df.dafapromo.com Open in urlscan Pro
2606:4700::6812:add Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://zypholuxa.com/cl/74343dcda8be6b1d?p1=wd35cdh204ihs1a33gvuhgjc
Effective URL:
https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34...
Submission: On August 16 via api (August 16th 2024, 12:31:54 pm UTC) from US — Scanned from US

Summary HTTP 50 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 15 IPs in 3 countries across 19 domains to perform 50 HTTP transactions. The main IP is 2606:4700::6812:add, located in United States and belongs to CLOUDFLARENET, US. The main domain is df.dafapromo.com. The Cisco Umbrella rank of the primary domain is 723483.
TLS certificate: Issued by E5 on June 18th 2024. Valid for: 3 months.

This is the only time df.dafapromo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3031::ac43:81a1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	2604:9e00:1:1... 2604:9e00:1:129::2:b1f	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
2 2	2606:4700:20:... 2606:4700:20::681a:7a0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	31.220.27.98 31.220.27.98	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1 1	2606:4700:303... 2606:4700:3035::6815:1a4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	2620:1ec:29:1... 2620:1ec:29:1::40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
19	2606:4700::68... 2606:4700::6812:add	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	157.185.170.144 157.185.170.144	54994 (ML-1432-5...) (ML-1432-54994)
2	2607:f8b0:400... 2607:f8b0:4006:80c::2008	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:808::200e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c19::9a	15169 (GOOGLE) (GOOGLE)
1	185.167.164.44 185.167.164.44	198622 (ADFORM) (ADFORM)
2	2606:4700::68... 2606:4700::6812:1f1b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a03:2880:f01... 2a03:2880:f012:10c:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2600:9000:24f... 2600:9000:24f0:8600:c:7d55:b3c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:303... 2606:4700:3037::6815:1154	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:303... 2606:4700:3032::6815:1429	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	68.67.160.186 68.67.160.186	29990 (ASN-APPNEX) (ASN-APPNEX)
8	2a03:2880:f11... 2a03:2880:f112:182:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 3	185.84.60.23 185.84.60.23	198622 (ADFORM) (ADFORM)
1	185.167.164.42 185.167.164.42	198622 (ADFORM) (ADFORM)
50	15

1 2606:4700:3031::ac43:81a1 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

zypholuxa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2604:9e00:1:129::2:b1f (United States) 2 redirects

ASN27257 (WEBAIR-INTERNET, US)

xml.ezmob.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:7a0 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

adsmain.o18.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.220.27.98 (Amsterdam, Netherlands) 1 redirects

ASN39572 (ADVANCEDHOSTERS-AS, NL)

vebalm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:1a4 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

zypholuxa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:29:1::40 (United States) 2 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

banners.dfbanners.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.netrefer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2606:4700::6812:add (United States)

ASN13335 (CLOUDFLARENET, US)

df.dafapromo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.185.170.144 (New York, United States)

ASN54994 (ML-1432-54994, CA)

cmkt.dafapromo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80c::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:808::200e (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c19::9a (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.167.164.44 (Denmark)

ASN198622 (ADFORM, DK)

s2.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:1f1b (United States)

ASN13335 (CLOUDFLARENET, US)

scripts.prdredir.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtg.prdredir.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:24f0:8600:c:7d55:b3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3037::6815:1154 (United States)

ASN13335 (CLOUDFLARENET, US)

adscool.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3032::6815:1429 (United States)

ASN13335 (CLOUDFLARENET, US)

rtgsystemsync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.67.160.186 (Colonia, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.84.60.23 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

asia.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
asia.seadform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.167.164.42 (Denmark)

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	dafapromo.com df.dafapromo.com — Cisco Umbrella Rank: 723483 cmkt.dafapromo.com — Cisco Umbrella Rank: 680055	1 MB
8	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	6 KB
5	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	89 KB
4	adform.net 1 redirects s2.adform.net — Cisco Umbrella Rank: 8814 asia.adform.net — Cisco Umbrella Rank: 60937 c1.adform.net — Cisco Umbrella Rank: 1001	34 KB
2	adnxs.com 1 redirects secure.adnxs.com — Cisco Umbrella Rank: 764	2 KB
2	rtgsystemsync.com rtgsystemsync.com	2 KB
2	adscool.net adscool.net — Cisco Umbrella Rank: 115140	3 KB
2	prdredir.com scripts.prdredir.com — Cisco Umbrella Rank: 59288 rtg.prdredir.com — Cisco Umbrella Rank: 99969	1 KB
2	google.com analytics.google.com — Cisco Umbrella Rank: 238
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	179 KB
2	o18.link 2 redirects adsmain.o18.link — Cisco Umbrella Rank: 554838	2 KB
2	ezmob.com 2 redirects xml.ezmob.com — Cisco Umbrella Rank: 119440	482 B
2	zypholuxa.com 2 redirects zypholuxa.com	2 KB
1	seadform.net asia.seadform.net — Cisco Umbrella Rank: 99516	466 B
1	matomo.cloud cdn.matomo.cloud — Cisco Umbrella Rank: 29612
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 252	245 B
1	netrefer.com 1 redirects api.netrefer.com	322 B
1	dfbanners.com 1 redirects banners.dfbanners.com — Cisco Umbrella Rank: 704098	249 B
1	vebalm.com 1 redirects vebalm.com	255 B
50	19

	Domain	Requested by
19	df.dafapromo.com	df.dafapromo.com
8	www.facebook.com
5	connect.facebook.net	df.dafapromo.com connect.facebook.net
2	asia.adform.net	1 redirects
2	secure.adnxs.com	1 redirects
2	rtgsystemsync.com	www.googletagmanager.com rtgsystemsync.com
2	adscool.net	df.dafapromo.com adscool.net
2	analytics.google.com	www.googletagmanager.com
2	www.googletagmanager.com	df.dafapromo.com www.googletagmanager.com
2	adsmain.o18.link	2 redirects
2	xml.ezmob.com	2 redirects
2	zypholuxa.com	2 redirects
1	asia.seadform.net
1	c1.adform.net	asia.adform.net
1	rtg.prdredir.com
1	cdn.matomo.cloud	df.dafapromo.com
1	scripts.prdredir.com	www.googletagmanager.com
1	s2.adform.net	df.dafapromo.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	cmkt.dafapromo.com	df.dafapromo.com
1	api.netrefer.com	1 redirects
1	banners.dfbanners.com	1 redirects
1	vebalm.com	1 redirects
50	23

This site contains links to these domains. Also see Links.

Domain
www.dafathaifan.com
www.cs-livechat.com
df011.com
df-play.com

Subject Issuer	Validity	Valid
df.dafapromo.com E5	`2024-06-18` - `2024-09-16`	3 months	crt.sh
support12.cdnetworks.net GlobalSign RSA OV SSL CA 2018	`2024-01-26` - `2025-02-16`	a year	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
track.adform.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-06` - `2024-09-19`	a year	crt.sh
prdredir.com WE1	`2024-06-24` - `2024-09-22`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-05-25` - `2024-08-23`	3 months	crt.sh
cdn.matomo.cloud Amazon RSA 2048 M03	`2023-10-27` - `2024-11-23`	a year	crt.sh
adscool.net WE1	`2024-06-19` - `2024-09-17`	3 months	crt.sh
rtgsystemsync.com WE1	`2024-07-05` - `2024-10-03`	3 months	crt.sh
*.seadform.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-23` - `2024-11-08`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
Frame ID: 9CABC2930F7BB0813E91B27EFC1A4656
Requests: 49 HTTP requests in this frame

Frame: https://c1.adform.net/imatch/pixels?bt=0&uid=7033661447522427642&agencyId=8910&advertiserId=2170253&src=tp&rnd=81435
Frame ID: CC875A6F7AABC2956A8330115C2F751A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ข้อเสนอสำหรับผู้เล่นใหม่

Page URL History Show full URLs

http://zypholuxa.com/cl/74343dcda8be6b1d?p1=wd35cdh204ihs1a33gvuhgjc HTTP 307
https://zypholuxa.com/cl/74343dcda8be6b1d?p1=wd35cdh204ihs1a33gvuhgjc HTTP 302
https://xml.ezmob.com/redirect?feed=539639&auth=oKiiko&subid={p2} HTTP 302
https://adsmain.o18.link/c?o=20948719&m=19836&a=563771&aff_click_id=&sub_aff_id=539639. HTTP 302
https://vebalm.com/t?h=waWQiOjEwMDE2NzksInNpZCI6MTAzMTQwNiwid2lkIjo1OTQzMTAsInNyYyI6Mn0=eyJ&si1... HTTP 302
https://oeraky.com/great?h=waWQiOjEwMDE2NzksInNpZCI6MTAzMTQwNiwid2lkIjo1OTQzMTAsInNyYyI6Mn0=eyJ... HTTP 307
http://zypholuxa.com/cl/74343dcda8be6b1d?p1=wd35cdh204ihs1a33gvuhgjc HTTP 302
https://xml.ezmob.com/redirect?feed=539639&auth=oKiiko&subid={p2} HTTP 302
https://adsmain.o18.link/c?o=20948719&m=19836&a=563771&aff_click_id=&sub_aff_id=539639. HTTP 302
https://banners.dfbanners.com/redirect.aspx?pid=70866&lpid=2572&bid=19418&clickid=D-20948719-1723811494-34... HTTP 307
https://api.netrefer.com/tracking-click/v2/click?pid=70866&lpid=2572&bid=19418&clickid=D-20948719-172... HTTP 307
https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20... Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

50
Requests

96 %
HTTPS

71 %
IPv6

19
Domains

23
Subdomains

15
IPs

3
Countries

1804 kB
Transfer

2558 kB
Size

83
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.dafathaifan.com/th?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418

Search URL Search Domain Scan URL

URL: https://www.dafathaifan.com/th/join/sports-df?regvia=22&btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
Title: คลิกสมัคร

Search URL Search Domain Scan URL

URL: https://www.cs-livechat.com/ccaas/v1/th/mc-desktop?brand=Dafa&height=760&width=360&title=avayaChatWindow&product=Dafabet&btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418

Search URL Search Domain Scan URL

URL: https://df011.com/gjdycl?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418

Search URL Search Domain Scan URL

URL: https://df011.com/gjduj3?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418

Search URL Search Domain Scan URL

URL: https://df-play.com/gjdke5?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://zypholuxa.com/cl/74343dcda8be6b1d?p1=wd35cdh204ihs1a33gvuhgjc HTTP 307
https://zypholuxa.com/cl/74343dcda8be6b1d?p1=wd35cdh204ihs1a33gvuhgjc HTTP 302
https://xml.ezmob.com/redirect?feed=539639&auth=oKiiko&subid={p2} HTTP 302
https://adsmain.o18.link/c?o=20948719&m=19836&a=563771&aff_click_id=&sub_aff_id=539639. HTTP 302
https://vebalm.com/t?h=waWQiOjEwMDE2NzksInNpZCI6MTAzMTQwNiwid2lkIjo1OTQzMTAsInNyYyI6Mn0=eyJ&si1=539639.&si2=&click_id=D-20948719-1723811492-34G172G129G2-LKPWU8375 HTTP 302
https://oeraky.com/great?h=waWQiOjEwMDE2NzksInNpZCI6MTAzMTQwNiwid2lkIjo1OTQzMTAsInNyYyI6Mn0=eyJ&si1=539639.&si2=&click_id=D-20948719-1723811492-34G172G129G2-LKPWU8375 HTTP 307
http://zypholuxa.com/cl/74343dcda8be6b1d?p1=wd35cdh204ihs1a33gvuhgjc HTTP 302
https://xml.ezmob.com/redirect?feed=539639&auth=oKiiko&subid={p2} HTTP 302
https://adsmain.o18.link/c?o=20948719&m=19836&a=563771&aff_click_id=&sub_aff_id=539639. HTTP 302
https://banners.dfbanners.com/redirect.aspx?pid=70866&lpid=2572&bid=19418&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838 HTTP 307
https://api.netrefer.com/tracking-click/v2/click?pid=70866&lpid=2572&bid=19418&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&host_url=banners.dfbanners.com HTTP 307
https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28

https://secure.adnxs.com/seg?t=2&add=38057823&gtmcb=665493192 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D38057823%26gtmcb%3D665493192

Request Chain 45

https://asia.adform.net/Serving/TrackPoint/?pm=3095779&ADFPageName=Dafabet%20All%20Pages&ADFdivider=%7C&ord=752887335016&ADFtpmode=2&loc=https%3A%2F%2Fdf.dafapromo.com%2Fsprt%2Fth%2Findex.html%3Fbtag%3D688399_5732390a80f842c791b4416b35d0e4ae%26clickid%3DD-20948719-1723811494-34G172G129G2-MOLJN5838%26utm_source%3D688399%26utm_medium%3D70866%26utm_campaign%3D19418&Set1=en-US%7Cen-US%7C1600x1200%7C24 HTTP 302
https://asia.adform.net/Serving/TrackPoint/?CC=1&pm=3095779&ADFPageName=Dafabet%20All%20Pages&ADFdivider=%7C&ord=752887335016&ADFtpmode=2&loc=https%3A%2F%2Fdf.dafapromo.com%2Fsprt%2Fth%2Findex.html%3Fbtag%3D688399_5732390a80f842c791b4416b35d0e4ae%26clickid%3DD-20948719-1723811494-34G172G129G2-MOLJN5838%26utm_source%3D688399%26utm_medium%3D70866%26utm_campaign%3D19418&Set1=en-US%7Cen-US%7C1600x1200%7C24

50 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request index.html Show response
df.dafapromo.com/sprt/th/
Redirect Chain

http://zypholuxa.com/cl/74343dcda8be6b1d?p1=wd35cdh204ihs1a33gvuhgjc
https://zypholuxa.com/cl/74343dcda8be6b1d?p1=wd35cdh204ihs1a33gvuhgjc
https://xml.ezmob.com/redirect?feed=539639&auth=oKiiko&subid={p2}
https://adsmain.o18.link/c?o=20948719&m=19836&a=563771&aff_click_id=&sub_aff_id=539639.
https://vebalm.com/t?h=waWQiOjEwMDE2NzksInNpZCI6MTAzMTQwNiwid2lkIjo1OTQzMTAsInNyYyI6Mn0=eyJ&si1=539639.&si2=&click_id=D-20948719-1723811492-34G172G129G2-LKPWU8375
https://oeraky.com/great?h=waWQiOjEwMDE2NzksInNpZCI6MTAzMTQwNiwid2lkIjo1OTQzMTAsInNyYyI6Mn0=eyJ&si1=539639.&si2=&click_id=D-20948719-1723811492-34G172G129G2-LKPWU8375
http://zypholuxa.com/cl/74343dcda8be6b1d?p1=wd35cdh204ihs1a33gvuhgjc
https://xml.ezmob.com/redirect?feed=539639&auth=oKiiko&subid={p2}
https://adsmain.o18.link/c?o=20948719&m=19836&a=563771&aff_click_id=&sub_aff_id=539639.
https://banners.dfbanners.com/redirect.aspx?pid=70866&lpid=2572&bid=19418&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838
https://api.netrefer.com/tracking-click/v2/click?pid=70866&lpid=2572&bid=19418&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&host_url=banners.dfbanners.com
https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418

5 KB
2 KB

717ms
448ms

Document
text/html

2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6eae4fbf7c734a84c8ec7ff1a3cf805ec07b8bf719cf01a4c02ad19b0722252c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
cache-control: public, immutable, max-age=900
cf-cache-status: MISS
cf-ray: 8b41713cfe82c346-EWR
content-encoding: br
content-md5: qCmZ8MCpGTYcsMMVB5vEFg==
content-type: text/html; charset=utf-8
date: Fri, 16 Aug 2024 12:31:36 GMT
etag: W/"0x8DCB6DD2AD6F386"
last-modified: Wed, 07 Aug 2024 12:33:40 GMT
server: cloudflare
vary: Accept-Encoding
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 5dbe4243-b01e-0004-73d8-ef9f05000000
x-ms-version: 2014-02-14

Redirect headers

content-length: 0
date: Fri, 16 Aug 2024 12:31:36 GMT
location: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
request-context: appId=cid-v1:c7517e34-236f-441a-b753-f0bd634a9ab0
x-azure-ref: 20240816T123135Z-179f6cc58c6drtmsbh3vrauym400000000pg00000000dvdh
x-cache: CONFIG_NOCACHE

GET
H2 200 style-all.min.css
df.dafapromo.com/sprt/th/ 9 KB
2 KB 56ms
54ms Stylesheet
text/css 2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://df.dafapromo.com/sprt/th/style-all.min.css
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 57347fb299ae4c93b48fe98156d59bd582d9771ee66345ec1d0cd040eab18f1e

Request headers

Referer: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 16 Aug 2024 12:31:37 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: ObLVH3CGPPBNvNM4ttf6QA==
age: 172571
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Wed, 07 Aug 2024 12:33:40 GMT
server: cloudflare
etag: W/"0x8DCB6DD2B43FD03"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 8f139213-501e-0023-30c6-e888c1000000
cache-control: public, immutable, max-age=900
x-ms-version: 2014-02-14
cf-ray: 8b417140898bc346-EWR

GET
H2 200 script-all.min.js Show response
df.dafapromo.com/sprt/th/ 85 KB
31 KB 57ms
55ms Script
application/javascript 2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://df.dafapromo.com/sprt/th/script-all.min.js
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c76d79a9584c1aaf56db4752f210bbed744bffe9669349c6780caff1adab614e

Request headers

Referer: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 16 Aug 2024 12:31:37 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: rgM8inu+WCpo41XEZifw0A==
age: 172571
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Wed, 07 Aug 2024 12:33:40 GMT
server: cloudflare
etag: W/"0x8DCB6DD2B3420DB"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: dee58032-b01e-0049-43c6-e850e9000000
cache-control: public, immutable, max-age=900
x-ms-version: 2014-02-14
cf-ray: 8b417140898ec346-EWR

GET
H2 200 tracking.js Show response
df.dafapromo.com/sprt/th/ 1 KB
760 B 55ms
53ms Script
application/javascript 2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://df.dafapromo.com/sprt/th/tracking.js
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8dccb315c0e3df90d138cb5db7c5d60cd58d1b43bee5688c290c5f54c9737ed9

Request headers

Referer: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 16 Aug 2024 12:31:37 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: IambWwVltBVxU/ptkVUb4g==
age: 172571
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Wed, 07 Aug 2024 12:33:41 GMT
server: cloudflare
etag: W/"0x8DCB6DD2B540032"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 4f8d620a-301e-0035-7ec6-e87e16000000
cache-control: public, immutable, max-age=900
x-ms-version: 2014-02-14
cf-ray: 8b417140898fc346-EWR

GET
H2 200 custom.js Show response
df.dafapromo.com/ 0
158 B 59ms
57ms Script
application/json 2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://df.dafapromo.com/custom.js
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 16 Aug 2024 12:31:37 GMT
cf-cache-status: HIT
content-md5: 1B2M2Y8AsgTpgAmY7PhCfg==
age: 143571
content-length: 0
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Wed, 07 Jun 2023 05:41:06 GMT
server: cloudflare
etag: "0x8DB6719C9F383FC"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: ce56ca8e-401e-0010-3970-75d76a000000
x-ms-version: 2014-02-14
accept-ranges: bytes
cf-ray: 8b4171408991c346-EWR

GET
H2 200 logo-dafabet.png
df.dafapromo.com/hf-tpl/ 3 KB
3 KB 60ms
59ms Image
image/png 2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://df.dafapromo.com/hf-tpl/logo-dafabet.png
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9c27d856300d6a4b796fb0edb53128da557104b22abf368b977cb73a8f9db84

Request headers

Referer: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 16 Aug 2024 12:31:37 GMT
cf-cache-status: HIT
content-md5: oq8t5DYqZIVDuueNEZZbuA==
age: 41735
content-length: 2660
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Fri, 27 Oct 2023 07:18:19 GMT
server: cloudflare
etag: "0x8DBD6BCE5B34B10"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 6a261ed4-601e-0075-18f3-9c792e000000
cache-control: public, max-age=900, immutable
x-ms-version: 2014-02-14
accept-ranges: bytes
cf-ray: 8b4171408992c346-EWR

GET
H2 200 sponsors-th.png
df.dafapromo.com/hf-tpl/sponsors/ 26 KB
26 KB 60ms
59ms Image
image/png 2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://df.dafapromo.com/hf-tpl/sponsors/sponsors-th.png
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41671bc52cc92393f5dd3093acab9e9587544824100ceef55cd101c82782532f

Request headers

Referer: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 16 Aug 2024 12:31:37 GMT
cf-cache-status: HIT
content-md5: aWBBTgx77NXDIm9QV4lUEw==
age: 9256
content-length: 26153
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Fri, 19 Jul 2024 09:27:56 GMT
server: cloudflare
etag: "0x8DCA7D512A0CD3C"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 015d8d26-601e-0038-2cbe-d9b6c2000000
cache-control: public, immutable, max-age=900
x-ms-version: 2014-02-14
accept-ranges: bytes
cf-ray: 8b4171408993c346-EWR

GET
H2 200 sponsors-mobile-th.png
df.dafapromo.com/hf-tpl/sponsors/ 29 KB
29 KB 35ms
32ms Image
image/png 2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://df.dafapromo.com/hf-tpl/sponsors/sponsors-mobile-th.png
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e8e0dc68787afa49c363e9541a9380af98156491036d23fe7d22561f3596f84

Request headers

Referer: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 16 Aug 2024 12:31:37 GMT
cf-cache-status: HIT
content-md5: YKfnT6j3tPXtWHsw5DRdlg==
age: 9656
content-length: 29323
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Fri, 19 Jul 2024 09:27:55 GMT
server: cloudflare
etag: "0x8DCA7D512515921"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 6cdb5521-001e-004c-5abe-d98232000000
cache-control: public, immutable, max-age=900
x-ms-version: 2014-02-14
accept-ranges: bytes
cf-ray: 8b41714109e6c346-EWR

GET
H2 200 chat-th.png
df.dafapromo.com/sprt/th/ 445 B
602 B 42ms
41ms Image
image/png 2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://df.dafapromo.com/sprt/th/chat-th.png
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7306be87c1671c8c9a54f0a35674edd96fb3f30cc0bca4e60d45d69242f7cf1c

Request headers

Referer: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 16 Aug 2024 12:31:37 GMT
cf-cache-status: HIT
content-md5: Hn2RfuUEuUtVX1z/Qns4gQ==
age: 172571
content-length: 445
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Wed, 07 Aug 2024 12:33:42 GMT
server: cloudflare
etag: "0x8DCB6DD2C25FE13"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 372daeca-101e-0040-0dc6-e8153a000000
cache-control: public, immutable, max-age=900
x-ms-version: 2014-02-14
accept-ranges: bytes
cf-ray: 8b41714109e7c346-EWR

GET
H2 200 email.png
df.dafapromo.com/sprt/th/ 322 B
629 B 35ms
33ms Image
image/png 2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://df.dafapromo.com/sprt/th/email.png
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd60620ebd4c1acc742e1d17eec7dd919c52b9240ea440c32306a2fb31f92fbc

Request headers

Referer: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 16 Aug 2024 12:31:47 GMT
cf-cache-status: HIT
content-md5: 1nkX0eZfNNjSUchoCpbqxg==
age: 172581
content-length: 322
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Wed, 07 Aug 2024 12:33:43 GMT
server: cloudflare
etag: "0x8DCB6DD2C832B70"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 10d1617c-b01e-0066-2ac6-e85d22000000
cache-control: public, immutable, max-age=900
x-ms-version: 2014-02-14
accept-ranges: bytes
cf-ray: 8b417184cff8c346-EWR

GET
H2 200 facebook.png
df.dafapromo.com/sprt/th/ 187 B
327 B 57ms
56ms Image
image/png 2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://df.dafapromo.com/sprt/th/facebook.png
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8532bc49fb52c469127d88c039f29e484f769eafa846c91773bd811b3cf9e21b

Request headers

Referer: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 16 Aug 2024 12:31:48 GMT
cf-cache-status: HIT
content-md5: 6U8N9/Tv49DC0Okv5WPVlg==
age: 172582
content-length: 187
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Wed, 07 Aug 2024 12:33:42 GMT
server: cloudflare
etag: "0x8DCB6DD2C331B86"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 3a5e820d-401e-0000-63c6-e81202000000
cache-control: public, immutable, max-age=900
x-ms-version: 2014-02-14
accept-ranges: bytes
cf-ray: 8b417184f80ac346-EWR

GET
H2 200 telegram.png
df.dafapromo.com/sprt/th/ 241 B
378 B 138ms
137ms Image
image/png 2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://df.dafapromo.com/sprt/th/telegram.png
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b004add6989d24b15d9a9a33a561050b3c01c2675c0ec70f58c9fe903cf4b14

Request headers

Referer: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 16 Aug 2024 12:31:48 GMT
cf-cache-status: HIT
content-md5: j9GgbP6LZy2Gl8MimSEtfA==
age: 172582
content-length: 241
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Wed, 07 Aug 2024 12:33:42 GMT
server: cloudflare
etag: "0x8DCB6DD2C4DF287"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 3b9b1b32-f01e-0077-4ec6-e8c796000000
cache-control: public, immutable, max-age=900
x-ms-version: 2014-02-14
accept-ranges: bytes
cf-ray: 8b417184f80cc346-EWR

GET
H2 200 line.png
df.dafapromo.com/sprt/th/ 493 B
635 B 139ms
138ms Image
image/png 2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://df.dafapromo.com/sprt/th/line.png
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e926f75ecd45f239ff43f819f9c1cf5c0cd6cf5f1a12a3455ab7c0f16fa654ca

Request headers

Referer: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 16 Aug 2024 12:31:48 GMT
cf-cache-status: HIT
content-md5: WJYe0qjlshymTsgDbIYCXw==
age: 172582
content-length: 493
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Wed, 07 Aug 2024 12:33:42 GMT
server: cloudflare
etag: "0x8DCB6DD2C40FC21"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: bd239f50-101e-0050-36c6-e8d052000000
cache-control: public, immutable, max-age=900
x-ms-version: 2014-02-14
accept-ranges: bytes
cf-ray: 8b417184f80dc346-EWR

GET
H2 200 tpl-script-min.js Show response
df.dafapromo.com/hf-tpl/ 2 KB
1 KB 264ms
263ms Script
application/javascript 2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://df.dafapromo.com/hf-tpl/tpl-script-min.js?v=1.0
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f7085d507dc0a6e7e5043de68b7a47ba8a8919ea1aa0d7af12359137c94eed9

Request headers

Referer: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 16 Aug 2024 12:31:48 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: npV4LpImkWKJ5i2efFivPg==
age: 118583
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Fri, 27 Oct 2023 07:18:20 GMT
server: cloudflare
etag: W/"0x8DBD6BCE6562A4B"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: d65af826-001e-003e-4478-75857d000000
cache-control: public, max-age=900, immutable
x-ms-version: 2014-02-14
cf-ray: 8b417184f806c346-EWR

GET
H/1.1 200
OK domain.json Show response
cmkt.dafapromo.com/ 581 B
930 B 10820ms
10627ms XHR
application/json 157.185.170.144
ML-1432-54994

General

Check archive.org

Show headers Download Go to

Full URL: https://cmkt.dafapromo.com/domain.json
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/tracking.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 157.185.170.144 New York, United States, ASN54994 (ML-1432-54994, CA),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 2fa4c59cc6e489fec39cfbe279191cc9d2d323a135977bf09688652bf4157bf0

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Fri, 16 Aug 2024 12:31:47 GMT
Content-Encoding: gzip
Via: 1.1 PSxjpSin1dj218:10 (W), 1.1 PSxgHK5dz198:2 (W), 1.1 PSmgdfDEN1rj88:1 (W), 1.1 PSmgnyNY3xb43:2 (W)
Last-Modified: Sat, 03 Aug 2024 07:24:35 GMT
Server: PWS/8.3.1.0.8
X-Ws-Request-Id: 66bf46a9_PSmgnyNY3vz41_41328-11762
Access-Control-Allow-Methods: PUT, GET, POST, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
X-Px: ms PSmgnyNY3xb43JFK,ms PSmgdfDEN1rj88DEN,ms PSxgHK5dz198HKG,ms PSxjpSin1dj218SIN(origin)
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Content-Length: 198

GET
H2 200 bg-main1.jpg
df.dafapromo.com/sprt/th/ 1 MB
1 MB 55ms
54ms Image
image/jpeg 2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://df.dafapromo.com/sprt/th/bg-main1.jpg
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/style-all.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fb302897b457c66a65b4d79a8f1b7d94e4efc2b82b73640139c09fdc1991764b

Request headers

Referer: https://df.dafapromo.com/sprt/th/style-all.min.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 16 Aug 2024 12:31:48 GMT
cf-cache-status: HIT
content-md5: CwHRl82Odgc/vNxvI9ra6g==
age: 172253
content-length: 1345944
x-ms-lease-state: available
x-ms-lease-status: unlocked
cf-bgj: h2pri
last-modified: Wed, 07 Aug 2024 12:33:44 GMT
server: cloudflare
etag: "0x8DCB6DD2D326441"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
x-ms-request-id: 926d3ed2-101e-0032-01c6-e81275000000
cache-control: public, immutable, max-age=900
x-ms-version: 2014-02-14
accept-ranges: bytes
cf-ray: 8b417184f80ec346-EWR

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 233 KB
78 KB 166ms
74ms Script
application/javascript 2607:f8b0:4006:80c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TQD7V7Q

Requested by

Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0e20dab11fd5f4c94ad7d8d8c09ed6bfdb3c4adb6eafb989dad03b87a607ef80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 12:31:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79011
x-xss-protection: 0
last-modified: Fri, 16 Aug 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Aug 2024 12:31:48 GMT

GET
H2 200 Aero.woff
df.dafapromo.com/sprt/th/ 19 KB
19 KB 224ms
224ms Font
application/font-woff 2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://df.dafapromo.com/sprt/th/Aero.woff
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/style-all.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e6d59fdd165ce307490775f1bdfc3c82fa0e2b30b7b236875c44d8ecd42b84fd

Request headers

Referer: https://df.dafapromo.com/sprt/th/style-all.min.css
Origin: https://df.dafapromo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 16 Aug 2024 12:31:48 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: Fi3ZtviLgIGMEXZZNVNDHg==
age: 172253
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Wed, 07 Aug 2024 12:33:40 GMT
server: cloudflare
etag: W/"0x8DCB6DD2AE744C7"
vary: Accept-Encoding
content-type: application/font-woff
access-control-allow-origin: *
x-ms-request-id: bd239f40-101e-0050-28c6-e8d052000000
cache-control: public, immutable, max-age=900
x-ms-version: 2014-02-14
cf-ray: 8b4171852830c346-EWR

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 305 KB
102 KB 64ms
62ms Script
application/javascript 2607:f8b0:4006:80c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S5WHEF6PM5&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TQD7V7Q

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0dcb14b08a8d4272410d31857bbd67b425c037760642820c4cf729c31293c823

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 12:31:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 103921
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 16 Aug 2024 12:31:48 GMT

GET
H2 200 tpl-style-min.css
df.dafapromo.com/hf-tpl/ 11 KB
3 KB 36ms
35ms Stylesheet
text/css 2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://df.dafapromo.com/hf-tpl/tpl-style-min.css?v=1.0
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/script-all.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d42978064228fdf02a63d92d482af34498333ad537fe2fd796f36b5cf5b95df0

Request headers

Referer: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 16 Aug 2024 12:31:48 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: 4SlYR08sKdJt3xYRaH4G3w==
age: 147138
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Fri, 27 Oct 2023 07:18:20 GMT
server: cloudflare
etag: W/"0x8DBD6BCE5ED3E74"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: e4028776-101e-0032-295f-751275000000
cache-control: public, max-age=900, immutable
x-ms-version: 2014-02-14
cf-ray: 8b4171869974c346-EWR

GET
H2 200 MyriadPro-Regular.woff
df.dafapromo.com/hf-tpl/ 51 KB
52 KB 39ms
38ms Font
application/font-woff 2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://df.dafapromo.com/hf-tpl/MyriadPro-Regular.woff
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/hf-tpl/tpl-style-min.css?v=1.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0cf260f72dcb15370f14821e61dffe9ed4f7db6ae928e25e761b5fa65d531652

Request headers

Referer: https://df.dafapromo.com/hf-tpl/tpl-style-min.css?v=1.0
Origin: https://df.dafapromo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 16 Aug 2024 12:31:48 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: ZP9jrYZ5ekhuHhmPWuHMcQ==
age: 452541
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Fri, 27 Oct 2023 07:18:20 GMT
server: cloudflare
etag: W/"0x8DBD6BCE5D32A88"
vary: Accept-Encoding
content-type: application/font-woff
access-control-allow-origin: *
x-ms-request-id: 4a558db7-501e-006e-7ac5-98472d000000
cache-control: public, max-age=900, immutable
x-ms-version: 2014-02-14
cf-ray: 8b417186e9c3c346-EWR

POST
H2 204 collect
analytics.google.com/g/ 0
0 176ms
75ms Fetch
text/plain 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-S5WHEF6PM5&gtm=45je48e0v890350493z8890334128za200zb890334128&_p=1723811507962&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1286851760.1723811508&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1723811508&sct=1&seg=0&dl=https%3A%2F%2Fdf.dafapromo.com%2Fsprt%2Fth%2Findex.html%3Fbtag%3D688399_5732390a80f842c791b4416b35d0e4ae%26clickid%3DD-20948719-1723811494-34G172G129G2-MOLJN5838%26utm_source%3D688399%26utm_medium%3D70866%26utm_campaign%3D19418&dt=%E0%B8%82%E0%B9%89%E0%B8%AD%E0%B9%80%E0%B8%AA%E0%B8%99%E0%B8%AD%E0%B8%AA%E0%B8%B3%E0%B8%AB%E0%B8%A3%E0%B8%B1%E0%B8%9A%E0%B8%9C%E0%B8%B9%E0%B9%89%E0%B9%80%E0%B8%A5%E0%B9%88%E0%B8%99%E0%B9%83%E0%B8%AB%E0%B8%A1%E0%B9%88&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=18075
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S5WHEF6PM5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Aug 2024 12:31:48 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://df.dafapromo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
245 B 124ms
44ms Ping
text/plain 2607:f8b0:4004:c19::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-S5WHEF6PM5&cid=1286851760.1723811508&gtm=45je48e0v890350493z8890334128za200zb890334128&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&tag_exp=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S5WHEF6PM5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c19::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Aug 2024 12:31:48 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://df.dafapromo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 trackpoint-async.js Show response
s2.adform.net/banners/scripts/st/ 80 KB
31 KB 331ms
28ms Script
application/javascript 185.167.164.44
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Requested by: Host: df.dafapromo.com
URL: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.167.164.44 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 8ddc6cbdb63a791bfc33f40d4b0a250a18e85e0ae93f72389ebda9242bef010d

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 12:31:48 GMT
content-encoding: gzip
last-modified: Fri, 08 Mar 2024 07:02:31 GMT
server: nginx
x-amz-request-id: tx000009b5c41859e34eda3-0066976dc2-329720ca-default
etag: W/"1c188eabf1f0749a0cffb2c108473370"
x-cache-status: HIT, HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 k_dafabet.js Show response
scripts.prdredir.com/scripts/ 2 KB
1 KB 160ms
71ms Script
text/javascript 2606:4700::6812:1f1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.prdredir.com/scripts/k_dafabet.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TQD7V7Q
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1f1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 448d305ad6e8d6b57c5e4d37afbf26c77bcf2c2548e1fe462772757ee6ccbbe1

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-runtime: 0.015629
date: Fri, 16 Aug 2024 12:31:48 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
etag: W/"448d305ad6e8d6b57c5e4d37afbf26c7"
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
cf-ray: 8b4171888cc77d08-EWR
x-request-id: a6bcf849-5a57-4e2c-8c90-27f5035f8f7f

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
60 KB 112ms
29ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 16 Aug 2024 12:31:48 GMT
document-policy: force-load-at-top
x-fb-server-load: 57
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58865
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=8, rtx=0, c=14, mss=1392, tbw=2790, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: HX+FfAiOzN54qnYVNnvplSaSBEpvXoVZwn11R3nc1JNB5ETtsXRTyoVWvUu4ble8OX6Pgstaax2uHT78lbIGcA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 404 container_iPEHBueP.js
cdn.matomo.cloud/blockchainads.matomo.cloud/ 0
0 482ms
388ms Script
text/html 2600:9000:24f0:8600:c:7d55:b3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.matomo.cloud/blockchainads.matomo.cloud/container_iPEHBueP.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f0:8600:c:7d55:b3c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 12:00:38 GMT
x-amz-version-id: x8CUW72Cdy4wRBv1lXTNc2XlWFvGGyiM
via: 1.1 1dd1e483fa41d512929f44790f141972.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000
x-amz-cf-pop: JFK50-P3
age: 1871
x-cache: Error from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
content-length: 0
last-modified: Thu, 02 Nov 2023 02:17:11 GMT
server: CloudFront
etag: "d41d8cd98f00b204e9800998ecf8427e"
content-type: text/html
accept-ranges: bytes
x-amz-cf-id: y9pviyzc-e0Xs2Ld3-KrtdjZanmTQuHY1Vp_VNTQAqAPNTHGs_5WTw==

GET
H2 200 wwdafabet.js Show response
adscool.net/resources/content/ 5 KB
3 KB 136ms
49ms Script
text/javascript 2606:4700:3037::6815:1154
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://adscool.net/resources/content/wwdafabet.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:1154 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee9fbd1433074584fcfcb86657af0c29339bd6644b87b656cdcb29788cda1bd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 12:31:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
status: 200 OK
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 911eca01-8113-46e3-8831-28daa91b34ee
x-runtime: 0.001151
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"ee9fbd1433074584fcfcb86657af0c29"
x-download-options: noopen
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MSLbN1aB4r75Nqk%2FBva0UOl7zZXMeNHuD8UTROEiHxMhhkmwr4Opkpq2tSVdznx5aEL8ZsevyXj%2FfcOQwGylYDnvVJpW2U7o%2FrDOAViqx0%2F1VN4ET8Fl1NV3e0Cifc1Bi0ZEt9DNU%2B4oDg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=604800, private
cf-ray: 8b4171888d4c8c1b-EWR

GET
H3 200 js Show response
rtgsystemsync.com/tag/ 2 KB
1 KB 136ms
55ms Script
text/javascript 2606:4700:3032::6815:1429
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rtgsystemsync.com/tag/js?rtid=AEH-1722891893963441
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TQD7V7Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1429 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d8b7618affc4d80078ebb51119d5e13a2d8cfb47c1fb434d91e79dd35a02c9c

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Aug 2024 12:31:48 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Blo%2FoP%2BtnxOus2apX3IK2rG1jb2QMl7xTZa6HfCGNJN3I7P%2FyNRgZf%2Friti%2FMvMTDSRg%2FqExDEtWRxSaaKkD5jmVL065fev6c6OKV85z1Z8TVdbcCd7PeEEzoCWrqGACx6Tgo4l1rbW8i%2BZDT4DN7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8b4171887e9e4319-EWR
alt-svc: h3=":443"; ma=86400
expires: 0

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?t=2&add=38057823&gtmcb=665493192
https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D38057823%26gtmcb%3D665493192

43 B
1 KB

65ms
65ms

Image
image/gif

68.67.160.186
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D38057823%26gtmcb%3D665493192

Protocol

Server

68.67.160.186 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Aug 2024 12:31:48 GMT
an-x-request-uuid: 1d0a3573-e1ba-46de-bf12-7a02d3155c5e
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 208.252.80.232; 208.252.80.232; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Aug 2024 12:31:48 GMT
an-x-request-uuid: 4ee82567-2e87-47fd-bc89-cf2745e8787d
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D38057823%26gtmcb%3D665493192
x-proxy-origin: 208.252.80.232; 208.252.80.232; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 favicon.ico
df.dafapromo.com/sprt/th/ 1 KB
899 B 40ms
39ms Other
image/x-icon 2606:4700::6812:add
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://df.dafapromo.com/sprt/th/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:add , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8fbacf4998ff7253c5fab185a6058959851c8f02d64f257ec5be076b41aa3a2

Request headers

Referer: https://df.dafapromo.com/sprt/th/index.html?btag=688399_5732390a80f842c791b4416b35d0e4ae&clickid=D-20948719-1723811494-34G172G129G2-MOLJN5838&utm_source=688399&utm_medium=70866&utm_campaign=19418
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 16 Aug 2024 12:31:48 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: VrHQHaIonjeNVlM3kS1Tqw==
age: 172128
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Wed, 07 Aug 2024 12:33:40 GMT
server: cloudflare
etag: W/"0x8DCB6DD2AFB17F6"
vary: Accept-Encoding
content-type: image/x-icon
access-control-allow-origin: *
x-ms-request-id: 5239169c-c01e-0021-5dc7-e83679000000
cache-control: public, immutable, max-age=900
x-ms-version: 2014-02-14
cf-ray: 8b417187faa5c346-EWR

GET
H2 200 1727308371340020 Show response
connect.facebook.net/signals/config/ 66 KB
14 KB 25ms
23ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1727308371340020?v=2.9.164&r=stable&domain=df.dafapromo.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

653a3307de44e859f63c1ee7698e0b00407ad465f59f311f5f7efaca157655ba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 16 Aug 2024 12:31:48 GMT
document-policy: force-load-at-top
x-fb-server-load: 30
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 14456
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=8, rtx=0, c=61, mss=1392, tbw=64372, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: XKhVBQrScqx/fxOE9auuSPjLmMQukb95wUzVU2VhDZHE+KzVCW/yzzFPLRrVa00lpmBsi7oX5rDETRKwFailRw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 wwdafabet Show response
adscool.net/pageview/ 0
366 B 42ms
39ms Script
text/javascript 2606:4700:3037::6815:1154
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://adscool.net/pageview/wwdafabet?usr=v1.3%3A15827708187%3A1723811508629%3A1723811508629&scr=1600x1200%7C1600x1200&scv=1600x1200%7C0&pgh=df.dafapromo.com&pgl=%2Fsprt%2Fth%2Findex.html&pgs=btag%3D688399_5732390a80f842c791b4416b35d0e4ae%26clickid%3DD-20948719-1723811494-34G172G129G2-MOLJN5838%26utm_source%3D688399%26utm_medium%3D70866%26utm_campaign%3D19418&pgr=

Requested by

Host: adscool.net
URL: https://adscool.net/resources/content/wwdafabet.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:1154 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 12:31:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
status: 200 OK
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 8a403eb2-6172-4a03-8e76-1e8a729f1c72
x-runtime: 0.005443
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-download-options: noopen
vary: Accept-Encoding,Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9dcVsryQmI2FBcbEdAbp%2FajdiR0hgDWloWJEj4UX6EiqvzS9mrH4SpY7OEALqX55qg2EQs4oJGu6DoyfzMgxYLoNrD7HkAFcFI2J319ZNYVqUlxrIF0tWwNocG9bA217A7s9Yh43oN9v8w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
cf-ray: 8b4171890e0c8c1b-EWR

GET
H2 200 sync
rtg.prdredir.com/ 43 B
432 B 66ms
51ms Image
image/gif 2606:4700::6812:1f1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtg.prdredir.com/sync?ref=&lp=https%3A%2F%2Fdf.dafapromo.com%2Fsprt%2Fth%2Findex.html%3Fbtag%3D688399_5732390a80f842c791b4416b35d0e4ae%26clickid%3DD-20948719-1723811494-34G172G129G2-MOLJN5838%26utm_source%3D688399%26utm_medium%3D70866%26utm_campaign%3D19418&sh=1200&sw=1600&date=1723811508631&fp=uid-6382201150.6556163511

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1f1b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 12:31:48 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-transfer-encoding: binary
content-disposition: inline; filename="pixel.gif"
content-length: 43
x-xss-protection: 1; mode=block
x-request-id: 28cf34d3-d3b0-4cf9-8a3d-dfc6cb352481
x-runtime: 0.001228
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache
cf-ray: 8b4171891d9f7d08-EWR

POST
H3 200 wmetrics
rtgsystemsync.com/ 0
418 B 40ms
39ms Ping
text/plain 2606:4700:3032::6815:1429
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rtgsystemsync.com/wmetrics?rtid=AEH-1722891893963441&fr=0&dr=&dl=https%3A%2F%2Fdf.dafapromo.com%2Fsprt%2Fth%2Findex.html%3Fbtag%3D688399_5732390a80f842c791b4416b35d0e4ae%26clickid%3DD-20948719-1723811494-34G172G129G2-MOLJN5838%26utm_source%3D688399%26utm_medium%3D70866%26utm_campaign%3D19418
Requested by: Host: rtgsystemsync.com
URL: https://rtgsystemsync.com/tag/js?rtid=AEH-1722891893963441
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1429 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 12:31:48 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g%2FRc7%2FPX25jUsje%2BFQ8RmDkAuEn4EPl0wyGITnJnZwLtmf2yt%2B2sGXE2fTDelBjCaxYI2PT9SNIOpVwVL5b9%2FOs8AxQ6YPwwcK9AQ8GXmGLrgzOzhlxp0BrPryVmVbfS8hX0bdh2ii%2B0khcaT40%2Bqg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 8b4171890f374319-EWR
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 1111248093529440 Show response
connect.facebook.net/signals/config/ 33 KB
7 KB 25ms
22ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1111248093529440?v=2.9.164&r=stable&domain=df.dafapromo.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C195%2C194%2C196%2C201%2C202%2C203%2C199%2C191%2C128%2C158%2C190%2C192%2C119%2C152%2C141%2C146%2C184%2C185%2C125%2C227%2C113%2C124%2C228%2C160%2C116%2C230%2C161%2C132%2C120%2C149%2C144

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ca856f4c5db01b4189e699b9f87f428016a2d3c53f007f46618edc1e65bba0f7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 16 Aug 2024 12:31:48 GMT
document-policy: force-load-at-top
x-fb-server-load: 35
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6235
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=8, rtx=0, c=75, mss=1392, tbw=79138, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: UaBOwSvOW4HA42Ki2MOey1d1R0s69dcfLCkvY6Rp+wjkHTBZai3WrPs/V5jH6Q73X7Z1AuMDJSCE/BKhWpPUSg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
273 B 120ms
45ms Image
text/plain 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?batch=1&events[0]=id%3D1727308371340020%26ev%3DPageView%26dl%3Dhttps%253A%252F%252Fdf.dafapromo.com%252Fsprt%252Fth%252Findex.html%253Fbtag%253D688399_5732390a80f842c791b4416b35d0e4ae%2526clickid%253DD-20948719-1723811494-34G172G129G2-MOLJN5838%2526utm_source%253D688399%2526utm_medium%253D70866%2526utm_campaign%253D19418%26rl%3D%26if%3Dfalse%26ts%3D1723811508680%26sw%3D1600%26sh%3D1200%26v%3D2.9.164%26r%3Dstable%26ec%3D0%26o%3D4126%26fbp%3Dfb.1.1723811508674.37464956684196916%26ler%3Dempty%26cdl%3DAPI_unavailable%26it%3D1723811508623%26coo%3Dfalse%26exp%3Df1&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=8, rtx=0, c=10, mss=1392, tbw=2834, tp=-1, tpl=-1, uplat=2, ullat=1
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 16 Aug 2024 12:31:48 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
849 B 178ms
104ms Image
image/png 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1727308371340020&ev=PageView&dl=https%3A%2F%2Fdf.dafapromo.com%2Fsprt%2Fth%2Findex.html%3Fbtag%3D688399_5732390a80f842c791b4416b35d0e4ae%26clickid%3DD-20948719-1723811494-34G172G129G2-MOLJN5838%26utm_source%3D688399%26utm_medium%3D70866%26utm_campaign%3D19418&rl=&if=false&ts=1723811508680&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723811508674.37464956684196916&ler=empty&cdl=API_unavailable&it=1723811508623&coo=false&exp=f1&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 16 Aug 2024 12:31:48 GMT
document-policy: force-load-at-top
x-fb-server-load: 73
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7403714052819494702", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=10, mss=1392, tbw=8935, tp=-1, tpl=-1, uplat=80, ullat=0
pragma: no-cache
x-fb-debug: daYmwXYKZkdL9aaCLE8ky8dz1BdApXqSnviwRkWhXUP4Fg2jelQQard+n8Iwp06tFf8fSbpu2ldDxnrBf0cenA==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7403714052819494702"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 1232172684609899 Show response
connect.facebook.net/signals/config/ 25 KB
4 KB 25ms
24ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1232172684609899?v=2.9.164&r=stable&domain=df.dafapromo.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C195%2C194%2C196%2C201%2C202%2C203%2C199%2C191%2C128%2C158%2C190%2C192%2C119%2C152%2C141%2C146%2C184%2C185%2C125%2C227%2C113%2C124%2C228%2C160%2C116%2C230%2C161%2C132%2C120%2C149%2C144%2C130%2C123

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7ae3f26866abfb13e20ff2702c0dd350bc6ebdb72ae4a9e314ade179f778f010

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 16 Aug 2024 12:31:48 GMT
document-policy: force-load-at-top
x-fb-server-load: 68
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4202
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=19, rtx=0, c=23, mss=1232, tbw=5596, tp=10, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: TBHtuc7PdlLWgOmta6OxX8IhFacHknqbz3/LalWO3iIks1W7/jtVsVlAc0aqPwLWmKdJJWJ9CckHor8lKwAvJA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
102 B 100ms
58ms Image
text/plain 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?batch=1&events[0]=id%3D1111248093529440%26ev%3DPageView%26dl%3Dhttps%253A%252F%252Fdf.dafapromo.com%252Fsprt%252Fth%252Findex.html%253Fbtag%253D688399_5732390a80f842c791b4416b35d0e4ae%2526clickid%253DD-20948719-1723811494-34G172G129G2-MOLJN5838%2526utm_source%253D688399%2526utm_medium%253D70866%2526utm_campaign%253D19418%26rl%3D%26if%3Dfalse%26ts%3D1723811508715%26sw%3D1600%26sh%3D1200%26v%3D2.9.164%26r%3Dstable%26ec%3D0%26o%3D4126%26fbp%3Dfb.1.1723811508674.37464956684196916%26ler%3Dempty%26cdl%3DAPI_unavailable%26cs_est%3Dtrue%26it%3D1723811508623%26coo%3Dfalse%26exp%3Df3&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=8, rtx=0, c=10, mss=1392, tbw=3332, tp=-1, tpl=-1, uplat=27, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 16 Aug 2024 12:31:48 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 135ms
94ms Image
image/png 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1111248093529440&ev=PageView&dl=https%3A%2F%2Fdf.dafapromo.com%2Fsprt%2Fth%2Findex.html%3Fbtag%3D688399_5732390a80f842c791b4416b35d0e4ae%26clickid%3DD-20948719-1723811494-34G172G129G2-MOLJN5838%26utm_source%3D688399%26utm_medium%3D70866%26utm_campaign%3D19418&rl=&if=false&ts=1723811508715&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723811508674.37464956684196916&ler=empty&cdl=API_unavailable&cs_est=true&it=1723811508623&coo=false&exp=f3&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 16 Aug 2024 12:31:48 GMT
document-policy: force-load-at-top
x-fb-server-load: 50
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7403714051667236388", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=10, mss=1392, tbw=3671, tp=-1, tpl=-1, uplat=66, ullat=0
pragma: no-cache
x-fb-debug: nD7PZekaIdkSbx0D1w1AyMP/8Rr1pbtKUIV+pgoxHYZTtCAJ18xkzB9q6JAIoXORyBXi+trnJJbGKO7bGOclag==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7403714051667236388"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 988361329509623 Show response
connect.facebook.net/signals/config/ 24 KB
4 KB 24ms
22ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/988361329509623?v=2.9.164&r=stable&domain=df.dafapromo.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C195%2C194%2C196%2C201%2C202%2C203%2C199%2C191%2C128%2C158%2C190%2C192%2C119%2C152%2C141%2C146%2C184%2C185%2C125%2C227%2C113%2C124%2C228%2C160%2C116%2C230%2C161%2C132%2C120%2C149%2C144%2C130%2C123

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9d191f89739374034d4bb80baa25a0f4192538770ce2cc3f436cad911c7fb6d2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 16 Aug 2024 12:31:48 GMT
document-policy: force-load-at-top
x-fb-server-load: 55
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4134
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=28, mss=1232, tbw=12364, tp=17, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: AW4QRtK7Agy4unIyvtZ5KxINTC9mpwIJWHCz+J6R1vXSxZD3OEt/ICEVDqjwdAxrD7zO6SC9z9gAGF+pw2eCzg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
102 B 55ms
46ms Image
text/plain 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?batch=1&events[0]=id%3D1232172684609899%26ev%3DPageView%26dl%3Dhttps%253A%252F%252Fdf.dafapromo.com%252Fsprt%252Fth%252Findex.html%253Fbtag%253D688399_5732390a80f842c791b4416b35d0e4ae%2526clickid%253DD-20948719-1723811494-34G172G129G2-MOLJN5838%2526utm_source%253D688399%2526utm_medium%253D70866%2526utm_campaign%253D19418%26rl%3D%26if%3Dfalse%26ts%3D1723811508748%26sw%3D1600%26sh%3D1200%26v%3D2.9.164%26r%3Dstable%26ec%3D0%26o%3D4126%26fbp%3Dfb.1.1723811508674.37464956684196916%26ler%3Dempty%26cdl%3DAPI_unavailable%26it%3D1723811508623%26coo%3Dfalse%26exp%3Df3&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=8, rtx=0, c=10, mss=1392, tbw=3186, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 16 Aug 2024 12:31:48 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
1 KB 103ms
96ms Image
image/png 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1232172684609899&ev=PageView&dl=https%3A%2F%2Fdf.dafapromo.com%2Fsprt%2Fth%2Findex.html%3Fbtag%3D688399_5732390a80f842c791b4416b35d0e4ae%26clickid%3DD-20948719-1723811494-34G172G129G2-MOLJN5838%26utm_source%3D688399%26utm_medium%3D70866%26utm_campaign%3D19418&rl=&if=false&ts=1723811508748&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723811508674.37464956684196916&ler=empty&cdl=API_unavailable&it=1723811508623&coo=false&exp=f3&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 16 Aug 2024 12:31:48 GMT
document-policy: force-load-at-top
x-fb-server-load: 68
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7403714052502728405", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=10, mss=1392, tbw=7833, tp=-1, tpl=-1, uplat=73, ullat=0
pragma: no-cache
x-fb-debug: wvkxO3En99/Cz4yeVolYwoGkrCM54cvAvZPLxxfsaUYEqcxCwSfwbwtXPqo3jLObbNFH9NxcRXnNdfenlBID0A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7403714052502728405"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
101 B 28ms
27ms Image
text/plain 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?batch=1&events[0]=id%3D988361329509623%26ev%3DPageView%26dl%3Dhttps%253A%252F%252Fdf.dafapromo.com%252Fsprt%252Fth%252Findex.html%253Fbtag%253D688399_5732390a80f842c791b4416b35d0e4ae%2526clickid%253DD-20948719-1723811494-34G172G129G2-MOLJN5838%2526utm_source%253D688399%2526utm_medium%253D70866%2526utm_campaign%253D19418%26rl%3D%26if%3Dfalse%26ts%3D1723811508779%26sw%3D1600%26sh%3D1200%26v%3D2.9.164%26r%3Dstable%26ec%3D0%26o%3D4126%26fbp%3Dfb.1.1723811508674.37464956684196916%26ler%3Dempty%26cdl%3DAPI_unavailable%26it%3D1723811508623%26coo%3Dfalse%26exp%3Df3&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=10, mss=1392, tbw=3526, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 16 Aug 2024 12:31:48 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
850 B 67ms
66ms Image
image/png 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=988361329509623&ev=PageView&dl=https%3A%2F%2Fdf.dafapromo.com%2Fsprt%2Fth%2Findex.html%3Fbtag%3D688399_5732390a80f842c791b4416b35d0e4ae%26clickid%3DD-20948719-1723811494-34G172G129G2-MOLJN5838%26utm_source%3D688399%26utm_medium%3D70866%26utm_campaign%3D19418&rl=&if=false&ts=1723811508779&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723811508674.37464956684196916&ler=empty&cdl=API_unavailable&it=1723811508623&coo=false&exp=f3&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 16 Aug 2024 12:31:48 GMT
document-policy: force-load-at-top
x-fb-server-load: 53
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7403714051434202022", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=10, mss=1392, tbw=6961, tp=-1, tpl=-1, uplat=38, ullat=0
pragma: no-cache
x-fb-debug: PXybTTIrz8VWyORtvu1LbTaO0AtYbAeXbzHw2sdLzwklrgRZSREHJoudC25xwiKhMpNtn0k0Mt3PQxwAc9OkEQ==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7403714051434202022"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

/ Show response
asia.adform.net/Serving/TrackPoint/
Redirect Chain

https://asia.adform.net/Serving/TrackPoint/?pm=3095779&ADFPageName=Dafabet%20All%20Pages&ADFdivider=%7C&ord=752887335016&ADFtpmode=2&loc=https%3A%2F%2Fdf.dafapromo.com%2Fsprt%2Fth%2Findex.html%3Fbt...
https://asia.adform.net/Serving/TrackPoint/?CC=1&pm=3095779&ADFPageName=Dafabet%20All%20Pages&ADFdivider=%7C&ord=752887335016&ADFtpmode=2&loc=https%3A%2F%2Fdf.dafapromo.com%2Fsprt%2Fth%2Findex.html...

846 B
1 KB

467ms
466ms

Script
text/javascript

185.84.60.23
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://asia.adform.net/Serving/TrackPoint/?CC=1&pm=3095779&ADFPageName=Dafabet%20All%20Pages&ADFdivider=%7C&ord=752887335016&ADFtpmode=2&loc=https%3A%2F%2Fdf.dafapromo.com%2Fsprt%2Fth%2Findex.html%3Fbtag%3D688399_5732390a80f842c791b4416b35d0e4ae%26clickid%3DD-20948719-1723811494-34G172G129G2-MOLJN5838%26utm_source%3D688399%26utm_medium%3D70866%26utm_campaign%3D19418&Set1=en-US%7Cen-US%7C1600x1200%7C24

Protocol

Server

185.84.60.23 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

3c5948124d20103538d67d87588203f81078e66532559d43a4bf832aded85693

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Aug 2024 12:31:49 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 689
expires: -1

Redirect headers

pragma: no-cache
date: Fri, 16 Aug 2024 12:31:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
content-type: text/html; charset=utf-8
location: https://asia.adform.net/Serving/TrackPoint/?CC=1&pm=3095779&ADFPageName=Dafabet%20All%20Pages&ADFdivider=%7C&ord=752887335016&ADFtpmode=2&loc=https%3A%2F%2Fdf.dafapromo.com%2Fsprt%2Fth%2Findex.html%3Fbtag%3D688399_5732390a80f842c791b4416b35d0e4ae%26clickid%3DD-20948719-1723811494-34G172G129G2-MOLJN5838%26utm_source%3D688399%26utm_medium%3D70866%26utm_campaign%3D19418&Set1=en-US%7Cen-US%7C1600x1200%7C24
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1

GET
H2 200 pixels
c1.adform.net/imatch/ Frame CC87 0
0 193ms
32ms Document
text/html 185.167.164.42
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/imatch/pixels?bt=0&uid=7033661447522427642&agencyId=8910&advertiserId=2170253&src=tp&rnd=81435

Requested by

Host: asia.adform.net
URL: https://asia.adform.net/Serving/TrackPoint/?pm=3095779&ADFPageName=Dafabet%20All%20Pages&ADFdivider=%7C&ord=752887335016&ADFtpmode=2&loc=https%3A%2F%2Fdf.dafapromo.com%2Fsprt%2Fth%2Findex.html%3Fbtag%3D688399_5732390a80f842c791b4416b35d0e4ae%26clickid%3DD-20948719-1723811494-34G172G129G2-MOLJN5838%26utm_source%3D688399%26utm_medium%3D70866%26utm_campaign%3D19418&Set1=en-US%7Cen-US%7C1600x1200%7C24

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.167.164.42 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://df.dafapromo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 16 Aug 2024 12:31:50 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding

GET
H2 200 /
asia.seadform.net/serving/cookie/sync/ 35 B
466 B 1088ms
428ms Image
image/gif 185.84.60.23
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://asia.seadform.net/serving/cookie/sync/?uid=7033661447522427642&stamp=L1aKyUsUcp4DvP-67D9Y4w2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.84.60.23 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 12:31:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
content-type: image/gif
cache-control: private

POST
H2 204 collect
analytics.google.com/g/ 0
0 38ms
37ms Fetch
text/plain 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-S5WHEF6PM5&gtm=45je48e0v890350493za200zb890334128&_p=1723811507962&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1286851760.1723811508&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1723811508&sct=1&seg=0&dl=https%3A%2F%2Fdf.dafapromo.com%2Fsprt%2Fth%2Findex.html%3Fbtag%3D688399_5732390a80f842c791b4416b35d0e4ae%26clickid%3DD-20948719-1723811494-34G172G129G2-MOLJN5838%26utm_source%3D688399%26utm_medium%3D70866%26utm_campaign%3D19418&dt=%E0%B8%82%E0%B9%89%E0%B8%AD%E0%B9%80%E0%B8%AA%E0%B8%99%E0%B8%AD%E0%B8%AA%E0%B8%B3%E0%B8%AB%E0%B8%A3%E0%B8%B1%E0%B8%9A%E0%B8%9C%E0%B8%B9%E0%B9%89%E0%B9%80%E0%B8%A5%E0%B9%88%E0%B8%99%E0%B9%83%E0%B8%AB%E0%B8%A1%E0%B9%88&en=scroll&epn.percent_scrolled=90&_et=12&tfd=23089
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S5WHEF6PM5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://df.dafapromo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Aug 2024 12:31:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://df.dafapromo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

83 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
adsmain.o18.link/	1970-01-20 22:50:54	Name: __smt_ofr_20948719_21238589 Value: 21238589
adsmain.o18.link/	1970-01-20 22:51:37	Name: MJA5NDG3MTL8MJYWMDO4MDM6YTG4OJMYMZI6OJIZMG Value: 1723811492.1174
zypholuxa.com/	1970-01-20 22:50:15	Name: sbc74343dcda8be6b1d Value: eyJpdiI6IlQ1REQ4Q0lDMU1NUVFTelZUeVJ1bnc9PSIsInZhbHVlIjoiTnIyaENiTUduR20vUEluRFpZSkQzUT09IiwibWFjIjoiODY0MzE1YWU1OGExMTk3M2I5YmNhNzNlZDlhOGY3ODBmMjAzZTZkNGFjYjU1NjM0YThmM2MyZmI2ZGMwMDRmMCIsInRhZyI6IiJ9
zypholuxa.com/	1970-01-21 00:59:47	Name: vis Value: eyJpdiI6IkdqcmZzdi9DdXBZMU8ydTZyKzBJdEE9PSIsInZhbHVlIjoieWROZTFEWDMxTXpLSUVzcmh0ZXpwQT09IiwibWFjIjoiMzIzYWQwM2JkYmQwODk4MjUzMGVkODUyZmUzYmJkMGU3ODU4YTk0MmY5ZDdhODg0NDkxNjgzZTQyMjViMWI3OCIsInRhZyI6IiJ9
adsmain.o18.link/	1970-01-20 22:50:54	Name: __smt_ofr_20948719_21022592 Value: 21022592
adsmain.o18.link/	1970-01-20 23:33:23	Name: 20948719 Value: D-20948719-1723811494-34G172G129G2-MOLJN5838
adsmain.o18.link/	1970-01-20 23:33:23	Name: ____global_tid Value: D-20948719-1723811494-34G172G129G2-MOLJN5838
.dafapromo.com/	1970-01-21 08:26:11	Name: _ga Value: GA1.1.1286851760.1723811508
.dafapromo.com/	1970-01-21 08:26:11	Name: _ga_S5WHEF6PM5 Value: GS1.1.1723811508.1.0.1723811508.60.0.0
.adnxs.com/	1970-01-21 00:59:47	Name: XANDR_PANID Value: MzTxeb-5M0uCi0ld0eyR8qaLiGKbw5juOhYtkl6l3koOzDdpahkCVRGAngTC6o_0XPthkP8kvzQsMCRmOTxUh-ZsAazexlUGD-8TEo1BwBE.
.adnxs.com/	1970-01-21 08:26:11	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-21 00:59:47	Name: uuid2 Value: 3612236802888319888
df.dafapromo.com/	1970-01-21 07:35:47	Name: __visitor_id Value: v1.3:15827708187:1723811508629:1723811508629
df.dafapromo.com/	1970-01-21 07:35:47	Name: __user_id Value: uid-6382201150.6556163511
.adnxs.com/	1970-01-21 00:59:47	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2Il_k!!`k!]tbP6j2F-XstGt!@E-w%)pTp
.dafapromo.com/	1970-01-21 00:59:47	Name: _fbp Value: fb.1.1723811508674.37464956684196916
.adform.net/	1970-01-20 23:34:49	Name: C Value: 1
.adform.net/	1970-01-21 00:16:35	Name: uid Value: 7033661447522427642
.adform.net/	1970-01-20 22:51:37	Name: CM Value: 1\|1
.adform.net/	1970-01-20 23:10:21	Name: CM14 Value: 1723897910_1723811510_1723811510_1_Hu7u4e4e4R7u4e4REREeEREREAAA4Q
.eyeota.net/	1970-01-21 07:35:47	Name: mako_uid Value: 1915b2c388a-6360000010a5676
.eyeota.net/	1970-01-20 22:50:12	Name: SERVERID Value: 22134~DM
.rubiconproject.com/	1970-01-21 07:35:47	Name: audit_p Value: 1\|DPAG3mrqTBV/pM2OiKai1FUb6GVy2u4bnoKGGbwoIKjtSRNyoMFDqF8DJyZRKG0ac9yqvbNcR8BBK03vAHceEG4bn2cxl7tJOFMgWNa06i6DF4xuMt6quS4dutGpDSjfezPexAPrB9zyU9QaoXNThNzpQ7vzkXQ/
.rubiconproject.com/	1970-01-21 07:35:47	Name: khaos Value: LZWOV630-22-3AVJ
.rubiconproject.com/	1970-01-21 07:35:47	Name: khaos_p Value: LZWOV630-22-3AVJ
.rubiconproject.com/	1970-01-21 07:35:47	Name: audit Value: 1\|DPAG3mrqTBV/pM2OiKai1FUb6GVy2u4bnoKGGbwoIKjtSRNyoMFDqF8DJyZRKG0ac9yqvbNcR8BBK03vAHceEG4bn2cxl7tJOFMgWNa06i6DF4xuMt6quS4dutGpDSjfezPexAPrB9zyU9QaoXNThNzpQ7vzkXQ/
.casalemedia.com/	1970-01-21 07:35:47	Name: CMID Value: Zr9Gtkt3udsAAFn6Adw8cAAA
.casalemedia.com/	1970-01-21 00:59:47	Name: CMPS Value: 1287
.casalemedia.com/	1970-01-21 00:59:47	Name: CMPRO Value: 1287
.smartadserver.com/	1970-01-21 08:20:25	Name: pid Value: 9046339820613242802
.smartadserver.com/	1970-01-21 08:20:25	Name: TestIfCookieP Value: ok
.smartadserver.com/	1970-01-21 07:35:47	Name: csync Value: 22:7033661447522427642
.360yield.com/	1970-01-21 00:59:47	Name: tuuid Value: cbfbc2b2-5e30-45f2-9dcf-b62a21b90b26
.360yield.com/	1970-01-21 00:59:47	Name: tuuid_lu Value: 1723811510
.bidswitch.net/	1970-01-21 07:35:47	Name: tuuid Value: 37ad0ac6-7423-4474-8bef-76dab555e795
.bidswitch.net/	1970-01-21 07:35:47	Name: c Value: 1723811510
.bidswitch.net/	1970-01-21 07:35:47	Name: tuuid_lu Value: 1723811510
.360yield.com/	1970-01-21 00:59:47	Name: um Value: !42,AHi4.aq.gH9Mut.HFPHgAxXGxIymsg6Po2jP1agxijLP,1725021110
.360yield.com/	1970-01-21 00:59:47	Name: umeh Value: !42,0,1786019510,-1
.semasio.net/	1970-01-21 07:35:47	Name: SEUNCY Value: C1E2FD377F35FB58
.rlcdn.com/	1970-01-21 07:35:47	Name: rlas3 Value: JdqWTCi0TT2GSgiK7gW4uNZlV1PnUwcFaifXHsVq+a0=
.rlcdn.com/	1970-01-21 00:16:35	Name: pxrc Value: CLaN/bUGEgUI6AcQABIFCOhHEAA=
.crwdcntrl.net/	1970-01-21 05:18:57	Name: _cc_dc Value: 0
.crwdcntrl.net/	1970-01-21 05:18:57	Name: _cc_id Value: 458cf344368c16a6a5bdef37d5879d1f
.exelator.com/	1970-01-21 01:42:59	Name: EE Value: "b9168e63b79a4166c5f57b8d249083a3"
.bluekai.com/	1970-01-21 03:15:09	Name: bku Value: /Ux99njsFtRFQ8x/
.exelator.com/	1970-01-21 01:42:59	Name: ud Value: "eJxrXxzq6XKLQSHJ0tDMItXMOMncMtHE0Mws2TTN1DzJIsXIxNLAwjjReHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDIfEl%252BUWb6otDgxUUpaQyLSopPBZ9YOw0AewwqQw%253D%253D"
.doubleclick.net/	1970-01-21 08:26:11	Name: IDE Value: AHWqTUktRlKKWt2FpUyqc-5yL39WcYCVg_sV8AZQi2gX_hoxQB50HTSGdElXy013Nrw
.pubmatic.com/	1970-01-20 23:33:23	Name: KRTBCOOKIE_391 Value: 22924-7033661447522427642&KRTB&23231-7033661447522427642&KRTB&23263-7033661447522427642&KRTB&23481-7033661447522427642
.pubmatic.com/	1970-01-20 23:33:23	Name: PugT Value: 1723811510
.pippio.com/	1970-01-21 07:35:47	Name: did Value: TBdjo3zx6byV_Rru
.pippio.com/	1970-01-21 07:35:47	Name: didts Value: 1723811510
.pippio.com/	1970-01-21 00:16:35	Name: nnls Value:
.pippio.com/	1970-01-21 00:16:35	Name: pxrc Value: CLaN/bUGEgYIgr0rEAA=
.demdex.net/	1970-01-21 03:09:23	Name: demdex Value: 08731674901832201862093708074177655690
.linkedin.com/	1970-01-21 00:59:47	Name: li_sugr Value: 1b815958-c997-47fa-8aec-3c5534946359
.linkedin.com/	1970-01-21 07:35:47	Name: bcookie Value: "v=2&4a59f0a4-f925-405c-8610-143670492724"
.linkedin.com/	1970-01-20 22:51:37	Name: lidc Value: "b=TGST07:s=T:r=T:a=T:p=T:g=2912:u=1:x=1:i=1723811510:t=1723897910:v=2:sig=AQEVNc-DpGohFCK-6MGWT0xA04g-RpBI"
.w55c.net/	1970-01-21 08:20:25	Name: wfivefivec Value: CfcX2TcM1SEW7s5
.adsrvr.org/	1970-01-21 07:35:47	Name: TDID Value: 381fb94b-8a27-4797-8c73-8569406a4e18
.w55c.net/	1970-01-20 23:33:23	Name: matchadform Value: 5
.agkn.com/	1970-01-21 07:35:47	Name: ab Value: 0001%3AdfM1U9%2FGfJPNh5o4rtf7jruM7O6ueJLF
.dpm.demdex.net/	1970-01-21 03:09:23	Name: dpm Value: 08731674901832201862093708074177655690
.audrte.com/	1970-01-20 23:11:47	Name: arcki2 Value: a4hpJVBA3VlT7KvInZFXe76mw!20220908!1723811511094!ip#208.252.80.232
.audrte.com/	1970-01-20 23:11:47	Name: arcki2_adform Value: 7033661447522427642!20220908!1723811511094
.seadform.net/	1970-01-21 00:16:35	Name: uid Value: 7033661447522427642
.teads.tv/	1970-01-21 07:34:21	Name: tt_viewer Value: 0a6d6ae4-b114-472a-bb11-c81ca1945844
.smaato.net/	1970-01-20 23:20:25	Name: SCM Value: b0cd1e11b1
.smaato.net/	1970-01-20 23:20:25	Name: SCMinmobi Value: b0cd1e11b1
.smaato.net/	1970-01-20 23:20:25	Name: SCM1001213 Value: b0cd1e11b1
.weborama.fr/	1970-01-21 08:16:06	Name: AFFICHE_W Value: rtuioE7FCbSu96
.audrte.com/	1970-01-20 23:11:47	Name: arcki2_ddp2 Value: a4hpJVBA3VlT7KvInZFXe76mw!20220908!1723811511239
.3lift.com/	1970-01-21 00:59:47	Name: tluidp Value: 2740596745837108054398
.3lift.com/	1970-01-21 00:59:47	Name: tluid Value: 2740596745837108054398
.onaudience.com/	1970-01-20 22:51:37	Name: done_redirects104 Value: 1
.onaudience.com/	1970-01-20 22:51:37	Name: done_redirects147 Value: 1
.onaudience.com/	1970-01-20 22:51:37	Name: done_redirects282 Value: 1
.onaudience.com/	1970-01-20 22:51:37	Name: done_redirects252 Value: 1
.onaudience.com/	1970-01-21 07:35:47	Name: cookie Value: 80c181980c5c20f6
.yahoo.com/	1970-01-21 07:36:09	Name: A3 Value: d=AQABBLhGv2YCEH6CKO4CdoJkXgTR7MQUyWgFEgEBAQGYwGbJZtxH0iMA_eMAAA&S=AQAAAnppbJ1_OwJxcf2Wuv6uavs
.analytics.yahoo.com/	1970-01-21 07:35:47	Name: IDSYNC Value: 199z~2k5o
.onaudience.com/	1970-01-20 22:51:37	Name: done_redirects109 Value: 1
.adsrvr.org/	1970-01-21 07:35:47	Name: TDCPM Value: CAESFgoHc2VtYXNpbxILCPiGjvyt_p49EAUSFgoHYmx1ZWthaRILCOzzvYqu_p49EAUYASACKAIyCwiutYywxP6ePRAFOAFaB3hrc3c5bGFgAg..

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cdn.matomo.cloud/blockchainads.matomo.cloud/container_iPEHBueP.js Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adscool.net
adsmain.o18.link
analytics.google.com
api.netrefer.com
asia.adform.net
asia.seadform.net
banners.dfbanners.com
c1.adform.net
cdn.matomo.cloud
cmkt.dafapromo.com
connect.facebook.net
df.dafapromo.com
rtg.prdredir.com
rtgsystemsync.com
s2.adform.net
scripts.prdredir.com
secure.adnxs.com
stats.g.doubleclick.net
vebalm.com
www.facebook.com
www.googletagmanager.com
xml.ezmob.com
zypholuxa.com
157.185.170.144
185.167.164.42
185.167.164.44
185.84.60.23
2600:9000:24f0:8600:c:7d55:b3c0:93a1
2604:9e00:1:129::2:b1f
2606:4700:20::681a:7a0
2606:4700:3031::ac43:81a1
2606:4700:3032::6815:1429
2606:4700:3035::6815:1a4
2606:4700:3037::6815:1154
2606:4700::6812:1f1b
2606:4700::6812:add
2607:f8b0:4004:c19::9a
2607:f8b0:4006:808::200e
2607:f8b0:4006:80c::2008
2620:1ec:29:1::40
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:182:face:b00c:0:25de
31.220.27.98
68.67.160.186
0cf260f72dcb15370f14821e61dffe9ed4f7db6ae928e25e761b5fa65d531652
0dcb14b08a8d4272410d31857bbd67b425c037760642820c4cf729c31293c823
0e20dab11fd5f4c94ad7d8d8c09ed6bfdb3c4adb6eafb989dad03b87a607ef80
2e8e0dc68787afa49c363e9541a9380af98156491036d23fe7d22561f3596f84
2fa4c59cc6e489fec39cfbe279191cc9d2d323a135977bf09688652bf4157bf0
3c5948124d20103538d67d87588203f81078e66532559d43a4bf832aded85693
41671bc52cc92393f5dd3093acab9e9587544824100ceef55cd101c82782532f
448d305ad6e8d6b57c5e4d37afbf26c77bcf2c2548e1fe462772757ee6ccbbe1
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4
57347fb299ae4c93b48fe98156d59bd582d9771ee66345ec1d0cd040eab18f1e
653a3307de44e859f63c1ee7698e0b00407ad465f59f311f5f7efaca157655ba
6eae4fbf7c734a84c8ec7ff1a3cf805ec07b8bf719cf01a4c02ad19b0722252c
7306be87c1671c8c9a54f0a35674edd96fb3f30cc0bca4e60d45d69242f7cf1c
7ae3f26866abfb13e20ff2702c0dd350bc6ebdb72ae4a9e314ade179f778f010
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8532bc49fb52c469127d88c039f29e484f769eafa846c91773bd811b3cf9e21b
8b004add6989d24b15d9a9a33a561050b3c01c2675c0ec70f58c9fe903cf4b14
8d8b7618affc4d80078ebb51119d5e13a2d8cfb47c1fb434d91e79dd35a02c9c
8dccb315c0e3df90d138cb5db7c5d60cd58d1b43bee5688c290c5f54c9737ed9
8ddc6cbdb63a791bfc33f40d4b0a250a18e85e0ae93f72389ebda9242bef010d
8f7085d507dc0a6e7e5043de68b7a47ba8a8919ea1aa0d7af12359137c94eed9
9d191f89739374034d4bb80baa25a0f4192538770ce2cc3f436cad911c7fb6d2
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
b8fbacf4998ff7253c5fab185a6058959851c8f02d64f257ec5be076b41aa3a2
c76d79a9584c1aaf56db4752f210bbed744bffe9669349c6780caff1adab614e
c9c27d856300d6a4b796fb0edb53128da557104b22abf368b977cb73a8f9db84
ca856f4c5db01b4189e699b9f87f428016a2d3c53f007f46618edc1e65bba0f7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d42978064228fdf02a63d92d482af34498333ad537fe2fd796f36b5cf5b95df0
dd60620ebd4c1acc742e1d17eec7dd919c52b9240ea440c32306a2fb31f92fbc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6d59fdd165ce307490775f1bdfc3c82fa0e2b30b7b236875c44d8ecd42b84fd
e926f75ecd45f239ff43f819f9c1cf5c0cd6cf5f1a12a3455ab7c0f16fa654ca
ee9fbd1433074584fcfcb86657af0c29339bd6644b87b656cdcb29788cda1bd1
fb302897b457c66a65b4d79a8f1b7d94e4efc2b82b73640139c09fdc1991764b

df.dafapromo.com Open in urlscan Pro 2606:4700::6812:add Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

50 Requests

96 %HTTPS

71 %IPv6

19 Domains

23 Subdomains

15 IPs

3 Countries

1804 kBTransfer

2558 kBSize

83 Cookies

6 Outgoing links

Page URL History

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

df.dafapromo.com Open in urlscan Pro
2606:4700::6812:add Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

96 %
HTTPS

71 %
IPv6

19
Domains

23
Subdomains

15
IPs

3
Countries

1804 kB
Transfer

2558 kB
Size

83
Cookies

50 HTTP transactions
0 data transactions