urlscan.io logo urlscan.io
SecurityTrails logo

www.itinforok.com Open in urlscan Pro
104.18.25.100  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.itinforok.com/game/triple_play_football.html
Effective URL: https://www.itinforok.com/game/triple_play_football.html
Submission: On August 20 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 7 domains to perform 44 HTTP transactions. The main IP is 104.18.25.100, located in and belongs to CLOUDFLARENET, US. The main domain is www.itinforok.com.
TLS certificate: Issued by WE1 on July 6th 2024. Valid for: 3 months.
This is the only time www.itinforok.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
14 104.18.25.100 13335 (CLOUDFLAR...)
2 151.101.65.229 54113 (FASTLY)
4 142.251.40.194 15169 (GOOGLE)
10 172.66.42.247 13335 (CLOUDFLAR...)
10 142.250.81.238 15169 (GOOGLE)
1 142.251.41.2 15169 (GOOGLE)
44 7
14    104.18.25.100 (None, )

ASN13335 (CLOUDFLARENET, US)
www.itinforok.com
2    151.101.65.229 (San Francisco, United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
4    142.251.40.194 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s38-in-f2.1e100.net
securepubads.g.doubleclick.net
10    172.66.42.247 (United States)

ASN13335 (CLOUDFLARENET, US)
gamein.heiheigame.com
10    142.250.81.238 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f14.1e100.net
fundingchoicesmessages.google.com
1    142.251.41.2 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s40-in-f2.1e100.net
pagead2.googlesyndication.com
Apex Domain
Subdomains		 Transfer
14 itinforok.com
www.itinforok.com
121 KB
10 google.com
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 662
76 KB
10 heiheigame.com
gamein.heiheigame.com
295 KB
4 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 280
205 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 410
9 KB
1 googlesyndication.com
4be162c810a29239400c7377968f3905.safeframe.googlesyndication.com Failed
pagead2.googlesyndication.com — Cisco Umbrella Rank: 157
76 B
0 adtrafficquality.google Failed
ep1.adtrafficquality.google Failed
44 7
Domain Requested by
14 www.itinforok.com www.itinforok.com
10 fundingchoicesmessages.google.com securepubads.g.doubleclick.net
10 gamein.heiheigame.com www.itinforok.com
4 securepubads.g.doubleclick.net www.itinforok.com
securepubads.g.doubleclick.net
2 cdn.jsdelivr.net www.itinforok.com
1 pagead2.googlesyndication.com
0 ep1.adtrafficquality.google Failed securepubads.g.doubleclick.net
0 4be162c810a29239400c7377968f3905.safeframe.googlesyndication.com Failed securepubads.g.doubleclick.net
44 8

This site contains no links.

Subject Issuer Validity Valid
itinforok.com
WE1		 2024-07-06 -
2024-10-04		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3		 2024-07-30 -
2025-08-31		 a year crt.sh
*.g.doubleclick.net
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
heiheigame.com
WE1		 2024-08-10 -
2024-11-08		 3 months crt.sh
*.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://www.itinforok.com/game/triple_play_football.html
Frame ID: A43E4EA177CA4DC040E7519F32AEA3A7
Requests: 41 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: 1F4E2381DF30BBA3176DD9870BA3D738
Requests: 1 HTTP requests in this frame

Frame: https://4be162c810a29239400c7377968f3905.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 1766839F03EDA402E159C99F962D8010
Requests: 1 HTTP requests in this frame

Frame: https://4be162c810a29239400c7377968f3905.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 7B5823A27B4562A51DA35CD50E61EB22
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Html5 Games - Triple Play Football

Page URL History Show full URLs

  1. http://www.itinforok.com/game/triple_play_football.html HTTP 307
    https://www.itinforok.com/game/triple_play_football.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • clipboard(?:-([\d.]+))?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • cookieconsent\.min\.js
Overall confidence: 100%
Detected patterns
  • swiper(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

44
Requests

93 %
HTTPS

0 %
IPv6

7
Domains

8
Subdomains

7
IPs

2
Countries

706 kB
Transfer

1507 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.itinforok.com/game/triple_play_football.html HTTP 307
    https://www.itinforok.com/game/triple_play_football.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

44 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request triple_play_football.html
www.itinforok.com/game/
Redirect Chain
  • http://www.itinforok.com/game/triple_play_football.html
  • https://www.itinforok.com/game/triple_play_football.html
13 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.25.100 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cca120fb134bf16b18af183325881c6a4c121e1581716433e1605f73180bda36

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=86400
cf-cache-status
HIT
cf-ray
8b60b834ab8936a4-YYZ
content-encoding
br
content-type
text/html; charset=utf-8
date
Tue, 20 Aug 2024 07:37:41 GMT
expires
Wed, 21 Aug 2024 07:37:41 GMT
last-modified
Mon, 19 Aug 2024 23:55:35 GMT
server
cloudflare
vary
Accept-Encoding

Redirect headers

Location
https://www.itinforok.com/game/triple_play_football.html
Non-Authoritative-Reason
HttpsUpgrades
public.css
www.itinforok.com/static/themes/gametemp-q7/assets/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/css/public.css
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.25.100 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dbafe77fe4ba49d10b50e2d35e37673260f6ef054512edf9ea9013532afa289a

Request headers

Referer
https://www.itinforok.com/game/triple_play_football.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:42 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Wed, 01 Jun 2022 10:30:44 GMT
server
cloudflare
age
53781
cf-polished
origSize=4154
etag
W/"62973fd4-103a"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=86400
cf-ray
8b60b8358bd136a4-YYZ
alt-svc
h3=":443"; ma=86400
expires
Wed, 21 Aug 2024 07:37:42 GMT
swiper.min.css
www.itinforok.com/static/themes/gametemp-q7/assets/css/ 		19 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/css/swiper.min.css
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.25.100 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c207e653a1b44030d371cae76dbc884cfa7d6936525798d06be58b4cf45a9a5a

Request headers

Referer
https://www.itinforok.com/game/triple_play_football.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:42 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 03 Aug 2020 06:20:52 GMT
server
cloudflare
age
53781
etag
W/"5f27acc4-4d4d"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=86400
cf-ray
8b60b8358bd336a4-YYZ
alt-svc
h3=":443"; ma=86400
expires
Wed, 21 Aug 2024 07:37:42 GMT
iconfont.js
www.itinforok.com/static/themes/gametemp-q7/assets/font/ 		52 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/font/iconfont.js
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.25.100 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10bb72b14e202fffb0eb6dfb7fae8a91fc9c9c4f52429f2a3a281503454ad566

Request headers

Referer
https://www.itinforok.com/game/triple_play_football.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:42 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Thu, 14 Nov 2019 09:41:52 GMT
server
cloudflare
age
53781
etag
W/"5dcd2160-ce10"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
cf-ray
8b60b8359bd436a4-YYZ
alt-svc
h3=":443"; ma=86400
expires
Wed, 21 Aug 2024 07:37:42 GMT
swiper.min.js
www.itinforok.com/static/themes/gametemp-q7/assets/js/ 		125 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/js/swiper.min.js
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.25.100 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ebd5d7878133be396f3f8338dafd4dd18e9147c49281573d431bda4a41600e5e

Request headers

Referer
https://www.itinforok.com/game/triple_play_football.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:42 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 03 Aug 2020 06:20:52 GMT
server
cloudflare
age
53781
etag
W/"5f27acc4-1f3cb"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
cf-ray
8b60b8359bd536a4-YYZ
alt-svc
h3=":443"; ma=86400
expires
Wed, 21 Aug 2024 07:37:42 GMT
lazyload.min.js
www.itinforok.com/static/themes/gametemp-q7/assets/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/js/lazyload.min.js
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.25.100 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b3baa10ac55f4eece0c7e666eaddd51872b8ce9273671626bcccec8f86ead78

Request headers

Referer
https://www.itinforok.com/game/triple_play_football.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:42 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
cloudflare
age
53781
etag
W/"1dc09d84-8a2"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
cf-ray
8b60b8359bd636a4-YYZ
alt-svc
h3=":443"; ma=86400
expires
Wed, 21 Aug 2024 07:37:42 GMT
clipboard.js
www.itinforok.com/static/themes/gametemp-q7/assets/js/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/js/clipboard.js
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.25.100 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7a10a5cf1574ff5efbe38630ff3bd4fbf6fbc4a587393ff7cf3f7bbb985dc03

Request headers

Referer
https://www.itinforok.com/game/triple_play_football.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:42 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Thu, 26 Sep 2019 07:58:28 GMT
server
cloudflare
age
53781
cf-polished
origSize=10759
etag
W/"5d8c6fa4-2a07"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
cf-ray
8b60b8359bd736a4-YYZ
alt-svc
h3=":443"; ma=86400
expires
Wed, 21 Aug 2024 07:37:42 GMT
fastclick.js
www.itinforok.com/static/themes/gametemp-q7/assets/js/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/js/fastclick.js
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.25.100 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fe6546296a0a64c38f102a952b0e3d2cef6f8b99dc4f162dbb2b8baad21b190

Request headers

Referer
https://www.itinforok.com/game/triple_play_football.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:42 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 26 Jan 2015 21:18:30 GMT
server
cloudflare
age
53781
cf-polished
origSize=25965
etag
W/"54c6af26-656d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
cf-ray
8b60b8359bd836a4-YYZ
alt-svc
h3=":443"; ma=86400
expires
Wed, 21 Aug 2024 07:37:42 GMT
jquery.min.js
www.itinforok.com/static/themes/gametemp-q7/assets/js/ 		82 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/js/jquery.min.js
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.25.100 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
333c29e8bc3e1ab7b66e03bec3f64469da990700b9ace77b36c0f37f2f3b30b5

Request headers

Referer
https://www.itinforok.com/game/triple_play_football.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:42 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 12 Mar 2021 02:48:12 GMT
server
cloudflare
age
53781
etag
W/"604ad66c-14988"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
cf-ray
8b60b8359bda36a4-YYZ
alt-svc
h3=":443"; ma=86400
expires
Wed, 21 Aug 2024 07:37:42 GMT
cookieconsent.min.css
cdn.jsdelivr.net/npm/cookieconsent@3/build/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.css
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cd0d0b6e50ff01ff2f3a9a70d7cfb66a7c6cb9acf7a566325568be6d3bd31fc4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 20 Aug 2024 07:37:45 GMT
x-content-type-options
nosniff
content-encoding
br
age
31626
x-jsd-version
3.1.1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
1363
x-served-by
cache-fra-eddf8230078-FRA, cache-yyz4546-YYZ
x-jsd-version-type
version
etag
W/"135e-3nthfC1sCV/yhiNebPZMMo2hpL8"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
detail.css
www.itinforok.com/static/themes/gametemp-q7/assets/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/css/detail.css
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.25.100 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34de5d6ff81c0ebe478dce8adfd2c34442ff53850c9fdc0b1eb3aac585cb0c77

Request headers

Referer
https://www.itinforok.com/game/triple_play_football.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:42 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Wed, 15 Apr 2020 03:36:56 GMT
server
cloudflare
age
53781
cf-polished
origSize=4406
etag
W/"5e968158-1136"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=86400
cf-ray
8b60b8359bdb36a4-YYZ
alt-svc
h3=":443"; ma=86400
expires
Wed, 21 Aug 2024 07:37:42 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		102 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
73ad580e27f74be376e5e8b41abfcdc8d1557b9ad003d27ca31ca1449bc3d6a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:45 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32552
x-xss-protection
0
server
cafe
etag
207 / 19955 / m202408150101 / config-hash: 16900804115967644429
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 20 Aug 2024 07:37:45 GMT
3598a818d835b6c8fa5713ff50a1d6fc.png
gamein.heiheigame.com/uploads/gamepic/20230628/ 		50 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20230628/3598a818d835b6c8fa5713ff50a1d6fc.png
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72b72a221a7a506f0ffc940ce6ed064e6b0389150ebc79c9f85a9f1e7bf96368

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:42 GMT
cf-cache-status
HIT
cf-polished
origFmt=png, origSize=56325
content-disposition
inline; filename="3598a818d835b6c8fa5713ff50a1d6fc.webp"
alt-svc
h3=":443"; ma=86400
content-length
51364
cf-bgj
imgq:85,h2pri
last-modified
Wed, 28 Jun 2023 05:58:56 GMT
server
cloudflare
etag
"649bcc20-dc05"
vary
Accept
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
8b60b835dbbfab2d-YYZ
access-control-allow-headers
X-Requested-With
expires
Fri, 20 Sep 2024 07:37:42 GMT
5.png
www.itinforok.com/static/themes/gametemp-q7/assets/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/img/5.png
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.25.100 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7aae1d24d24692b1d2fde2bc323b385e8c694b2b77d8f482de30112e4948ca8

Request headers

Referer
https://www.itinforok.com/game/triple_play_football.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:42 GMT
cf-cache-status
HIT
cf-polished
origFmt=png, origSize=2477
content-disposition
inline; filename="5.webp"
alt-svc
h3=":443"; ma=86400
content-length
1088
cf-bgj
imgq:85,h2pri
last-modified
Sat, 10 Aug 2019 13:25:36 GMT
server
cloudflare
etag
"5d4ec5d0-9ad"
vary
Accept
content-type
image/webp
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
8b60b8359bdc36a4-YYZ
expires
Thu, 19 Sep 2024 07:37:42 GMT
dc48a2b4f8bef75e4ca878024997ce84.jpeg
gamein.heiheigame.com/uploads/gamepic/20230531/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20230531/dc48a2b4f8bef75e4ca878024997ce84.jpeg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e78b7de5b4f43d571dc1e028e1efd80da8ac296936dbe67e38e9f145d58895cc

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:42 GMT
cf-cache-status
HIT
age
53780
cf-polished
qual=85, origFmt=jpeg, origSize=24037
content-disposition
inline; filename="dc48a2b4f8bef75e4ca878024997ce84.webp"
alt-svc
h3=":443"; ma=86400
content-length
21064
cf-bgj
imgq:85,h2pri
last-modified
Wed, 31 May 2023 09:38:44 GMT
server
cloudflare
etag
"647715a4-5de5"
vary
Accept
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
8b60b8362bd7ab2d-YYZ
access-control-allow-headers
X-Requested-With
expires
Fri, 20 Sep 2024 07:37:42 GMT
251cd622605b0259d9ec688f4ad4cfd9.jpg
gamein.heiheigame.com/uploads/gamepic/20231204/ 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20231204/251cd622605b0259d9ec688f4ad4cfd9.jpg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d1519c81672a3153de33561c33af8843344b1469f333b41acff7616f2c8b101

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:42 GMT
cf-cache-status
HIT
cf-polished
qual=85, origFmt=jpeg, origSize=84794
content-disposition
inline; filename="251cd622605b0259d9ec688f4ad4cfd9.webp"
alt-svc
h3=":443"; ma=86400
content-length
36236
cf-bgj
imgq:85,h2pri
last-modified
Mon, 04 Dec 2023 08:13:32 GMT
server
cloudflare
etag
"656d8a2c-14b3a"
vary
Accept
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
8b60b8369c08ab2d-YYZ
access-control-allow-headers
X-Requested-With
expires
Fri, 20 Sep 2024 07:37:42 GMT
fc6f13f8f44e08c4d40a5bbc6cd4a2e0.jpeg
gamein.heiheigame.com/uploads/gamepic/20230524/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20230524/fc6f13f8f44e08c4d40a5bbc6cd4a2e0.jpeg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68022e39ccce8d650e0f06a1c2e0aa02cf90f519be8ac30a6236e9b10394b785

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:42 GMT
cf-cache-status
HIT
age
53780
cf-polished
qual=85, origFmt=jpeg, origSize=34088
content-disposition
inline; filename="fc6f13f8f44e08c4d40a5bbc6cd4a2e0.webp"
alt-svc
h3=":443"; ma=86400
content-length
18250
cf-bgj
imgq:85,h2pri
last-modified
Wed, 24 May 2023 03:26:42 GMT
server
cloudflare
etag
"646d83f2-8528"
vary
Accept
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
8b60b8369c09ab2d-YYZ
access-control-allow-headers
X-Requested-With
expires
Fri, 20 Sep 2024 07:37:42 GMT
478b9eb07040add302fed89963e01e05.jpeg
gamein.heiheigame.com/uploads/gamepic/20230529/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20230529/478b9eb07040add302fed89963e01e05.jpeg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
144ac09e21289431a67485f13f3831b159be212e97477c4d045a2b1122293fe2

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:45 GMT
cf-cache-status
HIT
age
53783
cf-polished
qual=85, origFmt=jpeg, origSize=22963
content-disposition
inline; filename="478b9eb07040add302fed89963e01e05.webp"
alt-svc
h3=":443"; ma=86400
content-length
8724
cf-bgj
imgq:85,h2pri
last-modified
Mon, 29 May 2023 03:48:11 GMT
server
cloudflare
etag
"6474207b-59b3"
vary
Accept
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
8b60b8498ae8ab2d-YYZ
access-control-allow-headers
X-Requested-With
expires
Fri, 20 Sep 2024 07:37:45 GMT
0688ed21ccbe002fc6c6f7be927986cf.png
gamein.heiheigame.com/uploads/gamepic/20230619/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20230619/0688ed21ccbe002fc6c6f7be927986cf.png
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3569ece954db13321193f6142109c9f773001fd5bc23a796145fb98c9b07857d

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:45 GMT
cf-cache-status
HIT
cf-polished
origFmt=png, origSize=19231
content-disposition
inline; filename="0688ed21ccbe002fc6c6f7be927986cf.webp"
alt-svc
h3=":443"; ma=86400
content-length
17774
cf-bgj
imgq:85,h2pri
last-modified
Mon, 19 Jun 2023 06:22:31 GMT
server
cloudflare
etag
"648ff427-4b1f"
vary
Accept
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
8b60b8498ae9ab2d-YYZ
access-control-allow-headers
X-Requested-With
expires
Fri, 20 Sep 2024 07:37:45 GMT
4eb2eaddfbcbfcf85832bc093956a28a.jpg
gamein.heiheigame.com/uploads/gamepic/20231114/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20231114/4eb2eaddfbcbfcf85832bc093956a28a.jpg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d468416286967f7cb444197dd85dfed719817db7a993e8ad4814a4ca7775ba0

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:45 GMT
cf-cache-status
HIT
cf-polished
origSize=34859, status=webp_bigger
alt-svc
h3=":443"; ma=86400
content-length
34851
cf-bgj
imgq:85,h2pri
last-modified
Tue, 14 Nov 2023 06:39:33 GMT
server
cloudflare
etag
"65531625-882b"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
8b60b8498aeaab2d-YYZ
access-control-allow-headers
X-Requested-With
expires
Fri, 20 Sep 2024 07:37:45 GMT
4618a9e40faf615995b910b0254bd981.jpg
gamein.heiheigame.com/uploads/gamepic/20231123/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20231123/4618a9e40faf615995b910b0254bd981.jpg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d184746c6c6cba63ebbd93ecdbc2a2cf83175a442684377d69e713487588f44

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:45 GMT
cf-cache-status
HIT
cf-polished
qual=85, origFmt=jpeg, origSize=22924
content-disposition
inline; filename="4618a9e40faf615995b910b0254bd981.webp"
alt-svc
h3=":443"; ma=86400
content-length
16296
cf-bgj
imgq:85,h2pri
last-modified
Thu, 23 Nov 2023 08:57:17 GMT
server
cloudflare
etag
"655f13ed-598c"
vary
Accept
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
8b60b8498aebab2d-YYZ
access-control-allow-headers
X-Requested-With
expires
Fri, 20 Sep 2024 07:37:45 GMT
3728769485d6e132aac481ba7904ba9b.png
gamein.heiheigame.com/uploads/gamepic/20230606/ 		76 KB
77 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20230606/3728769485d6e132aac481ba7904ba9b.png
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2643c4a0a190626d118e2ffa7500ad7e000287803d9e5842dc0b7735450aa2a1

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:45 GMT
cf-cache-status
HIT
cf-polished
origFmt=png, origSize=80344
content-disposition
inline; filename="3728769485d6e132aac481ba7904ba9b.webp"
alt-svc
h3=":443"; ma=86400
content-length
78004
cf-bgj
imgq:85,h2pri
last-modified
Tue, 06 Jun 2023 10:19:02 GMT
server
cloudflare
etag
"647f0816-139d8"
vary
Accept
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
8b60b8498aecab2d-YYZ
access-control-allow-headers
X-Requested-With
expires
Fri, 20 Sep 2024 07:37:45 GMT
8917e02491300b87d5f4764ba4720f3a.jpg
gamein.heiheigame.com/uploads/gamepic/20240808/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20240808/8917e02491300b87d5f4764ba4720f3a.jpg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9db3c24d8858efa5e46b8bd9023a3f89165279995916469992dbea668f66ba70

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:45 GMT
cf-cache-status
HIT
age
53783
cf-polished
qual=85, origFmt=jpeg, origSize=16351
content-disposition
inline; filename="8917e02491300b87d5f4764ba4720f3a.webp"
alt-svc
h3=":443"; ma=86400
content-length
16304
cf-bgj
imgq:85,h2pri
last-modified
Thu, 08 Aug 2024 08:52:24 GMT
server
cloudflare
etag
"66b48748-3fdf"
vary
Accept
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
8b60b8498aedab2d-YYZ
access-control-allow-headers
X-Requested-With
expires
Fri, 20 Sep 2024 07:37:45 GMT
logo-mini.png
www.itinforok.com/static/themes/gametemp-q7/assets/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/img/logo-mini.png
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.25.100 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed32928001b662f8b75a5bd243d7d47f302cc1aebad177e4f8864b200e552e2c

Request headers

Referer
https://www.itinforok.com/game/triple_play_football.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:45 GMT
cf-cache-status
HIT
age
53783
cf-polished
origFmt=png, origSize=5653
content-disposition
inline; filename="logo-mini.webp"
alt-svc
h3=":443"; ma=86400
content-length
2260
cf-bgj
imgq:85,h2pri
last-modified
Sat, 10 Aug 2019 13:25:36 GMT
server
cloudflare
etag
"5d4ec5d0-1615"
vary
Accept
content-type
image/webp
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
8b60b84989f936a4-YYZ
expires
Thu, 19 Sep 2024 07:37:45 GMT
cookieconsent.min.js
cdn.jsdelivr.net/npm/cookieconsent@3/build/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/game/triple_play_football.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e55842a856a6d829feca3c3ad736c136b6c7549e9247274f78aa296259e06e24
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 20 Aug 2024 07:37:45 GMT
x-content-type-options
nosniff
content-encoding
br
age
43156
x-jsd-version
3.1.1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
7125
x-served-by
cache-fra-etou8220134-FRA, cache-yyz4546-YYZ
x-jsd-version-type
version
etag
W/"50d5-nLraS9YXyGxjjPLr3exyStWWkHs"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
iconfont.woff2
www.itinforok.com/static/themes/gametemp-q7/assets/font/ 		6 KB
6 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/font/iconfont.woff2
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/static/themes/gametemp-q7/assets/css/public.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.25.100 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78200390d6155fc70fa4469c1d49ed2a56375d426471f78c4ce6e1c629e7e84a

Request headers

Referer
https://www.itinforok.com/static/themes/gametemp-q7/assets/css/public.css
Origin
https://www.itinforok.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:45 GMT
cf-cache-status
HIT
last-modified
Thu, 14 Nov 2019 09:41:52 GMT
server
cloudflare
age
53783
etag
"5dcd2160-17a8"
vary
Accept-Encoding
content-type
font/woff2
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
8b60b84a2a3c36a4-YYZ
alt-svc
h3=":443"; ma=86400
content-length
6056
expires
Wed, 21 Aug 2024 07:37:45 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202408150101/ 		477 KB
149 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202408150101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
c8783c15855fdad3b79a8878f5cc9a1c048c5b55cfc65cc9de266b915e5ab81c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:36:26 GMT
content-encoding
br
x-content-type-options
nosniff
age
79
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
152053
x-xss-protection
0
server
cafe
etag
6480962962318068084
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Wed, 20 Aug 2025 07:36:26 GMT
22847393195
fundingchoicesmessages.google.com/i/ 		202 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/22847393195?ers=3
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202408150101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
ESF /
Resource Hash
51bee7b18e6ace1e19d47e66cc182dbd697a9855679951a76711c171a50ee9c3
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-iXbq7ZYWMVRfSaZJPacN2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:45 GMT
content-security-policy
script-src 'report-sample' 'nonce-iXbq7ZYWMVRfSaZJPacN2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStDikmLw15BiOO90h-k6EEt8fcmkBsRO6TNYA4DYp34GaxQQt948xzoZiJP-nWctAGJ3rYus_kC8JOIi64HEi6yGCpdY7YH4_rpLrM-BeO_HS6xHgViIh-Nk_8RtbAIPzu-7zKykkZRfGJ-cn1dSlJlUWpJflJacllqcWlSWWhRvZGBkYmBhaKFnYBRfYAAADKU-oQ"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUhjPCH3LkGZDcjYSeNpezU7P8h0iEQpN7lgHQfl8LQupFu9BePNBkG5AsYTREnKwBUKHd2uuN2pcrV92O_fozHp2w_mWI6_Uy6HcUbvMietxyRJRbEFedcMQoWzCc9Y3CIFW38dQ==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxUhjPCH3LkGZDcjYSeNpezU7P8h0iEQpN7lgHQfl8LQupFu9BePNBkG5AsYTREnKwBUKHd2uuN2pcrV92O_fozHp2w_mWI6_Uy6HcUbvMietxyRJRbEFedcMQoWzCc9Y3CIFW38dQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI0MTM5NDY2LDE2NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cuaXRpbmZvcm9rLmNvbS9nYW1lL3RyaXBsZV9wbGF5X2Zvb3RiYWxsLmh0bWwiLG51bGwsW1s4LCJPR0JobmRobThzayJdLFs5LCJlbi1VUyJdLFsyMiwidHJ1ZSJdLFsyMCwiW251bGwsbnVsbCxbMzEwODYxMzJdLG51bGwsOF0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.OGBhndhm8sk.es5.O/am=rGA/d=1/rs=AJlcJMzse410J7gj8iRCTUlpklD4-9qYsw/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
ESF /
Resource Hash
bdd90ad818010f88064b4a3ccafa25897f96091335772bb49be1bc203b5215b1
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-61cJiCOfsVWzYbD3HUkj6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:46 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-61cJiCOfsVWzYbD3HUkj6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjStDikmJw05BiOO90h-k6EEt8fcmkBsRO6TNYA4DYp34GaxQQt948xzoZiJP-nWctAGJ3rYus_kC8JOIi64HEi6yGCpdY7YH4_rpLrM-BeO_HS6xHgViIm-NU_8RtbAIPVqxKV9JIyi-MT87PKynKTCotyS9KS05LLU4tKkstijcyMDIxsDC00DMwii8wAAC6Mz3u"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame 1F4E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202408150101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
797
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000, stale-while-revalidate=3600
content-encoding
br
content-length
29261
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 20 Aug 2024 07:24:29 GMT
expires
Tue, 20 Aug 2024 08:14:29 GMT
last-modified
Mon, 19 Aug 2024 19:44:00 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		60 KB
25 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3998652479577724&correlator=1719889028819492&eid=44809527%2C31085738%2C31085376%2C31086136&output=ldjh&gdfp_req=1&vrg=202408150101&ptt=17&impl=fif&gdpr=0&iu_parts=22847393195%2Citinforok401h4%2Citinforok401h4-xq01&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1724139466213&lmt=1724111735&adxs=650&adys=242&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.itinforok.com%2Fgame%2Ftriple_play_football.html&vis=1&psz=1200x266&msz=300x250&fws=4&ohw=1200&topics=9&tps=9&htps=10&nt=1&psd=WzE0LG51bGwsbnVsbCwzXQ..&dlt=1724139461986&idt=3764&adks=843270165&frm=20&eoidce=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202408150101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
a0992ccf6523466d71009b33205dc922db3bfacb67d5786b6b753b4145d2cba4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:46 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25197
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.itinforok.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
4be162c810a29239400c7377968f3905.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1766 		0
0
AGSKWxVDcn_OUqyLktKdAhq1YwdGr04rpEX-E0jXNjztIgp74ovH2aCbOGAkFBUN5uskrguGd8hIl0bAL6dfmSCBrPpb_ptsZSLgWoC3gD-u2THww18IBBQK-ubEZIrlXpmgOA61T3LiOQ==
fundingchoicesmessages.google.com/f/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVDcn_OUqyLktKdAhq1YwdGr04rpEX-E0jXNjztIgp74ovH2aCbOGAkFBUN5uskrguGd8hIl0bAL6dfmSCBrPpb_ptsZSLgWoC3gD-u2THww18IBBQK-ubEZIrlXpmgOA61T3LiOQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI0MTM5NDY2LDI5NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vd3d3Lml0aW5mb3Jvay5jb20vZ2FtZS90cmlwbGVfcGxheV9mb290YmFsbC5odG1sIixudWxsLFtbOCwiT0dCaG5kaG04c2siXSxbOSwiZW4tVVMiXSxbMjIsInRydWUiXSxbMjAsIltudWxsLG51bGwsWzMxMDg2MTMyXSxudWxsLDhdIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.OGBhndhm8sk.es5.O/am=rGA/d=1/rs=AJlcJMzse410J7gj8iRCTUlpklD4-9qYsw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
ESF /
Resource Hash
8cddf9b0d70fdf9250488a47a87443d9bed9a64354ad45347965edcdc02996d6
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-zoCyU0_deVUgmm9cJNTkLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:46 GMT
content-security-policy
script-src 'report-sample' 'nonce-zoCyU0_deVUgmm9cJNTkLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjStDikmLw15BiOO90h-k6EEt8fcmkBsRO6TNYA4DYp34GaxQQt948xzoZiJP-nWctAGJ3rYus_kC8JOIi64HEi6yGCpdY7YH4_rpLrM-BeO_HS6xHgViIh-NU_8RtbAIv1lxdxKikkZRfGJ-cn1dSlJlUWpJflJacllqcWlSWWhRvZGBkYmBhaKFnYBRfYAAAA1E-aw"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
container.html
4be162c810a29239400c7377968f3905.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7B58 		0
0
adworks._ads_index_
fundingchoicesmessages.google.com/f/AGSKWxU0ILQZtlLk3mrsSkj91PQqIvad5GCBVaLvyCUo9fELYinqP4SnY-3Ovh5ynhWxASAHVGZx2DtqLRb41_C--i-YGnlC7_T2D5tPAvqCrc9d2dKAAZfoOi1fRexrrajp1AfO8FlCz7eaQuSa9K7138j0Q2vr1... 		54 B
109 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxU0ILQZtlLk3mrsSkj91PQqIvad5GCBVaLvyCUo9fELYinqP4SnY-3Ovh5ynhWxASAHVGZx2DtqLRb41_C--i-YGnlC7_T2D5tPAvqCrc9d2dKAAZfoOi1fRexrrajp1AfO8FlCz7eaQuSa9K7138j0Q2vr1I3PInNBBdzXJ_oZipJQ2ujBY6FGKX4Y/_/ad-overlay-/clickboothad./ad_configuration./adworks._ads_index_
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.OGBhndhm8sk.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMyOp-vQirou1oKwOBNFWlsi2tM_cQ/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
ESF /
Resource Hash
11feed80a0f97495e1c183f25c57879dd3a3725e4f33cfa451d5fcb237f76a5a
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-k1UNxBPNCLwLIrSr6_pdZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:47 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-k1UNxBPNCLwLIrSr6_pdZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjStDikmJw05BiOO90h-k6EEt8fcmkBsRO6TNYA4DYp34GaxQQt948xzoZiJP-nWctAGJ3rYus_kC8JOIi64HEi6yGCpdY7YH4_rpLrM-BeO_HS6xHgViIm-N0_8RtbAInVuzVUtJIyi-MT87PKynKTCotyS9KS05LLU4tKkstijcyMDIxsDC00DMwii8wAACvHD2t"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
osd.js
pagead2.googlesyndication.com/pagead/ 		61 B
76 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/osd.js?fcd=true
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.OGBhndhm8sk.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMyOp-vQirou1oKwOBNFWlsi2tM_cQ/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
c45c8b81ccfcbc08127b74787d1b5974078756233de947986c357e28ed8f13ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:22:51 GMT
content-encoding
br
x-content-type-options
nosniff
age
896
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51
x-xss-protection
0
server
cafe
etag
16023549773543154165
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Tue, 20 Aug 2024 08:22:51 GMT
AGSKWxWl1HRHaL0_wcYMd7gOereJvKgJ6CH1qgBCniC7RqJDpor1aUjanax3T0TPj31yRcMlL-TQRFdLMZot76Zr4jVNqs37tcAedurA32Z50AA0pGJ7a9bUiA9nyuYiAvWomu3GULXL0A==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWl1HRHaL0_wcYMd7gOereJvKgJ6CH1qgBCniC7RqJDpor1aUjanax3T0TPj31yRcMlL-TQRFdLMZot76Zr4jVNqs37tcAedurA32Z50AA0pGJ7a9bUiA9nyuYiAvWomu3GULXL0A==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.OGBhndhm8sk.es5.O/am=rGA/d=1/rs=AJlcJMzse410J7gj8iRCTUlpklD4-9qYsw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-hYqsvl3ihu_sMPk50I9pjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 20 Aug 2024 07:37:47 GMT
content-security-policy
script-src 'report-sample' 'nonce-hYqsvl3ihu_sMPk50I9pjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tDikmLw05BicEqfwRoCxO5aF1n9gXhJxEXWI4kXWfd-vMR6FIiFuDlO90_cxiYw43mzm5JLUn5hfHJ-XklqXoluYkqxLohdlJlUWpJfhMJOLQOpyMlPT8_MS483MjAyMbAwtNAzMI8vMAAAE7gtbg"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.itinforok.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWl1HRHaL0_wcYMd7gOereJvKgJ6CH1qgBCniC7RqJDpor1aUjanax3T0TPj31yRcMlL-TQRFdLMZot76Zr4jVNqs37tcAedurA32Z50AA0pGJ7a9bUiA9nyuYiAvWomu3GULXL0A==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWl1HRHaL0_wcYMd7gOereJvKgJ6CH1qgBCniC7RqJDpor1aUjanax3T0TPj31yRcMlL-TQRFdLMZot76Zr4jVNqs37tcAedurA32Z50AA0pGJ7a9bUiA9nyuYiAvWomu3GULXL0A==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.OGBhndhm8sk.es5.O/am=rGA/d=1/rs=AJlcJMzse410J7gj8iRCTUlpklD4-9qYsw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Z3F6PlCKCemRoyZMjaSRZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 20 Aug 2024 07:37:47 GMT
content-security-policy
script-src 'report-sample' 'nonce-Z3F6PlCKCemRoyZMjaSRZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tDikmII0pBicEqfwRoCxO5aF1n9gXhJxEXWI4kXWfd-vMR6FIiFuDlO90_cxiYw4cHXECWXpPzC-OT8vJLUvBLdxJRiXRC7KDOptCS_CIWdWgZSkZOfnp6Zlx5vZGBkYmBhaKFnYB5fYAAANTct4w"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.itinforok.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWl1HRHaL0_wcYMd7gOereJvKgJ6CH1qgBCniC7RqJDpor1aUjanax3T0TPj31yRcMlL-TQRFdLMZot76Zr4jVNqs37tcAedurA32Z50AA0pGJ7a9bUiA9nyuYiAvWomu3GULXL0A==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWl1HRHaL0_wcYMd7gOereJvKgJ6CH1qgBCniC7RqJDpor1aUjanax3T0TPj31yRcMlL-TQRFdLMZot76Zr4jVNqs37tcAedurA32Z50AA0pGJ7a9bUiA9nyuYiAvWomu3GULXL0A==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.OGBhndhm8sk.es5.O/am=rGA/d=1/rs=AJlcJMzse410J7gj8iRCTUlpklD4-9qYsw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-zF_3X0xSpxShARBc4zddow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 20 Aug 2024 07:37:47 GMT
content-security-policy
script-src 'report-sample' 'nonce-zF_3X0xSpxShARBc4zddow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tDikmJw0gDi9BmsIUDsrnWR1R-Il0RcZD2SeJF178dLrEeBWIib43T_xG1sAjsajkQruSTlF8Yn5-eVpOaV6CamFOuC2EWZSaUl-UUo7NQykIqc_PT0zLz0eCMDIxMDC0MLPQPz-AIDABIgLXE"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.itinforok.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWl1HRHaL0_wcYMd7gOereJvKgJ6CH1qgBCniC7RqJDpor1aUjanax3T0TPj31yRcMlL-TQRFdLMZot76Zr4jVNqs37tcAedurA32Z50AA0pGJ7a9bUiA9nyuYiAvWomu3GULXL0A==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWl1HRHaL0_wcYMd7gOereJvKgJ6CH1qgBCniC7RqJDpor1aUjanax3T0TPj31yRcMlL-TQRFdLMZot76Zr4jVNqs37tcAedurA32Z50AA0pGJ7a9bUiA9nyuYiAvWomu3GULXL0A==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.OGBhndhm8sk.es5.O/am=rGA/d=1/rs=AJlcJMzse410J7gj8iRCTUlpklD4-9qYsw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-8GIZ1631CGyvoPEeHR1r6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 20 Aug 2024 07:37:47 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-8GIZ1631CGyvoPEeHR1r6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tDikmLw05BicEqfwRoCxO5aF1n9gXhJxEXWI4kXWfd-vMR6FIiFuDlO90_cxiawYfvXGCWXpPzC-OT8vJLUvBLdxJRiXRC7KDOptCS_CIWdWgZSkZOfnp6Zlx5vZGBkYmBhaKFnYB5fYAAAMyIt3g"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.itinforok.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWKXEAnWVtJf1XCBA-KrUEMs6HIfaJj-ibp9q8Q6II300nWzZi0NOK1J2dsJ30eFB_fiE4qd7u-mYbOTfel5NAuVtd38bHP8A4caCCD5zA8HR7JKLY27onGBX2okhaJEkW-QcTBhQ==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxWKXEAnWVtJf1XCBA-KrUEMs6HIfaJj-ibp9q8Q6II300nWzZi0NOK1J2dsJ30eFB_fiE4qd7u-mYbOTfel5NAuVtd38bHP8A4caCCD5zA8HR7JKLY27onGBX2okhaJEkW-QcTBhQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI0MTM5NDY3LDE2MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cuaXRpbmZvcm9rLmNvbS9nYW1lL3RyaXBsZV9wbGF5X2Zvb3RiYWxsLmh0bWwiLG51bGwsW1s4LCJPR0JobmRobThzayJdLFs5LCJlbi1VUyJdLFsyMiwidHJ1ZSJdLFsyMCwiW251bGwsbnVsbCxbMzEwODYxMzJdLG51bGwsOF0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.OGBhndhm8sk.es5.O/am=rGA/d=1/rs=AJlcJMzse410J7gj8iRCTUlpklD4-9qYsw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
ESF /
Resource Hash
264af0972f80451834171c7e8b340812d299973b5488ddbab47e00272e17fc18
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-r9vfPfGA5gspRYE_xer36Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:47 GMT
content-security-policy
script-src 'report-sample' 'nonce-r9vfPfGA5gspRYE_xer36Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjytDikmJw0ZBiOHnrNtNFID7vdIfpOhBLfH3JpAbETukzWAOA2Kd-BmsUELfePMc6GYiT_p1nLQBid62LrP5AvCTiIuuBxIushgqXWO2B-P66S6zPgXjvx0usR4FYiJvjdP_EbWwCF6b_TlTSSMovjE_OzyspykwqLckvSktOSy1OLSpLLYo3MjAyMbAwtNAzMIovMAAAt99DJw"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxXDJEq6Eq4x8nXKgfW1pRLfwDL26hyo8LaTrYbMrictOZWuUf9orZImZHC3PYyBB_-_xmV2ejBhlSDzIFuYLp1bZ4ktOV8CY7O4_VS_NNGQ6ORUNABhFnqKXSeWm74xgSdCNgggbw==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXDJEq6Eq4x8nXKgfW1pRLfwDL26hyo8LaTrYbMrictOZWuUf9orZImZHC3PYyBB_-_xmV2ejBhlSDzIFuYLp1bZ4ktOV8CY7O4_VS_NNGQ6ORUNABhFnqKXSeWm74xgSdCNgggbw==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.OGBhndhm8sk.es5.O/am=rGA/d=1/rs=AJlcJMzse410J7gj8iRCTUlpklD4-9qYsw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-e4ywzP1w6tEeVRvXQDN0sQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 20 Aug 2024 07:37:47 GMT
content-security-policy
script-src 'report-sample' 'nonce-e4ywzP1w6tEeVRvXQDN0sQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tDikmJw0gDi9BmsIUDsrnWR1R-Il0RcZD2SeJF178dLrEeBWIiH43T_xG1sAjNWtbQwKrkk5RfGJ-fnlaTmlegmphTrgthFmUmlJflFKOzUMpCKnPz09My89HgjAyMTAwtDCz0D8_gCAwAjES1m"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.itinforok.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
sodar
ep1.adtrafficquality.google/getconfig/ 		0
0
favicon.png
www.itinforok.com/static/themes/gametemp-q7/assets/img/ 		2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/img/favicon.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.25.100 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed32928001b662f8b75a5bd243d7d47f302cc1aebad177e4f8864b200e552e2c

Request headers

Referer
https://www.itinforok.com/game/triple_play_football.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:37:49 GMT
cf-cache-status
HIT
age
53785
cf-polished
origFmt=png, origSize=5653
content-disposition
inline; filename="favicon.webp"
alt-svc
h3=":443"; ma=86400
content-length
2260
cf-bgj
imgq:85,h2pri
last-modified
Sat, 10 Aug 2019 13:25:36 GMT
server
cloudflare
etag
"5d4ec5d0-1615"
vary
Accept
content-type
image/webp
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
8b60b8627a9e36a4-YYZ
expires
Thu, 19 Sep 2024 07:37:49 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
4be162c810a29239400c7377968f3905.safeframe.googlesyndication.com
URL
https://4be162c810a29239400c7377968f3905.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Domain
4be162c810a29239400c7377968f3905.safeframe.googlesyndication.com
URL
https://4be162c810a29239400c7377968f3905.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Domain
ep1.adtrafficquality.google
URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202408150101&st=env

Verdicts & Comments Add Verdict or Comment

50 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 function| Swiper function| lazyload function| LazyLoad function| ClipboardJS function| FastClick function| $ function| jQuery object| googletag object| cookieconsent object| copyTip boolean| isClick string| copyText object| clipboard object| lazyLoadImg object| mySwiper object| intro object| faceBook object| twitter object| shareBtn object| shareMask object| shareClose function| hide object| ggeac object| google_tag_data object| google_js_reporting_queue object| google_reactive_ads_global_state object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef string| OGRkMzNjZGI4NjZhYzNjMmxvYWRlcl9qcw== string| OGRkMzNjZGI4NjZhYzNjMmNhY2hlZF9qcw== object| googlefc object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady object| google_tag_topics_state number| google_unique_id boolean| 71e68ecf-34fd-4f54-99c0-417f32737e94

5 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.itinforok.com/ Name: __gads
Value: ID=9966385f2c71db2a:T=1724139466:RT=1724139466:S=ALNI_MZwIKbqYgscJ9XbP2gJ_Bo8e6ihxA
.itinforok.com/ Name: __gpi
Value: UID=00000a4d3a7597a7:T=1724139466:RT=1724139466:S=ALNI_MbKntmm48ysw_wz_XAFYwxx7xUOoA
.itinforok.com/ Name: __eoi
Value: ID=d2c8f169a0e3c697:T=1724139466:RT=1724139466:S=AA-AfjYtaW1PFiGMkmKe6SEOsd7b
.itinforok.com/ Name: FCNEC
Value: %5B%5B%22AKsRol82bpWodB-9j-Tl18LSmhuq6f_gZdEnRyEQRXRoGQkpz4re6_RoW3t0omwZntThwlehYl5uXRAQS_WhprkDncXS1If6KPKisLQyQvXfC8P0ELJbJ_8boDPH6Ct1t2SbfBzHG4dCjf4S8odhYZ2oRUfVjrwDxA%3D%3D%22%5D%5D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4be162c810a29239400c7377968f3905.safeframe.googlesyndication.com
cdn.jsdelivr.net
ep1.adtrafficquality.google
fundingchoicesmessages.google.com
gamein.heiheigame.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
www.itinforok.com
4be162c810a29239400c7377968f3905.safeframe.googlesyndication.com
ep1.adtrafficquality.google
104.18.25.100
142.250.81.238
142.251.40.194
142.251.41.2
151.101.65.229
172.66.42.247
10bb72b14e202fffb0eb6dfb7fae8a91fc9c9c4f52429f2a3a281503454ad566
11feed80a0f97495e1c183f25c57879dd3a3725e4f33cfa451d5fcb237f76a5a
144ac09e21289431a67485f13f3831b159be212e97477c4d045a2b1122293fe2
1d1519c81672a3153de33561c33af8843344b1469f333b41acff7616f2c8b101
2643c4a0a190626d118e2ffa7500ad7e000287803d9e5842dc0b7735450aa2a1
264af0972f80451834171c7e8b340812d299973b5488ddbab47e00272e17fc18
333c29e8bc3e1ab7b66e03bec3f64469da990700b9ace77b36c0f37f2f3b30b5
34de5d6ff81c0ebe478dce8adfd2c34442ff53850c9fdc0b1eb3aac585cb0c77
3569ece954db13321193f6142109c9f773001fd5bc23a796145fb98c9b07857d
3fe6546296a0a64c38f102a952b0e3d2cef6f8b99dc4f162dbb2b8baad21b190
4d184746c6c6cba63ebbd93ecdbc2a2cf83175a442684377d69e713487588f44
51bee7b18e6ace1e19d47e66cc182dbd697a9855679951a76711c171a50ee9c3
5b3baa10ac55f4eece0c7e666eaddd51872b8ce9273671626bcccec8f86ead78
68022e39ccce8d650e0f06a1c2e0aa02cf90f519be8ac30a6236e9b10394b785
72b72a221a7a506f0ffc940ce6ed064e6b0389150ebc79c9f85a9f1e7bf96368
73ad580e27f74be376e5e8b41abfcdc8d1557b9ad003d27ca31ca1449bc3d6a7
78200390d6155fc70fa4469c1d49ed2a56375d426471f78c4ce6e1c629e7e84a
8cddf9b0d70fdf9250488a47a87443d9bed9a64354ad45347965edcdc02996d6
9d468416286967f7cb444197dd85dfed719817db7a993e8ad4814a4ca7775ba0
9db3c24d8858efa5e46b8bd9023a3f89165279995916469992dbea668f66ba70
a0992ccf6523466d71009b33205dc922db3bfacb67d5786b6b753b4145d2cba4
a7aae1d24d24692b1d2fde2bc323b385e8c694b2b77d8f482de30112e4948ca8
bdd90ad818010f88064b4a3ccafa25897f96091335772bb49be1bc203b5215b1
c207e653a1b44030d371cae76dbc884cfa7d6936525798d06be58b4cf45a9a5a
c45c8b81ccfcbc08127b74787d1b5974078756233de947986c357e28ed8f13ac
c7a10a5cf1574ff5efbe38630ff3bd4fbf6fbc4a587393ff7cf3f7bbb985dc03
c8783c15855fdad3b79a8878f5cc9a1c048c5b55cfc65cc9de266b915e5ab81c
cca120fb134bf16b18af183325881c6a4c121e1581716433e1605f73180bda36
cd0d0b6e50ff01ff2f3a9a70d7cfb66a7c6cb9acf7a566325568be6d3bd31fc4
dbafe77fe4ba49d10b50e2d35e37673260f6ef054512edf9ea9013532afa289a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e55842a856a6d829feca3c3ad736c136b6c7549e9247274f78aa296259e06e24
e78b7de5b4f43d571dc1e028e1efd80da8ac296936dbe67e38e9f145d58895cc
ebd5d7878133be396f3f8338dafd4dd18e9147c49281573d431bda4a41600e5e
ed32928001b662f8b75a5bd243d7d47f302cc1aebad177e4f8864b200e552e2c