Feb 2025 00:02:18 GMT

GET
H2 200 sodar_loader.js Show response
pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/xfa/ Frame FC24 10 KB
4 KB 106ms
104ms Script
text/javascript 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/xfa/sodar_loader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8850868d209c4c086eca4579b496846168800fe4ac4728162508e0dc35fa3537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 23:22:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2409
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4124
x-xss-protection: 0
server: cafe
etag: 9042593224187393105
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Mar 2024 23:22:09 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/elements/html/ Frame FC24 12 KB
4 KB 60ms
60ms Script
text/javascript 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 23:09:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3170
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4383
x-xss-protection: 0
server: cafe
etag: 1583492410672046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Mar 2024 23:09:28 GMT

GET
H2 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame FC24 204 KB
61 KB 98ms
98ms Script
text/javascript 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 23:09:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62824
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 18 Feb 2024 00:09:49 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame FC24 0
0 91ms
90ms Fetch
image/gif 172.253.62.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuzRP8zUrfAaFvHKP7wD2_kfTSxkDWVVNlIHi_JJT4nq0AAdScKjORu0gCA0RDH9dmQEsggz54INk0365Z3Y3kexkoXkd8axF7XIAh5wQ881CNdrOx8WhOtSk5NNTt_J66wZX9sZpxsY0AcV8Zt0RjyXTBkKng1N2q5TGRAFjilujPaXqhrw37ewjNUBqHlgkFai2IsAh6hml4xCsSUcHsur1BUwlFIF6-i&sai=AMfl-YTYZRJGLKDnmxebBiUO4q5JmMYkshgaPjg7u70A522hG8Ux8dJzjCnHBTI6rvf31i4em7CYUPjVAcOB2nh1uePOrwUtlPCLGIUf7A&sig=Cg0ArKJSzM5ZjREY69zyEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20240215.24137&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:18 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 18 Feb 2024 00:02:18 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame FC24 41 KB
14 KB 85ms
85ms Script
text/javascript 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 14:09:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35540
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 16 Feb 2025 14:09:58 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C697 0
0 89ms
89ms Fetch
image/gif 172.253.62.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvCWCKyyz5n0XUe2Ht2YvQ9PY913o5KUpZs_k6bBpZ9rHS6NPqbzga8eDdz28eXkqUni1BeW2C801cxQQ1g-xTyzFpRthRA-SRz3s72u109WwLtAWvLZ3DvohmdWmgclMn2IekmjzwxEMPkYpHP5df3_Q-tGOccm7ErB7ZiA32PgAMr6cVtQxw&sai=AMfl-YRrvwkB-bj363brcmoOa_Zn0GJRIYd6dviAZm76RUqLiyT1S4rXk_GT_YiGuFJlJpnK2Mtib7kmGFmXOY0&sig=Cg0ArKJSzBLOQEsLtCRFEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=234&vt=11&dtpt=232&dett=2&cstd=0&cisv=r20240215.66638&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:18 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 18 Feb 2024 00:02:18 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame FC24 8 KB
6 KB 125ms
125ms XHR
application/json 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=r20100101&st=int

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/xfa/sodar_loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b68227cf67f0b4204455709a0d7f1440f0d5c9c575a283ac96d36a571c65cde3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5877
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame C697 17 KB
6 KB 98ms
98ms Script
text/javascript 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/xfa/sodar_loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 18 Feb 2024 00:02:19 GMT

GET
H3 200 VWSJSM-ccN57m6m2QPs-NP7cxacmqKiEaeV8lk1iunM.js Show response
pagead2.googlesyndication.com/bg/ Frame 0881 51 KB
19 KB 97ms
97ms Script
text/javascript 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VWSJSM-ccN57m6m2QPs-NP7cxacmqKiEaeV8lk1iunM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55648948cf9c70de7b9ba9b640fb3e34fedcc5a726a8a88469e57c964d62ba73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:01:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 176461
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19939
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Feb 2025 23:01:18 GMT

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 5539 38 KB
13 KB 68ms
67ms Document
text/html 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 248910
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 02:53:49 GMT
expires: Fri, 14 Feb 2025 02:53:49 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame FC24 0
0 76ms
74ms Fetch
image/gif 172.253.62.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuzRP8zUrfAaFvHKP7wD2_kfTSxkDWVVNlIHi_JJT4nq0AAdScKjORu0gCA0RDH9dmQEsggz54INk0365Z3Y3kexkoXkd8axF7XIAh5wQ881CNdrOx8WhOtSk5NNTt_J66wZX9sZpxsY0AcV8Zt0RjyXTBkKng1N2q5TGRAFjilujPaXqhrw37ewjNUBqHlgkFai2IsAh6hml4xCsSUcHsur1BUwlFIF6-i&sai=AMfl-YTYZRJGLKDnmxebBiUO4q5JmMYkshgaPjg7u70A522hG8Ux8dJzjCnHBTI6rvf31i4em7CYUPjVAcOB2nh1uePOrwUtlPCLGIUf7A&sig=Cg0ArKJSzM5ZjREY69zyEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=197&vt=11&dtpt=195&dett=2&cstd=0&cisv=r20240215.24137&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:19 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 18 Feb 2024 00:02:19 GMT

GET
H3 200 Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js Show response
pagead2.googlesyndication.com/bg/ Frame 80EB 39 KB
15 KB 41ms
41ms Script
text/javascript 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29ef35d4653c0fda0fd74b8cbb9e040ea5ae2390c608e8c2eaf34819c649d9d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 13:47:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36861
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15261
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 16 Feb 2025 13:47:58 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame FC24 17 KB
6 KB 33ms
33ms Script
text/javascript 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/xfa/sodar_loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 00:02:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 18 Feb 2024 00:02:19 GMT

GET
H3 200 Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js Show response
pagead2.googlesyndication.com/bg/ Frame 5539 39 KB
15 KB 20ms
20ms Script
text/javascript 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29ef35d4653c0fda0fd74b8cbb9e040ea5ae2390c608e8c2eaf34819c649d9d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 13:47:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36861
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15261
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 16 Feb 2025 13:47:58 GMT

GET
H3 200 Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js Show response
pagead2.googlesyndication.com/bg/ Frame 4A7E 39 KB
15 KB 20ms
20ms Script
text/javascript 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29ef35d4653c0fda0fd74b8cbb9e040ea5ae2390c608e8c2eaf34819c649d9d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 13:47:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36861
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15261
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 16 Feb 2025 13:47:58 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0881 0
20 B 76ms
75ms Image
image/gif 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BowwTCknRZf3qJKPSnboP1Z8eAAAAADgB4AQC&bg=!j4yljMPNAAYBC1i-IQs7ADQBe5WfOMQJKQto5UOqSYdaC-Zhup0s1Bbzz0RnmKDha_9tBYgB8FuV-Xsnz1vK16CFKLAaAgAAAOBSAAAAA2gBB5kDCADLN2Iwt34vgQezl0VKF8ECSmRm56juFbszCQhB3tOQZcXCSKvYn7r-jG17GczAeYQoax4goNU4BUGExuAPty2JBEj4Mc_GG73BTgY_ZWzrhNtkDP8bXEX6SBpMSfuC_KtG18sBsdvXRdNyfvFOXRWYGn2fxTdQ5TEPNaZUCREVfF2-BPLNVVmCZK0HnwFpKJme5Sbkc3ADYfwb1jTeSk1RyqRpoDcrFSBgThAVsmiG6cGdLe0x-tuEAR1EpqgVRPUMad-3EhELA5Ix83GOMscWbZuzbgdb9SCPDi0zJavcBoPzAoVVvU6YgR6NckP7SiaM72z4ezaDkXIsE0kk49E--FkBZlbYowa6JIaX9tiDFSrTbMRcdvO1KnwfMVswIh2wREv7sCyj2Dgp2WKkq658O_kgQtXkw3xdVVk6N-sHCnJ6yDB1cn6ekOz3aNmgEFOXGtHJo3Fn0SN3DS5IZt18NSIA4AQ3dXZ1ZOocSvl09QYGpnb9ADe98Md7-IzyIZfF6skNZTqxRAgsUbm5XgWmFfEouworr7t9umA-HbM88UC3R72OHUH4sI4hZEIq4c48FufD8m5zsa_BfdmbLwK9yQUQrOgzKntvayPYSvMKo5KPJ7NjNU2rbFaB18Q82mx1pSw0cfZp7FPlmJ7RikqCo-bMfUeTHgJEVQSxSqnmaOFgYkbug0EKmzCBKPKJqYVnQ0lv6121ZVH9xXub3M7tRUPwPaKUceJK1TqameMTZfPh-LB-TRhpV1uEVhTNmMSs69r4UdUUeAPDbW-ClUEtNV55ZGo1E6jDyPXs7OEyHEguPzIO-d95u1LnKJUWuZulOCEU1IOixhaaFlX9o5Yz46rUmE5EsFPl6fqGJrDn9G-uk_hMxg2E0dmTHo5330Elo9aXMFjpa7dHxrMCdRwmuJjegkwqxbcwEDXOqib5knrJrDzOLiE0QnQTO-8kjb2KCpdQ1ZzbMIRLmU3uRhfEocx2V6HZrLMVVw-bIjFWtgOCvJA5IdCgfg8eWO13qYZTivHY40Zc

Requested by

Host: campaigns.williamhill.com
URL: https://campaigns.williamhill.com/I.ashx?btag=a_46719b_251c_&affid=1213670&siteid=46719&adid=251&c=

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 18 Feb 2024 00:02:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5539 0
20 B 75ms
74ms Image
image/gif 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BpG3SCknRZd2YMYKMnboP9IKh2AgAAAAAOAHgBAI&bg=!3N-l35DNAAZN4L4YbeA7ADQBe5WfOMKDnDNOfViNdRqnhlD1iJHv2XJaRum1mKu0Xy8ZTj3fg8HfUeX9gDLy6E2Yxt9SAgAAAJ9SAAAAA2gBB5kDAWnbHanuj438dIYNJHMEjKMA8dXkvh_XaIrv5Fsum-NymqP2gA2g0x8JC4g9HJ_K23ib56LeMdo-Fl_4XHx9elSAi8mUZW9zNfXkonBwzQFszQYJtOpTGBeyT0E1h1uQ538eVF3kc68hVR9XwkfEyGroLgtmxhDQoNzPn-CWjrNwG9QM4pUOePrpmr9sSafVRa6TfwuHX7Ql9OCo9BM-7gb0XwHtnzJBtA8EszrRg1vFbHohP6nebxHBXXhkn6YBFXRNrOtz3p5LHRIZAj3NrXPzkUKWW8xmm_HylMKFbiz5xNbTrFhUjxJ0a80kzEKd34aXmzIRbfN1hGYAtI2OeySIv2DNXqzldAvwB74iPx4tSnjLsw2T5Vzep_oCpXWt5aCFTy_b7OOlPGj4g4ZueYQR7VLj3WUSbIERmMwXEFfkygRvZIwQ663JBA70mus6MgQBAkufLTm8xqhEUZHIaUEl46ncqZC4rIKXz_ZxWlPgyZQqrALI7aSgjkR_zFIT1BA5EHLrSTSfcu-dYfqEdNPjftxNBapaUjUlLq2gWlV1ggjSpytm_UtoGNyiKW4Vmw4c0QRtERi0epdxTBRXs7CLgafFKljLywnAN4Ou78a0UctO3D-_CXaBWiSjda0j7Om1OFexHqbHfZfKvYEAlE8mDCUsffEZJgAOfBkKdLrj5NWmdivAIbGAO3eNPttRuvniiniURvnT-wxsg-N3SvOKfjY7WYt2xGNcWo_pmvQJXhE5ZztyLf8jE5TF1EEYowL1-paUVw0as_8PXfBYk1ZHTQ5dG6mPNO19zR-omXeBXq4pEe_ilKaJguwvhSpk7nr9D2Qv380wAEGUnkGCg5ezema5Mag91chW650C4EkNfSW-g5BSjs7NufpaXGwgtHjXMKWJ87XPLWO0PnXppg-q0Ap3uc-T4voPzGfyN1ZeUhw-lfBA0ZKqlgja0D4zqpqs4OqoGDeP4lS1Grd6ei3W8C7QxwIuT6bZCAh2yxf_ryeEunlBQkUBXdZ9gzvHS_Y

Requested by

Host: campaigns.williamhill.com
URL: https://campaigns.williamhill.com/I.ashx?btag=a_46719b_242c_&affid=1213670&siteid=46719&adid=242&c=

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 18 Feb 2024 00:02:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C697 42 B
64 B 76ms
76ms Fetch
image/gif 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstV5QWmHcoxUPNvIg7lV_nRzHJ8tMqsG2erClSvyiGnsLqzKBqCY_6R5Fo66pagQkZBy4Wwt1B6QEl0XitVyMMBey1b4PqSIodclLdCGrWMtU4cSRQeor22ScPNNH6SAX6rqQ&sig=Cg0ArKJSzMC6UodOvGJdEAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240215&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=33&adk=0&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=414733800&rst=1708214538542&rpt=397&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 18 Feb 2024 00:02:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FC24 42 B
64 B 75ms
74ms Fetch
image/gif 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv7k0w5LfMPJd7d_4aK5Fti_Bus9nITrYJyO2ElpeviIpTXO4J8HeOo7Md6p9Reurq2rzBYkLOeX21sVijIOL_VMk0hHNk4VCCMRDnpLrEQHLM_7Z5Z1Ln4KLZSR248WS9CeQ0yzsNvcR4Jkg&sig=Cg0ArKJSzN0tRS7pyO7iEAE&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240215&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=33&adk=0&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=414733900&rst=1708214538776&rpt=237&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 18 Feb 2024 00:02:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.betfair.com/	1970-01-21 04:06:14	Name: NetRefer_CookieUniTrack_V Value: %5b%7b%22PID%22%3a9241%2c%22BID%22%3a9009%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1708214537334)%5c%2f%22%2c%22CookieTag%22%3a%2290099241403101C202421802%22%7d%5d
.entainpartners.com/	1970-01-20 18:30:16	Name: __cf_bm Value: 0zXo7JX17xEmWZes.RdZY6Q1tunQx168arKOnXSF2UA-1708214537-1.0-AcvPswRGASn2xN98akrivB/zqzJxx4vxmQe2rM9xgiIBQKNly/fPyE2jZ9cTUBJ1M79nNoinEk3eZQkR+Dlblns=
campaigns.williamhill.com/	1970-01-21 04:06:14	Name: CEK Value: a
.doubleclick.net/	1970-01-20 22:49:26	Name: APC Value: AfxxVi4nLKnn-Y0fW3N8FmQPDqrnEueaB-FU-EWWieI89cbwcOtvbQ
.doubleclick.net/	1970-01-20 22:49:26	Name: receive-cookie-deprecation Value: 1
.doubleclick.net/	1970-01-21 04:06:14	Name: IDE Value: AHWqTUl40V5MD_gej0GWbdGxxTcaPsqAH1adimooji48kJBnzuIU5tH6Kx5qMCJLxWQ
campaigns.williamhill.com/	1970-01-20 20:39:50	Name: XYZ Value: 120&1&148&&&&0&1&&5386612a-57ae-4290-83c1-aba2d92e02f6&a_46719b_251&&
campaigns.williamhill.com/	1970-01-20 20:39:50	Name: A_251 Value: a=251&r=0&fv=20240218&lv=20240218120219&vc=1&fc=0&lc=0&cc=0

27 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://lucky63.co.uk/gradient.jpg Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://servedby.flashtalking.com/imp/1/103922;3605126;201;js;netrefercom;BFUKIENetreferSportsGenericFootball728x90/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_agentEnv=0&ft_referrer=&cachebuster=595637.8077961926 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lucky63.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ads.betfair.com
campaigns.williamhill.com
googleads4.g.doubleclick.net
lucky63.co.uk
mediaserver.entainpartners.com
pagead2.googlesyndication.com
s0.2mdn.net
servedby.flashtalking.com
tpc.googlesyndication.com
wlwilliamhill.eacdn.com
104.19.153.16
142.251.16.149
172.253.62.154
20.93.81.72
23.14.153.212
2606:4700::6812:bd8
2607:f8b0:4004:c08::9c
2607:f8b0:4004:c09::84
2607:f8b0:4004:c1d::94
2620:1ec:29:1::40
2a02:4780:1e:ff1f:cae6:c11e:295e:599
07c3c7ee7fdf2bd02700462dba70f22cc8b5f846ab0b30cb286bce32f9992e92
09ef658fe8ad9abca2867f44b68b716cbfd3c10ba7620f6586f708af5cccb61e
0ecda085b65681b94de4bc6a4adae55c72f46e45978de715bafd7092d2d59d92
266fc7cb46902d5fc75e39cd043a7c098acf33201a02a249d2104746546baea1
29ef35d4653c0fda0fd74b8cbb9e040ea5ae2390c608e8c2eaf34819c649d9d6
3d70ce95eb1eb78620cc57fe1a6a479e6f2d70508bf813238e573863df000d6e
40a519ee9c37f62f2574138e8e6d13a09ff8c5391cddc258f2e63eb654bc3936
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
495c45e997d5d26747fd23b8c98dbdbeed4f20575a5d5aaaf9d4f2375b58b933
500ab78402d9f54b7f202a159091a98c3d577ad7363d05242d3e6b8cce973be7
5186d61ba8150f3d27523586777a11e14ef10801ad056f88b70e3f1752f21f1d
55648948cf9c70de7b9ba9b640fb3e34fedcc5a726a8a88469e57c964d62ba73
55b0d5c5320e5cdba88b764bf69f5dc1c5eaeba94897d4988a8b32f7b373909f
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
7c2172e9583e17d785ad7f32f0731c6ff99658a39895c42c0d1e7b5e4b5a3906
808a282563111c00f2cdb143f48b1ef2102e6f4ac33aae4340dea558648f3203
839c2f9894eea642b69290447c20e6396b756e30402fe24559fd9db1caa2cf84
841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632
8850868d209c4c086eca4579b496846168800fe4ac4728162508e0dc35fa3537
9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287
ab4deb91469cd1b15f86d9c628c7268aad1c8df95cbadfabb4eec6e747846ac5
ad35522dc0e9dea8cf27f3ef4613b33c1efce4e601ac449e43366c6fde684efd
b68227cf67f0b4204455709a0d7f1440f0d5c9c575a283ac96d36a571c65cde3
bf670f99006a6e87aa898d96f0fc02a2ed98ca10e73b66bfe845d5b8cd2be07f
cace0036cd313527798094338c29c975646fe4e3399576af962721bc4dade966
ce6a35cfacbf12b3470ae2e72de2de80279c0d886717af3ebb72213f1cdb65d4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e45e56433de4ca5cb7775f3a8aa333e4d9be0df20d1906a7c41daefd0c078b6a
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f50f9b0e39aec9e0925fac24549056da468d240f610ba786e28df429c4f4637e
f86bef16c190006cbf5b68c68ceab38d5360d9fd6b2c47010265bd023fd4e939

lucky63.co.uk Open in urlscan Pro 2a02:4780:1e:ff1f:cae6:c11e:295e:599 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

50 Requests

100 %HTTPS

55 %IPv6

9 Domains

11 Subdomains

11 IPs

3 Countries

743 kBTransfer

1365 kBSize

8 Cookies

9 Outgoing links

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

lucky63.co.uk Open in urlscan Pro
2a02:4780:1e:ff1f:cae6:c11e:295e:599 Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

100 %
HTTPS

55 %
IPv6

9
Domains

11
Subdomains

11
IPs

3
Countries

743 kB
Transfer

1365 kB
Size

8
Cookies

50 HTTP transactions
0 data transactions