www.bahiaja.com.br Open in urlscan Pro
54.211.2.248 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://cepheus-star-casino-app-409856.evsur.ru/29102416486-how-to-improve-your-listening-skills/was
Effective URL:
https://www.bahiaja.com.br/revive/www/delivery/ck.php?ct=1&oaparams=2__bannerid=268__zoneid=4__cb=f9e03867f8__oadest=http:/...
Submission: On November 08 via api (November 8th 2024, 8:11:00 am UTC) from US — Scanned from NL

Summary HTTP 32 Redirects Behaviour Indicators

Summary

This website contacted 14 IPs in 5 countries across 14 domains to perform 32 HTTP transactions. The main IP is 54.211.2.248, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.bahiaja.com.br.
TLS certificate: Issued by Amazon RSA 2048 M02 on July 14th 2024. Valid for: a year.

This is the only time www.bahiaja.com.br was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4 4	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	199.167.131.250 199.167.131.250	21949 (BEANFIELD) (BEANFIELD)
9	163.44.198.62 163.44.198.62	135161 (GMO-Z-COM...) (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co.)
3	172.217.16.200 172.217.16.200	15169 (GOOGLE) (GOOGLE)
4	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1	142.250.185.138 142.250.185.138	15169 (GOOGLE) (GOOGLE)
2	157.240.252.13 157.240.252.13	32934 (FACEBOOK) (FACEBOOK)
1	142.250.184.227 142.250.184.227	15169 (GOOGLE) (GOOGLE)
1	216.239.34.36 216.239.34.36	15169 (GOOGLE) (GOOGLE)
1	142.251.168.156 142.251.168.156	15169 (GOOGLE) (GOOGLE)
1	142.250.185.195 142.250.185.195	15169 (GOOGLE) (GOOGLE)
2	157.240.252.35 157.240.252.35	32934 (FACEBOOK) (FACEBOOK)
2	54.211.2.248 54.211.2.248	14618 (AMAZON-AES) (AMAZON-AES)
1	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
2	172.217.18.97 172.217.18.97	15169 (GOOGLE) (GOOGLE)
32	14

4 188.114.96.3 (Amsterdam, Netherlands) 4 redirects

ASN13335 (CLOUDFLARENET, US)

cepheus-star-casino-app-409856.evsur.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.167.131.250 (Canada)

ASN21949 (BEANFIELD, CA)
PTR: redleaf.entirelydigital.com

www.barking-moonbat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 163.44.198.62 (Bangkok, Thailand)

ASN135161 (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., JP)
PTR: cpanel13wh.bkk1.cloud.z.com

www.marketplus.in.th	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.16.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f200.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.138 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.252.13 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.34.36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.168.156 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wh-in-f156.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f3.1e100.net

www.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.252.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-fra3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.211.2.248 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-211-2-248.compute-1.amazonaws.com

www.bahiaja.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

ep1.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.97 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f97.1e100.net

ep2.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	marketplus.in.th www.marketplus.in.th	284 KB
4	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 116	197 KB
4	evsur.ru 4 redirects cepheus-star-casino-app-409856.evsur.ru	3 KB
3	adtrafficquality.google ep1.adtrafficquality.google — Cisco Umbrella Rank: 233245 ep2.adtrafficquality.google — Cisco Umbrella Rank: 204383	19 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	262 KB
2	bahiaja.com.br www.bahiaja.com.br	1 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 113	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	74 KB
2	barking-moonbat.com www.barking-moonbat.com	1 KB
1	google.nl www.google.nl — Cisco Umbrella Rank: 13162	408 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 136	558 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 4401
1	gstatic.com fonts.gstatic.com	37 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	1 KB
32	14

	Domain	Requested by
9	www.marketplus.in.th	www.marketplus.in.th
4	pagead2.googlesyndication.com	www.marketplus.in.th pagead2.googlesyndication.com
4	cepheus-star-casino-app-409856.evsur.ru	4 redirects
3	www.googletagmanager.com	www.marketplus.in.th www.googletagmanager.com
2	ep2.adtrafficquality.google	pagead2.googlesyndication.com ep2.adtrafficquality.google
2	www.bahiaja.com.br	www.marketplus.in.th
2	www.facebook.com	www.marketplus.in.th
2	connect.facebook.net	www.marketplus.in.th connect.facebook.net
2	www.barking-moonbat.com
1	ep1.adtrafficquality.google	pagead2.googlesyndication.com
1	www.google.nl	www.marketplus.in.th
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	www.marketplus.in.th
32	15

This site contains no links.

Subject Issuer	Validity	Valid
barking-moonbat.com R11	`2024-10-20` - `2025-01-18`	3 months	crt.sh
marketplus.in.th cPanel ECC Domain Validation Secure Server CA 3	`2024-10-29` - `2025-01-27`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-08-17` - `2024-11-15`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.google.nl WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
avancetec.com.br Amazon RSA 2048 M02	`2024-07-14` - `2025-08-11`	a year	crt.sh
adtrafficquality.google WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://www.bahiaja.com.br/revive/www/delivery/ck.php?ct=1&oaparams=2__bannerid=268__zoneid=4__cb=f9e03867f8__oadest=http://cepheus-star-casino-app-409856.evsur.ru/aqq136da66e12de48eeabf6/136da66e12de48eeabf6
Frame ID: 30080205681DE2207D7BEC88479AA88B
Requests: 29 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/html/r20241106/r20190131/zrt_lookup_fy2021.html
Frame ID: 9444EB47F1401292E60B56D57447286E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-4036936041892181&output=html&adk=1812271804&adf=3025194257&abgtt=1&lmt=1731053454&plat=3%3A16%2C4%3A16%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.marketplus.in.th%2Fredirect.php%3Furl%3Dhttps%3A%2F%2Fcepheus-star-casino-app-409856.evsur.ru%2Faqq52e74422a75fb5e08360%2F52e74422a75fb5e08360&pra=5&wgl=1&aihb=0&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiict=1&aipaq=1&itsi=-1&aiombap=1&aiopts=1&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1731053453962&bpp=4&bdt=1563&idt=608&shv=r20241106&mjsv=m202410310101&ptt=9&saldr=aa&abxe=1&eoidce=1&nras=1&correlator=1345533234559&frm=20&pv=2&u_tz=60&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95344188%2C31088698%2C95335246%2C95345966&oid=2&pvsid=1368412055888606&tmod=939276454&uas=0&nvt=1&fsapi=1&fc=1920&brdim=1570%2C1170%2C1570%2C1170%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=1&uci=a!1&fsb=1&dtd=645
Frame ID: 06CFD9F0BA5392AD937F1E786E1017BA
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: 0392EB11407CF98CBB3AC5B70AC8A4E5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

403 Forbidden

Page URL History Show full URLs

http://cepheus-star-casino-app-409856.evsur.ru/29102416486-how-to-improve-your-listening-skills/was HTTP 307
https://cepheus-star-casino-app-409856.evsur.ru/29102416486-how-to-improve-your-listening-skills/was HTTP 302
https://cepheus-star-casino-app-409856.evsur.ru/a72dc424224 HTTP 301
http://www.barking-moonbat.com/index.php?URL=http://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759a... HTTP 307
https://www.barking-moonbat.com/index.php?URL=http://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759a... Page URL
http://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759afd501bb4/0253cee5759afd501bb4 HTTP 307
https://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759afd501bb4/0253cee5759afd501bb4 HTTP 302
https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422... Page URL
https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360 HTTP 301
https://www.bahiaja.com.br/revive/www/delivery/ck.php?ct=1&oaparams=2__bannerid=268__zoneid=4__cb=f9e03... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

32
Requests

100 %
HTTPS

0 %
IPv6

14
Domains

15
Subdomains

14
IPs

5
Countries

881 kB
Transfer

1999 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://cepheus-star-casino-app-409856.evsur.ru/29102416486-how-to-improve-your-listening-skills/was HTTP 307
https://cepheus-star-casino-app-409856.evsur.ru/29102416486-how-to-improve-your-listening-skills/was HTTP 302
https://cepheus-star-casino-app-409856.evsur.ru/a72dc424224 HTTP 301
http://www.barking-moonbat.com/index.php?URL=http://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759afd501bb4/0253cee5759afd501bb4 HTTP 307
https://www.barking-moonbat.com/index.php?URL=http://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759afd501bb4/0253cee5759afd501bb4 Page URL
http://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759afd501bb4/0253cee5759afd501bb4 HTTP 307
https://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759afd501bb4/0253cee5759afd501bb4 HTTP 302
https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360 Page URL
https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360 HTTP 301
https://www.bahiaja.com.br/revive/www/delivery/ck.php?ct=1&oaparams=2__bannerid=268__zoneid=4__cb=f9e03867f8__oadest=http://cepheus-star-casino-app-409856.evsur.ru/aqq136da66e12de48eeabf6/136da66e12de48eeabf6 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://cepheus-star-casino-app-409856.evsur.ru/29102416486-how-to-improve-your-listening-skills/was HTTP 307
https://cepheus-star-casino-app-409856.evsur.ru/29102416486-how-to-improve-your-listening-skills/was HTTP 302
https://cepheus-star-casino-app-409856.evsur.ru/a72dc424224 HTTP 301
http://www.barking-moonbat.com/index.php?URL=http://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759afd501bb4/0253cee5759afd501bb4 HTTP 307
https://www.barking-moonbat.com/index.php?URL=http://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759afd501bb4/0253cee5759afd501bb4

Request Chain 1

http://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759afd501bb4/0253cee5759afd501bb4 HTTP 307
https://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759afd501bb4/0253cee5759afd501bb4 HTTP 302
https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360

32 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

index.php
www.barking-moonbat.com/
Redirect Chain

http://cepheus-star-casino-app-409856.evsur.ru/29102416486-how-to-improve-your-listening-skills/was
https://cepheus-star-casino-app-409856.evsur.ru/29102416486-how-to-improve-your-listening-skills/was
https://cepheus-star-casino-app-409856.evsur.ru/a72dc424224
http://www.barking-moonbat.com/index.php?URL=http://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759afd501bb4/0253cee5759afd501bb4
https://www.barking-moonbat.com/index.php?URL=http://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759afd501bb4/0253cee5759afd501bb4

205 B
368 B

1147ms
108ms

Document
text/html

199.167.131.250
BEANFIELD

General

Check archive.org

Show headers Download Go to

Full URL: https://www.barking-moonbat.com/index.php?URL=http://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759afd501bb4/0253cee5759afd501bb4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.167.131.250 , Canada, ASN21949 (BEANFIELD, CA),
Reverse DNS: redleaf.entirelydigital.com
Software: LiteSpeed /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-length: 125
content-type: text/html; charset=UTF-8
date: Fri, 08 Nov 2024 08:10:50 GMT
server: LiteSpeed
vary: Accept-Encoding

Redirect headers

Location: https://www.barking-moonbat.com/index.php?URL=http://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759afd501bb4/0253cee5759afd501bb4
Non-Authoritative-Reason: HttpsUpgrades

GET
H/1.1

200
OK

redirect.php Show response
www.marketplus.in.th/
Redirect Chain

http://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759afd501bb4/0253cee5759afd501bb4
https://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759afd501bb4/0253cee5759afd501bb4
https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360

3 KB
3 KB

821ms
281ms

Document
text/html

163.44.198.62
GMO-Z-COM-TH GMO-...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.44.198.62 Bangkok, Thailand, ASN135161 (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., JP),
Reverse DNS: cpanel13wh.bkk1.cloud.z.com
Software: Apache / PHP/5.6.40
Resource Hash: a04896dc47a5d42c21105ca10428f4b182c57aff33af02971fdd284c94066556

Request headers

Referer: https://www.barking-moonbat.com/index.php?URL=http://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759afd501bb4/0253cee5759afd501bb4
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Fri, 08 Nov 2024 08:10:52 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Transfer-Encoding: chunked
X-Powered-By: PHP/5.6.40

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-transform
cf-cache-status: DYNAMIC
cf-ray: 8df416c6ee170b66-AMS
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 08 Nov 2024 08:10:51 GMT
location: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uGHhpQ52Y%2BAbcbz7YVgIxV5SxsDJD%2BNTRf0%2BwCltK0nF78o7FcM6x97dpK1K7IX%2FVZQ8TfzJakoSL0hEY1S63GDOBEd7HN5dlvKboIjdICdSggzxvUzKljAvoxzviNIAsGJmGGtU3HzUQ%2BRva2egII69I50DAFqQSxc%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=16257&sent=18&recv=15&lost=0&retrans=0&sent_bytes=5702&recv_bytes=5510&delivery_rate=9290&cwnd=12000&unsent_bytes=0&cid=1fde45535cfbdf6b&ts=3304&x=1" cfHdrFlush;dur=0

GET
H2 200 favicon.ico
www.barking-moonbat.com/ 894 B
794 B 142ms
139ms Other
image/x-icon 199.167.131.250
BEANFIELD

General

Check archive.org

Show headers Download Go to

Full URL: https://www.barking-moonbat.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.167.131.250 , Canada, ASN21949 (BEANFIELD, CA),
Reverse DNS: redleaf.entirelydigital.com
Software: LiteSpeed /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.barking-moonbat.com/index.php?URL=http://cepheus-star-casino-app-409856.evsur.ru/aqq0253cee5759afd501bb4/0253cee5759afd501bb4

Response headers

cache-control: public, max-age=604800
content-encoding: br
expires: Fri, 15 Nov 2024 08:10:51 GMT
accept-ranges: bytes
content-length: 660
date: Fri, 08 Nov 2024 08:10:51 GMT
content-type: image/x-icon
last-modified: Sat, 01 May 2004 21:34:20 GMT
vary: Accept-Encoding
server: LiteSpeed

GET
H/1.1 200
OK style.css
www.marketplus.in.th/public/css/ 12 KB
12 KB 225ms
223ms Stylesheet
text/css 163.44.198.62
GMO-Z-COM-TH GMO-...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marketplus.in.th/public/css/style.css
Requested by: Host: www.marketplus.in.th
URL: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.44.198.62 Bangkok, Thailand, ASN135161 (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., JP),
Reverse DNS: cpanel13wh.bkk1.cloud.z.com
Software: Apache /
Resource Hash: b1a74a67a3c9b8f5f36ba513bbef068bf51087f06b2af792382b4a7dcf548225

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360

Response headers

ETag: "2f00-5b5647ec8d000"
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 12032
Keep-Alive: timeout=5, max=99
Date: Fri, 08 Nov 2024 08:10:52 GMT
Last-Modified: Tue, 01 Dec 2020 10:21:52 GMT
Content-Type: text/css
Server: Apache

GET
H/1.1 200
OK style-radio.css
www.marketplus.in.th/public/css/ 930 B
1 KB 453ms
228ms Stylesheet
text/css 163.44.198.62
GMO-Z-COM-TH GMO-...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marketplus.in.th/public/css/style-radio.css
Requested by: Host: www.marketplus.in.th
URL: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.44.198.62 Bangkok, Thailand, ASN135161 (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., JP),
Reverse DNS: cpanel13wh.bkk1.cloud.z.com
Software: Apache /
Resource Hash: 2556b3a7903df0a90a3a95cdf7d74285785c83be62a3e5da562b64b3558267ec

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360

Response headers

ETag: "3a2-578803bbde140"
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 930
Keep-Alive: timeout=5, max=98
Date: Fri, 08 Nov 2024 08:10:52 GMT
Last-Modified: Thu, 18 Oct 2018 12:50:37 GMT
Content-Type: text/css
Server: Apache

GET
H/1.1 200
OK style-menu.css
www.marketplus.in.th/public/css/ 7 KB
7 KB 623ms
216ms Stylesheet
text/css 163.44.198.62
GMO-Z-COM-TH GMO-...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marketplus.in.th/public/css/style-menu.css
Requested by: Host: www.marketplus.in.th
URL: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.44.198.62 Bangkok, Thailand, ASN135161 (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., JP),
Reverse DNS: cpanel13wh.bkk1.cloud.z.com
Software: Apache /
Resource Hash: 11fe46a09d23150ac16ed44dcfdff983152d3c0d535cfc58b10dc0cb9d9d347d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360

Response headers

ETag: "1ce0-5b550c6361ec0"
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 7392
Keep-Alive: timeout=5, max=100
Date: Fri, 08 Nov 2024 08:10:52 GMT
Last-Modified: Mon, 30 Nov 2020 10:50:11 GMT
Content-Type: text/css
Server: Apache

GET
H/1.1 200
OK animate.css
www.marketplus.in.th/public/css/ 62 KB
62 KB 633ms
219ms Stylesheet
text/css 163.44.198.62
GMO-Z-COM-TH GMO-...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marketplus.in.th/public/css/animate.css
Requested by: Host: www.marketplus.in.th
URL: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.44.198.62 Bangkok, Thailand, ASN135161 (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., JP),
Reverse DNS: cpanel13wh.bkk1.cloud.z.com
Software: Apache /
Resource Hash: 007ed16a615fd21818ecf956a1f137bcf4ba609dd1de62e55ab8496af1f9be74

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360

Response headers

ETag: "f788-578803bbde140"
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 63368
Keep-Alive: timeout=5, max=100
Date: Fri, 08 Nov 2024 08:10:52 GMT
Last-Modified: Thu, 18 Oct 2018 12:50:37 GMT
Content-Type: text/css
Server: Apache

GET
H/1.1 200
OK flickity.css
www.marketplus.in.th/public/css/ 3 KB
3 KB 631ms
218ms Stylesheet
text/css 163.44.198.62
GMO-Z-COM-TH GMO-...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marketplus.in.th/public/css/flickity.css
Requested by: Host: www.marketplus.in.th
URL: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.44.198.62 Bangkok, Thailand, ASN135161 (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., JP),
Reverse DNS: cpanel13wh.bkk1.cloud.z.com
Software: Apache /
Resource Hash: 7c667d0fcf995a4b3d9a3b6ce0010d9dfada7a5520f7f3e141f853cb0e116f68

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360

Response headers

ETag: "a40-578803bbde140"
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 2624
Keep-Alive: timeout=5, max=100
Date: Fri, 08 Nov 2024 08:10:52 GMT
Last-Modified: Thu, 18 Oct 2018 12:50:37 GMT
Content-Type: text/css
Server: Apache

GET
H/1.1 200
OK jquery-latest.min.js Show response
www.marketplus.in.th/public/js/ 94 KB
94 KB 636ms
222ms Script
application/javascript 163.44.198.62
GMO-Z-COM-TH GMO-...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marketplus.in.th/public/js/jquery-latest.min.js
Requested by: Host: www.marketplus.in.th
URL: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.44.198.62 Bangkok, Thailand, ASN135161 (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., JP),
Reverse DNS: cpanel13wh.bkk1.cloud.z.com
Software: Apache /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360

Response headers

ETag: "1762a-578803b901a80"
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 95786
Keep-Alive: timeout=5, max=100
Date: Fri, 08 Nov 2024 08:10:52 GMT
Last-Modified: Thu, 18 Oct 2018 12:50:34 GMT
Content-Type: application/javascript
Server: Apache

GET
H/1.1 200
OK script.js Show response
www.marketplus.in.th/public/js/ 2 KB
2 KB 637ms
221ms Script
application/javascript 163.44.198.62
GMO-Z-COM-TH GMO-...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marketplus.in.th/public/js/script.js
Requested by: Host: www.marketplus.in.th
URL: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.44.198.62 Bangkok, Thailand, ASN135161 (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., JP),
Reverse DNS: cpanel13wh.bkk1.cloud.z.com
Software: Apache /
Resource Hash: fe6254ddc5cc1cd7aab1b380d6d8f4c0e883e34832affe72519e63f1c5d87dd6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360

Response headers

ETag: "7c3-578803b901a80"
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1987
Keep-Alive: timeout=5, max=100
Date: Fri, 08 Nov 2024 08:10:52 GMT
Last-Modified: Thu, 18 Oct 2018 12:50:34 GMT
Content-Type: application/javascript
Server: Apache

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 274 KB
96 KB 273ms
122ms Script
application/javascript 172.217.16.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-VZW8ETLE0Z

Requested by

Host: www.marketplus.in.th
URL: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f200.1e100.net

Software

Google Tag Manager /

Resource Hash

65d89b69ccbb71825570af12e55ae1d8ac0a88a9ec0f16e6a97a145e07622d58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 08 Nov 2024 08:10:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 08 Nov 2024 08:10:53 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 97902
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 158 KB
53 KB 130ms
41ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.marketplus.in.th
URL: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

eac3aa0a7c3f08a27a399bca26fbb68bb4e8d368e7a6dcb5deb3ecb956e4c808

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/

Response headers

content-encoding: br
etag: 8451353366491331634
x-content-type-options: nosniff
expires: Fri, 08 Nov 2024 08:10:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 08 Nov 2024 08:10:53 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 53836
x-xss-protection: 0
server: cafe

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 282ms
30ms Stylesheet
text/css 142.250.185.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:400,700

Requested by

Host: www.marketplus.in.th
URL: https://www.marketplus.in.th/public/css/style-menu.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f10.1e100.net

Software

ESF /

Resource Hash

593cb6a99ee681518baa0300381b64e7831df168d763b0d756643372674b5cee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 08 Nov 2024 08:10:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 08 Nov 2024 08:10:53 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 08 Nov 2024 07:01:58 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 195 KB
71 KB 139ms
42ms Script
application/javascript 172.217.16.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NMW28DP

Requested by

Host: www.marketplus.in.th
URL: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f200.1e100.net

Software

Google Tag Manager /

Resource Hash

c46a243b29b8baabd0d050846f5b33f220729132c03af9ac26a6cad9dd4f0610

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Fri, 08 Nov 2024 08:10:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 08 Nov 2024 08:10:53 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Fri, 08 Nov 2024 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 71602
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
61 KB 218ms
80ms Script
application/x-javascript 157.240.252.13
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.marketplus.in.th
URL: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra3.fbcdn.net

Software

Resource Hash

6dba87f2bb4627686798df345a05d779c19b18fe0ab7366e2269786bc3251798

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-GVrzzSHN' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 08 Nov 2024 08:10:53 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-GVrzzSHN' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=23, mss=1232, tbw=4540, tp=11, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: /Zl0p08o+2z2kdUilDhWhpVEqWxSka5Nu8ae8o+16s/4r9DkAiTsyCIJD6q/WYFqLxoJYH/WmNyEMH8Wo4AXdw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62105
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H/1.1 200
OK bg.jpg
www.marketplus.in.th/public/images/iconetc/ 98 KB
99 KB 238ms
237ms Image
image/jpeg 163.44.198.62
GMO-Z-COM-TH GMO-...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.marketplus.in.th/public/images/iconetc/bg.jpg
Requested by: Host: www.marketplus.in.th
URL: https://www.marketplus.in.th/public/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.44.198.62 Bangkok, Thailand, ASN135161 (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., JP),
Reverse DNS: cpanel13wh.bkk1.cloud.z.com
Software: Apache /
Resource Hash: d7b2bb2d028d92c000a00d1d7aa0e513090897c11a1a33dbd2fec3cb09a27f40

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/public/css/style.css

Response headers

ETag: "1898b-578803bae9f00"
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 100747
Keep-Alive: timeout=5, max=99
Date: Fri, 08 Nov 2024 08:10:53 GMT
Last-Modified: Thu, 18 Oct 2018 12:50:36 GMT
Content-Type: image/jpeg
Server: Apache

GET
H3 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v29/ 37 KB
37 KB 131ms
21ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v29/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

fdc9964050bfa24c27a3c76c6791b3674292a5f352cbc83d7a4dc49595bc3fb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.marketplus.in.th
Referer: https://fonts.googleapis.com/

Response headers

age: 134132
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 18:55:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 18:55:21 GMT
last-modified: Wed, 06 Nov 2024 17:30:37 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 37828
x-xss-protection: 0
server: sffe

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202410310101/ 434 KB
144 KB 64ms
63ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202410310101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4036936041892181&plah=www.marketplus.in.th&bust=31088698

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

abbbb2502be3439ace6ce2474eff39c52471a487217817343f2bc4618d3e668d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/

Response headers

content-encoding: br
etag: 4145206805827102512
x-content-type-options: nosniff
expires: Fri, 08 Nov 2024 08:10:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 08 Nov 2024 08:10:53 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 147839
x-xss-protection: 0
server: cafe

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 274 KB
96 KB 86ms
80ms Script
application/javascript 172.217.16.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-VZW8ETLE0Z&l=dataLayer&cx=c&gtm=45He4b70za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NMW28DP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f200.1e100.net

Software

Google Tag Manager /

Resource Hash

36a0f19db23a364e6a780735602f53906fc7d16f13fa19c245af008bf30698fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 08 Nov 2024 08:10:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 08 Nov 2024 08:10:54 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 97947
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 104602453505992 Show response
connect.facebook.net/signals/config/ 68 KB
13 KB 192ms
191ms Script
application/x-javascript 157.240.252.13
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/104602453505992?v=2.9.176&r=stable&domain=www.marketplus.in.th&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra3.fbcdn.net

Software

Resource Hash

ad4322bb710f8e11bb3a7c8c78b157233d3f5fbabc7359da69b4db2bc88a8809

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-Wqgz3nMd' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 08 Nov 2024 08:10:54 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-Wqgz3nMd' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=33, rtx=0, c=73, mss=1232, tbw=70396, tp=67, tpl=0, uplat=137, ullat=0
pragma: public
x-fb-debug: klgVMUI8/vbfjQmoNtlCVlj/wk8pH3wfsSlSXXNcK4PlLWd7doNRNhLuWvMYo5+xnGgwFCF53KSksTeWXbRFrg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 429ms
35ms Fetch
text/plain 216.239.34.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-VZW8ETLE0Z&gtm=45je4b70v9114796677za200&_p=1731053453711&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629&cid=1297562897.1731053454&ul=nl-nl&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1731053454&sct=1&seg=0&dl=https%3A%2F%2Fwww.marketplus.in.th%2Fredirect.php%3Furl%3Dhttps%3A%2F%2Fcepheus-star-casino-app-409856.evsur.ru%2Faqq52e74422a75fb5e08360%2F52e74422a75fb5e08360&dt=Market%20Plus&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=3111
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VZW8ETLE0Z
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.marketplus.in.th
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 08 Nov 2024 08:10:54 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
558 B 373ms
31ms Ping
text/plain 142.251.168.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-VZW8ETLE0Z&cid=1297562897.1731053454&gtm=45je4b70v9114796677za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101823848~101925629
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VZW8ETLE0Z
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.168.156 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: wh-in-f156.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.marketplus.in.th
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 08 Nov 2024 08:10:54 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 ga-audiences
www.google.nl/ads/ 42 B
408 B 437ms
49ms Image
image/gif 142.250.185.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.nl/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-VZW8ETLE0Z&cid=1297562897.1731053454&gtm=45je4b70v9114796677za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101823848~101925629&tag_exp=101823848~101925629&z=1417721236

Requested by

Host: www.marketplus.in.th
URL: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 08 Nov 2024 08:10:54 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 180ms
21ms Image
text/plain 157.240.252.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=104602453505992&ev=PageView&dl=https%3A%2F%2Fwww.marketplus.in.th%2Fredirect.php%3Furl%3Dhttps%3A%2F%2Fcepheus-star-casino-app-409856.evsur.ru%2Faqq52e74422a75fb5e08360%2F52e74422a75fb5e08360&rl=&if=false&ts=1731053454559&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.2.1731053454557.254789882788252726&ler=empty&cdl=API_unavailable&it=1731053454138&coo=false&rqm=GET

Requested by

Host: www.marketplus.in.th
URL: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.252.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-fra3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=17, rtx=0, c=10, mss=1288, tbw=2899, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Fri, 08 Nov 2024 08:10:54 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 370ms
212ms Image
image/png 157.240.252.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=104602453505992&ev=PageView&dl=https%3A%2F%2Fwww.marketplus.in.th%2Fredirect.php%3Furl%3Dhttps%3A%2F%2Fcepheus-star-casino-app-409856.evsur.ru%2Faqq52e74422a75fb5e08360%2F52e74422a75fb5e08360&rl=&if=false&ts=1731053454559&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.2.1731053454557.254789882788252726&ler=empty&cdl=API_unavailable&it=1731053454138&coo=false&rqm=FGET

Requested by

Host: www.marketplus.in.th
URL: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.252.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-fra3.facebook.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7434817972867204791"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 08 Nov 2024 08:10:54 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: 8HGRthf1+v2CoX3yAWx5XtAMxeEU2WEyOnzAWgiG7qbt7AAFsUxIjuUR4qpW8V6ER6EBTaDz++mqKHKrdO0w3g==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7434817972867204791", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=18, rtx=0, c=10, mss=1288, tbw=3217, tp=-1, tpl=-1, uplat=182, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?0

GET
H3 200 zrt_lookup_fy2021.html
pagead2.googlesyndication.com/pagead/html/r20241106/r20190131/ Frame 9444 0
0 96ms
20ms Document
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/html/r20241106/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202410310101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4036936041892181&plah=www.marketplus.in.th&bust=31088698

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marketplus.in.th/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

age: 69405
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4134
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Nov 2024 12:54:09 GMT
etag: 4475648825157136472
expires: Thu, 21 Nov 2024 12:54:09 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads
pagead2.googlesyndication.com/pagead/ Frame 06CF 0
0 101ms
71ms Document
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-4036936041892181&output=html&adk=1812271804&adf=3025194257&abgtt=1&lmt=1731053454&plat=3%3A16%2C4%3A16%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.marketplus.in.th%2Fredirect.php%3Furl%3Dhttps%3A%2F%2Fcepheus-star-casino-app-409856.evsur.ru%2Faqq52e74422a75fb5e08360%2F52e74422a75fb5e08360&pra=5&wgl=1&aihb=0&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiict=1&aipaq=1&itsi=-1&aiombap=1&aiopts=1&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1731053453962&bpp=4&bdt=1563&idt=608&shv=r20241106&mjsv=m202410310101&ptt=9&saldr=aa&abxe=1&eoidce=1&nras=1&correlator=1345533234559&frm=20&pv=2&u_tz=60&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95344188%2C31088698%2C95335246%2C95345966&oid=2&pvsid=1368412055888606&tmod=939276454&uas=0&nvt=1&fsapi=1&fc=1920&brdim=1570%2C1170%2C1570%2C1170%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=1&uci=a!1&fsb=1&dtd=645

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marketplus.in.th/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Nov 2024 08:10:54 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

403

Primary Request ck.php Show response
www.bahiaja.com.br/revive/www/delivery/
Redirect Chain

https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360
https://www.bahiaja.com.br/revive/www/delivery/ck.php?ct=1&oaparams=2__bannerid=268__zoneid=4__cb=f9e03867f8__oadest=http://cepheus-star-casino-app-409856.evsur.ru/aqq136da66e12de48eeabf6/136da66e1...

520 B
591 B

609ms
103ms

Document
text/html

54.211.2.248
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bahiaja.com.br/revive/www/delivery/ck.php?ct=1&oaparams=2__bannerid=268__zoneid=4__cb=f9e03867f8__oadest=http://cepheus-star-casino-app-409856.evsur.ru/aqq136da66e12de48eeabf6/136da66e12de48eeabf6
Requested by: Host: www.marketplus.in.th
URL: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.211.2.248 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-211-2-248.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: 8b73b6ccd7091d6d9d23adaab2baae3c4abf6de06df8efdd03215ee9376fa035

Request headers

Referer: https://www.marketplus.in.th/redirect.php?url=https://cepheus-star-casino-app-409856.evsur.ru/aqq52e74422a75fb5e08360/52e74422a75fb5e08360
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

content-length: 520
content-type: text/html
date: Fri, 08 Nov 2024 08:10:55 GMT
server: awselb/2.0

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-transform
cf-cache-status: DYNAMIC
cf-ray: 8df416dd99ea0b66-AMS
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 08 Nov 2024 08:10:55 GMT
location: https://www.bahiaja.com.br/revive/www/delivery/ck.php?ct=1&oaparams=2__bannerid=268__zoneid=4__cb=f9e03867f8__oadest=http://cepheus-star-casino-app-409856.evsur.ru/aqq136da66e12de48eeabf6/136da66e12de48eeabf6
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KCilRjb5gnpUl8rXVbsb1WY5EwDQM9QTfo0La%2FR3mmS47Ly1bYI6wCBtasY32u6TF1Spr0kPfGGuCDEju%2BfGCylbpSxbv6wVVPlIFq0ZD%2B0HIob9uIeldJKq3aCnadbg5KihJONUucTfciZg20noPUTxtHlrbkONDO0%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=18033&sent=20&recv=17&lost=0&retrans=0&sent_bytes=6456&recv_bytes=6000&delivery_rate=6399&cwnd=12000&unsent_bytes=0&cid=1fde45535cfbdf6b&ts=6944&x=1" cfHdrFlush;dur=0

GET
H3 200 sodar
ep1.adtrafficquality.google/getconfig/ 17 KB
13 KB 104ms
37ms XHR
application/json 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20241106&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 12833
date: Fri, 08 Nov 2024 08:10:55 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 sodar2.js
ep2.adtrafficquality.google/sodar/ 18 KB
7 KB 170ms
59ms Script
text/javascript 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f97.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.marketplus.in.th/

Response headers

content-encoding: gzip
etag: "1727224258380615"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Fri, 08 Nov 2024 08:10:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 08 Nov 2024 08:10:55 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 6445
x-xss-protection: 0
server: sffe

GET
H2 200 runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame 0392 0
0 42ms
19ms Document
text/html 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f97.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marketplus.in.th/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 1563
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5005
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 08 Nov 2024 07:44:52 GMT
expires: Fri, 08 Nov 2024 08:34:52 GMT
last-modified: Mon, 23 Sep 2024 18:12:21 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 403 favicon.ico
www.bahiaja.com.br/ 520 B
590 B 111ms
110ms Other
text/html 54.211.2.248
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bahiaja.com.br/favicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.211.2.248 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-211-2-248.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: 8b73b6ccd7091d6d9d23adaab2baae3c4abf6de06df8efdd03215ee9376fa035

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bahiaja.com.br/revive/www/delivery/ck.php?ct=1&oaparams=2__bannerid=268__zoneid=4__cb=f9e03867f8__oadest=http://cepheus-star-casino-app-409856.evsur.ru/aqq136da66e12de48eeabf6/136da66e12de48eeabf6

Response headers

content-length: 520
date: Fri, 08 Nov 2024 08:10:56 GMT
content-type: text/html
server: awselb/2.0

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.marketplus.in.th/	1969-12-31 23:59:59	Name: PHPSESSID Value: 822b8ccgpd0sgts74gl13tntc3
.marketplus.in.th/	1970-01-21 10:26:53	Name: _ga Value: GA1.1.1297562897.1731053454
.marketplus.in.th/	1970-01-21 03:00:29	Name: _fbp Value: fb.2.1731053454557.254789882788252726
.marketplus.in.th/	1970-01-21 10:26:53	Name: _ga_VZW8ETLE0Z Value: GS1.1.1731053454.1.0.1731053455.59.0.0

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.bahiaja.com.br/revive/www/delivery/ck.php?ct=1&oaparams=2__bannerid=268__zoneid=4__cb=f9e03867f8__oadest=http://cepheus-star-casino-app-409856.evsur.ru/aqq136da66e12de48eeabf6/136da66e12de48eeabf6 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.bahiaja.com.br/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cepheus-star-casino-app-409856.evsur.ru
connect.facebook.net
ep1.adtrafficquality.google
ep2.adtrafficquality.google
fonts.googleapis.com
fonts.gstatic.com
pagead2.googlesyndication.com
region1.analytics.google.com
stats.g.doubleclick.net
www.bahiaja.com.br
www.barking-moonbat.com
www.facebook.com
www.google.nl
www.googletagmanager.com
www.marketplus.in.th
142.250.184.227
142.250.185.130
142.250.185.138
142.250.185.195
142.250.186.34
142.251.168.156
157.240.252.13
157.240.252.35
163.44.198.62
172.217.16.200
172.217.18.97
188.114.96.3
199.167.131.250
216.239.34.36
54.211.2.248
007ed16a615fd21818ecf956a1f137bcf4ba609dd1de62e55ab8496af1f9be74
11fe46a09d23150ac16ed44dcfdff983152d3c0d535cfc58b10dc0cb9d9d347d
2556b3a7903df0a90a3a95cdf7d74285785c83be62a3e5da562b64b3558267ec
36a0f19db23a364e6a780735602f53906fc7d16f13fa19c245af008bf30698fb
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
593cb6a99ee681518baa0300381b64e7831df168d763b0d756643372674b5cee
65d89b69ccbb71825570af12e55ae1d8ac0a88a9ec0f16e6a97a145e07622d58
6dba87f2bb4627686798df345a05d779c19b18fe0ab7366e2269786bc3251798
7c667d0fcf995a4b3d9a3b6ce0010d9dfada7a5520f7f3e141f853cb0e116f68
8b73b6ccd7091d6d9d23adaab2baae3c4abf6de06df8efdd03215ee9376fa035
a04896dc47a5d42c21105ca10428f4b182c57aff33af02971fdd284c94066556
abbbb2502be3439ace6ce2474eff39c52471a487217817343f2bc4618d3e668d
ad4322bb710f8e11bb3a7c8c78b157233d3f5fbabc7359da69b4db2bc88a8809
b1a74a67a3c9b8f5f36ba513bbef068bf51087f06b2af792382b4a7dcf548225
c46a243b29b8baabd0d050846f5b33f220729132c03af9ac26a6cad9dd4f0610
d7b2bb2d028d92c000a00d1d7aa0e513090897c11a1a33dbd2fec3cb09a27f40
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eac3aa0a7c3f08a27a399bca26fbb68bb4e8d368e7a6dcb5deb3ecb956e4c808
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fdc9964050bfa24c27a3c76c6791b3674292a5f352cbc83d7a4dc49595bc3fb1
fe6254ddc5cc1cd7aab1b380d6d8f4c0e883e34832affe72519e63f1c5d87dd6

www.bahiaja.com.br Open in urlscan Pro 54.211.2.248 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

32 Requests

100 %HTTPS

0 %IPv6

14 Domains

15 Subdomains

14 IPs

5 Countries

881 kBTransfer

1999 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.bahiaja.com.br Open in urlscan Pro
54.211.2.248 Public Scan

Screenshot
Live screenshot

Full Image

32
Requests

100 %
HTTPS

0 %
IPv6

14
Domains

15
Subdomains

14
IPs

5
Countries

881 kB
Transfer

1999 kB
Size

4
Cookies

32 HTTP transactions
0 data transactions