www.offrepmu.c4.fr Open in urlscan Pro
5.135.149.81 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.offrepmu.c4.fr/
Submission: On September 10 via manual (September 10th 2022, 5:58:49 pm UTC) from BF — Scanned from FR

Summary HTTP 135 Redirects Behaviour Indicators

Summary

This website contacted 26 IPs in 5 countries across 27 domains to perform 135 HTTP transactions. The main IP is 5.135.149.81, located in Paris, France and belongs to OVH, FR. The main domain is www.offrepmu.c4.fr.

This is the only time www.offrepmu.c4.fr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	5.135.149.81 5.135.149.81	16276 (OVH) (OVH)
1 8	194.150.236.165 194.150.236.165	44976 (HIWIT_AS) (HIWIT_AS)
12	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1 1	2606:4700:303... 2606:4700:3038::6815:ea1b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	194.150.236.179 194.150.236.179	44976 (HIWIT_AS) (HIWIT_AS)
1	173.225.100.28 173.225.100.28	19318 (IS-AS-1) (IS-AS-1)
42	2606:4700:20:... 2606:4700:20::681a:a16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	194.0.255.28 194.0.255.28	8218 (NEO-ASN l...) (NEO-ASN legacy Neotelecoms)
5	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3030::ac43:d31d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
19	185.119.26.1 185.119.26.1	203544 (WEBDEVIIN-AS) (WEBDEVIIN-AS)
1	139.45.197.234 139.45.197.234	9002 (RETN-AS) (RETN-AS)
1	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::2008	15169 (GOOGLE) (GOOGLE)
1 2	65.9.68.209 65.9.68.209	16509 (AMAZON-02) (AMAZON-02)
2 6	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
2 4	104.18.18.126 104.18.18.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	37.252.172.249 37.252.172.249	29990 (ASN-APPNEX) (ASN-APPNEX)
5	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
2	54.219.10.208 54.219.10.208	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
135	26

10 5.135.149.81 (Paris, France)

ASN16276 (OVH, FR)
PTR: web3.venez.net

www.offrepmu.c4.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.venez.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 194.150.236.165 (France) 1 redirects

ASN44976 (HIWIT_AS, FR)
PTR: ns5.hiwit.net

www.turfprox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
turfgeny.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.turfgeny.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3038::6815:ea1b (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

img.root-top.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 194.150.236.179 (France)

ASN44976 (HIWIT_AS, FR)
PTR: ns19.hiwit.net

www.pronostar.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.225.100.28 (United States)

ASN19318 (IS-AS-1, US)

turfvictoire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 2606:4700:20::681a:a16 (United States)

ASN13335 (CLOUDFLARENET, US)

www.widgeo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 194.0.255.28 (France)

ASN8218 (NEO-ASN legacy Neotelecoms, FR)
PTR: srv28.bdmultimedia.fr

script.starpass.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::ac43:d31d (United States)

ASN13335 (CLOUDFLARENET, US)

inklinkor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 185.119.26.1 (France)

ASN203544 (WEBDEVIIN-AS, FR)
PTR: 1.26.119.185.in-addr.arpa

payment.allopass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.234 (United Kingdom)

ASN9002 (RETN-AS, GB)

bedrapiona.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.68.209 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-65-9-68-209.fra56.r.cloudfront.net

logv33.xiti.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.66 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.18.126 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.249 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.219.10.208 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-219-10-208.us-west-1.compute.amazonaws.com

gmu-apps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
42	widgeo.net www.widgeo.net — Cisco Umbrella Rank: 386848	66 KB
19	allopass.com payment.allopass.com	294 KB
19	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 129 tpc.googlesyndication.com — Cisco Umbrella Rank: 174	279 KB
10	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 73 cm.g.doubleclick.net — Cisco Umbrella Rank: 303 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 373	48 KB
7	venez.fr www.venez.fr	9 KB
6	turfprox.com www.turfprox.com	110 KB
5	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 350	100 KB
4	gstatic.com fonts.gstatic.com	91 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 904	3 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 120 ajax.googleapis.com — Cisco Umbrella Rank: 480	26 KB
3	c4.fr www.offrepmu.c4.fr	3 KB
2	gmu-apps.com gmu-apps.com	6 KB
2	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 329	2 KB
2	xiti.com 1 redirects logv33.xiti.com	1 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 141	116 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 142 www.google.com — Cisco Umbrella Rank: 19	2 KB
2	turfgeny.com 1 redirects turfgeny.com www.turfgeny.com	10 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 94	20 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 234	44 KB
1	google.fr adservice.google.fr — Cisco Umbrella Rank: 24119	792 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 972	640 B
1	bedrapiona.com bedrapiona.com — Cisco Umbrella Rank: 27017	542 B
1	inklinkor.com inklinkor.com — Cisco Umbrella Rank: 39960	25 KB
1	starpass.fr script.starpass.fr	286 B
1	turfvictoire.com turfvictoire.com	408 KB
1	pronostar.net www.pronostar.net	12 KB
1	root-top.com 1 redirects img.root-top.com	486 B
135	27

	Domain	Requested by
42	www.widgeo.net	www.turfprox.com www.widgeo.net ajax.googleapis.com
19	payment.allopass.com	www.turfprox.com payment.allopass.com
12	pagead2.googlesyndication.com	www.offrepmu.c4.fr pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
7	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com www.offrepmu.c4.fr
7	www.venez.fr	www.offrepmu.c4.fr www.venez.fr
6	www.turfprox.com	www.offrepmu.c4.fr www.turfprox.com
5	s0.2mdn.net	www.offrepmu.c4.fr s0.2mdn.net
4	fonts.gstatic.com	fonts.googleapis.com
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	2 redirects googleads.g.doubleclick.net
4	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net www.offrepmu.c4.fr
3	www.offrepmu.c4.fr	www.offrepmu.c4.fr
2	gmu-apps.com	payment.allopass.com www.offrepmu.c4.fr
2	googleads4.g.doubleclick.net	www.offrepmu.c4.fr
2	ib.adnxs.com	2 redirects
2	logv33.xiti.com	1 redirects www.turfprox.com
2	www.googletagmanager.com	www.widgeo.net payment.allopass.com
2	fonts.googleapis.com	www.widgeo.net s0.2mdn.net
1	www.google-analytics.com	www.googletagmanager.com
1	www.google.com	tpc.googlesyndication.com
1	ajax.googleapis.com	www.widgeo.net
1	www.googletagservices.com	googleads.g.doubleclick.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.fr	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	bedrapiona.com	inklinkor.com
1	inklinkor.com	www.widgeo.net
1	script.starpass.fr	www.turfprox.com
1	www.turfgeny.com	www.turfprox.com
1	turfgeny.com	1 redirects
1	turfvictoire.com	www.turfprox.com
1	www.pronostar.net	www.turfprox.com
1	img.root-top.com	1 redirects
135	33

This site contains no links.

Subject Issuer	Validity	Valid
venez.fr R3	`2022-06-20` - `2022-09-18`	3 months	crt.sh
script.starpass.fr ZeroSSL RSA Domain Secure Site CA	`2022-07-22` - `2022-10-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-31` - `2023-05-31`	a year	crt.sh
*.allopass.com Gandi Standard SSL CA 2	`2021-10-08` - `2022-10-08`	a year	crt.sh
bedrapiona.com R3	`2022-07-27` - `2022-10-25`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.google.fr GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
gmu-apps.com Amazon	`2022-01-31` - `2023-03-01`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh

This page contains 16 frames:

Primary Page: http://www.offrepmu.c4.fr/
Frame ID: FABD966831AF03ADA021A5BED369BAFB
Requests: 1 HTTP requests in this frame

Frame: http://www.offrepmu.c4.fr/barre-offrepmu.c4.fr.html
Frame ID: CC45E66612F414D30BB4902114ABF7E6
Requests: 12 HTTP requests in this frame

Frame: http://www.turfprox.com/turf/offrepmu/
Frame ID: AE81546D114D43B8B012F727C1FCF4E4
Requests: 16 HTTP requests in this frame

Frame: http://www.offrepmu.c4.fr/stats-offrepmu.c4.fr.html
Frame ID: F8FFA3CBA4724ABA0777639E0F5E9DC7
Requests: 1 HTTP requests in this frame

Frame: https://www.venez.fr/alternate-barre.htm
Frame ID: F0BC3D7EEE0F2844196BD53D016293B4
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220907/r20190131/zrt_lookup.html
Frame ID: B495D59187E5043215FA0ED918235E05
Requests: 1 HTTP requests in this frame

Frame: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com
Frame ID: 7416135439224E6017B320BCC168CE71
Requests: 39 HTTP requests in this frame

Frame: https://www.widgeo.net/hitparade.php?pagexiti=geoall2
Frame ID: 302569F4671269479D3FD289164C8BF8
Requests: 4 HTTP requests in this frame

Frame: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
Frame ID: EDDA8376806A633BA4239F8F118A566D
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5203714787387788&output=html&h=90&slotname=4563536207&adk=2647235303&adf=3604715433&pi=t.ma~as.4563536207&w=970&psa=0&format=970x90&url=http%3A%2F%2Fwww.offrepmu.c4.fr%2F&ea=0&wgl=1&dt=1662832725216&bpp=5&bdt=455&idt=251&shv=r20220907&mjsv=m202209060101&ptt=9&saldr=aa&correlator=737976569746&frm=23&ife=1&pv=2&ga_vid=1669214694.1662832725&ga_sid=1662832725&ga_hid=145810130&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=20&ady=0&biw=1600&bih=1200&isw=1600&ish=90&ifk=2442246655&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761792%2C42531705%2C44770881%2C31062931&oid=2&pvsid=3789821193597021&tmod=1724509726&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=o%7Co%7CaeE%7C&abl=NA&pfx=0&fu=4&bc=23&ifi=1&uci=1.onqgnhgjswye&fsb=1&dtd=266
Frame ID: 1866DFD1D6683865FCD7C8802C185D80
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCZw2EY16frwgEwAQ&v=APEucNWkNu6tvivZPRPdKHzQfKQa2sc0yvbyuT-q1MH82HwBMQqLqdcl2H7GgfvQNo9_ob9gmR0IRfT0odlFRIJY3wnFQ-lD9ZeUUuhIe4kvrnTH9QAXRRex2kBYb5JKgJo16waRPE-NLww01e7frtOLJssD1ZXdKY-ES99C4OQNYx5hc6b3Iao
Frame ID: 9D432C1AE79305BE7B17A521C8243720
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DWXRdjH2FP_IPPWCTP7jhAKsYjQ0y7iIzFGMfVDttguHq3ZpZ7ZV14UHrkyc9lEp7-BkKIfpzzRho-6vJpMCRsv36QFQ&cry=1&dbm_d=AKAmf-Cg-_H9rzoMeBRjS7YsKiLTcVhkk54Cq86ZEvzC9pYpgqAB0JxR14PtkHkZaaKE4wUIEhSYDs8JFWzADM39nskXOassmrQfzJ7OBjWAcgkJBeS5fuBRbRDfICOW-MDiAbP2i8KxLvpdFSYPoNVZxWgWF4CVD4ZJ_kqDBnkAu9xlZxsbOgsYMBaiTOFYnIpmkh8ghugNVUhWwvX9Ly_FrXFz2q4uvjSDoXdT156ZA-tOXqPsCiWvO3AAq6R0ma1al_FBoPekPq3su2UhfqUMUTdEz-tQ-OREvvcg7s37YPMSYAtC-vr2IfpUO7v9hD2DSbAy5h4R7YTetumlByqs-VZEBycyojQnwFJoMebN47J1VcuWzilNtuSUWZ2lmNdJdu-28n68sHrUyJairZCtsAolxcRvwWvADaQuuJVetb6n8sWLut0mVZbjst-zhUyWIIuuJ12B2zVzknIvTrMxC9GhFy6rCdXCO48t9KEtdwebKuutiE8btk2og1aAKcWTJYKHNVLCURlUo56R-9rSkx2WXNUBfOtxDXA5FpNypVBMqcuNg8WZ3c4c8PzR1zRP7KWmqIUhkSfPZiIy3ZGGT4c-MdTc0alhHHTHKnJVZ3iC6nvGcLSDW6CReypoCg9VlDgoCaloVnCeuG5dDOgKJpK0qEEzH-g5DGIfRa5QKE6cU91O2kO4j-PwDOse9i4J2L0ZdJQw99eadgDMd239RcrCh0VmCY4ae42inLVrYm9slu52B_xwWoaQ-w0SAT6t_P22sZ6BTXv14ifcjIVRSq-WfzPe5kwoYuGeBfbU4kAZn73Fb-ilkJ2SdcVC5ozGU0J-T-HihZw-pflZSkKKXOrv38G142GYoCBDDFqIQ8pwU9fztguKsACA4JUEUmOlsl1lcGPmsfJia_zcvIWrRNlcUKSZT4VAXmG4BuBPDOYearT8WmOp4l8z7g_krBU1X22d7itiylXLYsv0J6edHYZs9HUv0kTIipi5FdWIkdUkJYQ39xXAgcExFSOErLrZFCwmmqg1bPUAQUqSIiMzvjdJPbzzXMxIumBKccpPFcb_yqitnrabpBce_ObFtXpO7wP7zwHxZ-cxMgUqd8VLkvYiZf9cjy6Ap9EK5anWKJzmMOrF-SxouCJmcyzO3yy-_lCV-RjTYRNdJ_gU4xFxYgNJ7a7T1BvFIa-ENcncQasLRG0qSzWlhCx93WuDz3ss7YtPChZj0YuR2DFnfs4Bpa4bY1wL5Hac0mMk-jM4pmlGz6GUsRtw5b5uowl53AUN-XzdCMMD65EdR1_JXRwPC6FHzXm2lmGIWQpB5BbyBefg7PhgDGr5tbZUZb-y6RoSUjgNoo5WJPM6Kk3cuS439_7j3tWpWS97TFaQVfBnlpZ_uk933UvPMg-znBcUR5Q3o4jILkKdkTKIqJzvKvdMuVuIvCt6aBmqqlUC8_RPpXc5ZBNR5VTwK2K8z10x0TRc47oNcxrT-hjch9_Wr0pn9_p7G141y607Hng_2QJLfxYLrJn7YZsYcJu3TUKZUdrxUMF0ehxGBqfO-NAlonObJlvo5n4jLrScLpPxp81GyYcuv-OUZ4-ogwH_c1zzYkDE_E_HwZ4TprdBrrVf13i8DRJqEwDWvQUL8FLodZczAdxBf7fuTLd5oU-rBuaijr3qRrxYxc2Mugadg-RLNr7Nsf0zUEOMaRWbziLArjgJBG7OT357hc1VvBSLeNHnaqt4IvdJjPXZUC2nwOylVxSzaXOCd7_go8N9lyIvr4UoZZdpxSnxnyGmCFJdT0xf4f8-bjHSmzE07pffDPZI4lJ-ro8xU_TB7OTS8naRKc3Bp2Xu-NaR4NuwR889SZOKLfnSj9ZfYtso-GU-msmXYnW2apK0R-tR-LjQxLOlVGRvSXU4ZNsR4imZnoTBpTMvVYGuPSaNZp4KYxlvv-uzax8-jEIW0WqMW2VdAKKa0Hh9X4e9rbrc9R2WWBQlS1RtC4BegK4jnwhF_HkedFIg4AIFdEG4djgabITaHh8Dv2-WaHZO7pSLf7sDg_dWZnFkDsUVh97x1BnAZesg4lUaFvSMCnhHU84W0Jq4admkwPtvdMqwqR1aWAn-jvP3MPUtudUfXePcRk3jiIKHjzkhimF3rKMujPWaKizVgf7G7KTOeEM8J1MWTUdvORFpvlkq3riBCKxExz_B9WuXcP_Pcxni1fHFT6gZ7qgLK4mBg8035iU0Gk6ryutyyinFu3CS3GB5W7OR7HFXSrn8InXEgOlH0mmErATc5GolnNY62DFhD3Xo9Yb_b72MjXei8QGIH7XwMPmomC2Ml3LVUW7F06johYbAVRnpx-XXr_T7qsLat-nc63tQLnr9uDWz6anhdI9uKe3_wywkuzJJh_mgKdfeQqB-wtE0wpm1zW-6nrylAfNfyV4LU-grL8tUOpfsQxQbihdCHr1b8DCffFDWtI6Xt1U5VZijTETEpxQ66wPrsMZ_UqLOoRD1WNAl3nzRLA9jVCQjPD9cxRFbCFx8CWWkMbIMB7I7idGrDGSbSkHAJzOJuBHJ-FSCyvUo3N5AR-5H-FQQWcFnWj00dtJQJyOpUwHYDW9q95sv9bFG4nU0lhG9yyaJ_s1Bc_i13Sjqex8bg2Y7x5dWKroJmC1j27vHFSg3S5MtDBnSIDYJwN0GBfW9u1j_yegnoUfGyp0Rwung6ZWMu_DJ5KeayAFdzUx9VZeNG07TEXCjtT4nbXc3LBwa1HCpiY-Tpvg_hXMFW2Sa_1dM8ZkDTb_sF8hNhz5SLR27sO4KD6_VEqtARHz7SJUzEdDUQaGU4TLmYKJSM1e8TEhUWMk9b1LVkVw62jTNhqAkkdQTwjTQAZzE9nyeLP4FeBaAnCoDEVZRBP0hrpjvhxqjPagQgET78mid0KLoprfy0bMZdvHuEODzyjQqjYlhGTijjBl8E0p-31gICWt0be3rHtknSzdDYrdg2Xn4TYQ_q-qnR7dQ3i7KGX05zHXUzBJTh8DqOLFkmU24wYfBrQn6VLYq&cid=CAASBORoDr4&rfl=3%2Chttp%253A%252F%252Fwww.offrepmu.c4.fr%242%2Chttp%253A%252F%252Fwww.offrepmu.c4.fr%252F%240
Frame ID: 4EDB66583D9B03166D3B58D51EA6A1DC
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C6F743645F431170D75B07E198E29178
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10196239086468997911/index.html
Frame ID: 6CB15DB841669A0FC59DA4F0FCF142C4
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 824F7E098E2C5C99415D12EC358D0958
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 23EAEB4ADB61876A489286BDF735818F
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

OFFRE PMU

Detected technologies

AT Internet XiTi (Analytics) Expand

Overall confidence: 100%
Detected patterns

xiti\.com/hit\.xiti

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

FingerprintJS (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

fingerprint(\d)?(?:\.min)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

135
Requests

84 %
HTTPS

52 %
IPv6

27
Domains

33
Subdomains

26
IPs

5
Countries

1673 kB
Transfer

3122 kB
Size

10
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9

https://img.root-top.com/topsite/topsorturf/banner.gif HTTP 302
https://www.turfprox.com/img/topgagnant.gif

Request Chain 12

http://turfgeny.com/img/logo.gif HTTP 301
http://www.turfgeny.com/img/logo.gif

Request Chain 29

http://www.turfprox.com/turf/offrepmu/ticket_pmu.jpg HTTP 307
https://www.turfprox.com/turf/offrepmu/ticket_pmu.jpg

Request Chain 75

https://logv33.xiti.com/hit.xiti?s=281802&p=geoall2&hl=17x58x45&r=1600x1200x24x24&ref=http://www.turfprox.com/ HTTP 302
https://logv33.xiti.com/hit.xiti?s=281802&p=geoall2&hl=17x58x45&r=1600x1200x24x24&ref=http://www.turfprox.com/&Rdt=On

Request Chain 76

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15

Request Chain 77

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YxzQVeKkCqfkQBf-N57zCAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15

Request Chain 79

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODYxNTYyNjA4NzM3MzkwNjM2Ng%3D%3D

135 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.offrepmu.c4.fr/ 3 KB
1 KB 117ms
29ms Document
text/html 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://www.offrepmu.c4.fr/
Protocol: HTTP/1.1
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: 9b0386754c0251e6ffcb2dba87a546b10794b3cbbfe5fbc2e061afe2311e0441

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1079
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 10 Sep 2022 17:58:43 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK barre-offrepmu.c4.fr.html Show response
www.offrepmu.c4.fr/ Frame CC45 3 KB
2 KB 116ms
116ms Document
text/html 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://www.offrepmu.c4.fr/barre-offrepmu.c4.fr.html
Requested by: Host: www.offrepmu.c4.fr
URL: http://www.offrepmu.c4.fr/
Protocol: HTTP/1.1
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: bf49dc55bd1cb2f331a5e37547db7c45f890b13f2944f5e8f5fc950a753d8980

Request headers

Referer: http://www.offrepmu.c4.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate post-check=0, pre-check=0
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1495
Content-Type: text/html; charset=ISO-8859-1
Date: Sat, 10 Sep 2022 17:58:43 GMT
Expires: Sat, 10 Sep 2022 17:58:43 GMT
Keep-Alive: timeout=5, max=99
Last-Modified: Sat, 10 Sep 2022 17:58:43 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK / Show response
www.turfprox.com/turf/offrepmu/ Frame AE81 7 KB
7 KB 405ms
101ms Document
text/html 194.150.236.165
HIWIT_AS

General

Check archive.org

Show headers Download Go to

Full URL: http://www.turfprox.com/turf/offrepmu/
Requested by: Host: www.offrepmu.c4.fr
URL: http://www.offrepmu.c4.fr/
Protocol: HTTP/1.1
Server: 194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns5.hiwit.net
Software: Apache /
Resource Hash: 9e032db98153483f8208e9346448d8acdf7866b33693c0e4e1bf916ca9a7cd1f

Request headers

Referer: http://www.offrepmu.c4.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html
Date: Sat, 10 Sep 2022 17:58:44 GMT
Keep-Alive: timeout=15, max=100
Server: Apache
Transfer-Encoding: chunked
Vary: Host

GET
H/1.1 200
OK stats-offrepmu.c4.fr.html Show response
www.offrepmu.c4.fr/ Frame F8FF 0
192 B 132ms
108ms Document
text/html 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://www.offrepmu.c4.fr/stats-offrepmu.c4.fr.html
Requested by: Host: www.offrepmu.c4.fr
URL: http://www.offrepmu.c4.fr/
Protocol: HTTP/1.1
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.offrepmu.c4.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 10 Sep 2022 17:58:43 GMT
Keep-Alive: timeout=5, max=100
Server: Apache

GET
H/1.1 200
OK site.js Show response
www.venez.fr/js/ Frame CC45 2 KB
1 KB 239ms
27ms Script
application/javascript 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.venez.fr/js/site.js?www.venez.fr
Requested by: Host: www.offrepmu.c4.fr
URL: http://www.offrepmu.c4.fr/barre-offrepmu.c4.fr.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: 0c91a24c2deb753c963c48cd9c3e5d16ee96128b30bce193c4324e121728c306

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.offrepmu.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:44 GMT
Content-Encoding: gzip
Last-Modified: Sat, 10 Sep 2022 17:58:44 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 1023
Expires: Sat, 17 Sep 2022 17:58:44 GMT

GET
H/1.1 200
OK separateur90.gif
www.venez.fr/images/ Frame CC45 82 B
388 B 240ms
27ms Image
image/gif 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.venez.fr/images/separateur90.gif
Requested by: Host: www.offrepmu.c4.fr
URL: http://www.offrepmu.c4.fr/barre-offrepmu.c4.fr.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: 3289fc83b622ca0a13683fa81b006a05de135d1938744d6e30e5c9be2f2d782a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.offrepmu.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:44 GMT
Last-Modified: Thu, 15 Nov 2018 22:11:22 GMT
Server: Apache
ETag: "52-57abb54b25680"
Content-Type: image/gif
Cache-Control: max-age=604800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 82

GET
H/1.1 200
OK adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame CC45 164 KB
57 KB 118ms
77ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.offrepmu.c4.fr
URL: http://www.offrepmu.c4.fr/barre-offrepmu.c4.fr.html

Protocol

HTTP/1.1

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6dc51f0013ed6369adbe988ed91caba1fe3b92b0bba44da6f99b0f3200a41592

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.offrepmu.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Sat, 10 Sep 2022 17:58:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 16767720450854802172
Vary: Accept-Encoding, Origin
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 57429
X-XSS-Protection: 0
Expires: Sat, 10 Sep 2022 17:58:45 GMT

GET
H/1.1 200
OK alternate-barre.htm Show response
www.venez.fr/ Frame F0BC 2 KB
1 KB 28ms
26ms Document
text/html 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.venez.fr/alternate-barre.htm
Requested by: Host: www.offrepmu.c4.fr
URL: http://www.offrepmu.c4.fr/barre-offrepmu.c4.fr.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: 9dd04d4969981c650f779991f9ef442a1455109ca0a90a251edb02e324c5a389

Request headers

Referer: http://www.offrepmu.c4.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 873
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 10 Sep 2022 17:58:44 GMT
Keep-Alive: timeout=5, max=99
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK barre90.gif
www.venez.fr/images/ Frame CC45 110 B
416 B 28ms
27ms Image
image/gif 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.venez.fr/images/barre90.gif
Requested by: Host: www.offrepmu.c4.fr
URL: http://www.offrepmu.c4.fr/barre-offrepmu.c4.fr.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: 49d4ba84e10d9d1f2a83956dde4f20625fd11efc01f60a3a4552a9e09a05a74f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.offrepmu.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:44 GMT
Last-Modified: Thu, 15 Nov 2018 22:06:23 GMT
Server: Apache
ETag: "6e-57abb42dff5c0"
Content-Type: image/gif
Cache-Control: max-age=604800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 110

GET
H/1.1 200
OK header.jpg
www.turfprox.com/turf/offrepmu/ Frame AE81 47 KB
47 KB 21ms
20ms Image
image/jpeg 194.150.236.165
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.turfprox.com/turf/offrepmu/header.jpg
Requested by: Host: www.turfprox.com
URL: http://www.turfprox.com/turf/offrepmu/
Protocol: HTTP/1.1
Server: 194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns5.hiwit.net
Software: Apache /
Resource Hash: 4bee4831055a077c68cb1f7384b95fc6afa5adba7028456d9f24122cf73fec3a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.turfprox.com/turf/offrepmu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:45 GMT
Last-Modified: Tue, 13 Oct 2015 19:25:43 GMT
Server: Apache
ETag: "e78484-bb68-522016972dbc0"
Vary: Host
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=99
Content-Length: 47976

GET
H/1.1

200
OK

topgagnant.gif
www.turfprox.com/img/ Frame AE81
Redirect Chain

https://img.root-top.com/topsite/topsorturf/banner.gif
https://www.turfprox.com/img/topgagnant.gif

21 KB
22 KB

81ms
20ms

Image
image/gif

194.150.236.165
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.turfprox.com/img/topgagnant.gif

Requested by

Host: www.turfprox.com
URL: http://www.turfprox.com/turf/offrepmu/

Protocol

HTTP/1.1

Server

194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),

Reverse DNS

ns5.hiwit.net

Software

Apache /

Resource Hash

8339a530df38805ff92d2d53161d9f8ced0d376e1756984e0ff3d313f7607bbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.turfprox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:45 GMT
Last-Modified: Fri, 24 Sep 2021 17:42:27 GMT
Server: Apache
ETag: "19146b1-5560-5ccc1454d46c0"
Vary: Host
Content-Type: image/gif
Connection: Keep-Alive
Strict-Transport-Security: max-age=15768000
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 21856

Redirect headers

date: Sat, 10 Sep 2022 17:58:45 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G5k5b6aF8CS6lT5sHenuMWiUMxLnO7NnD8vbrrlUDbtGMSHZg5Yainh0c5rP1hhEIXCbapG%2Fgz7uHZvgYRR4J7rQafBlhAZR7Du8ZBinPHMxL6PV84ZVLaSRgTnq6GriDsyiwddbbKr9HujrQ6qK"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
location: https://www.turfprox.com/img/topgagnant.gif
cf-ray: 748a0db42ddcd255-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK logo.gif
www.pronostar.net/ Frame AE81 12 KB
12 KB 332ms
20ms Image
image/gif 194.150.236.179
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.pronostar.net/logo.gif
Requested by: Host: www.turfprox.com
URL: http://www.turfprox.com/turf/offrepmu/
Protocol: HTTP/1.1
Server: 194.150.236.179 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns19.hiwit.net
Software: Apache /
Resource Hash: 9207d6d5b64eacd523ec2cd4ac6b5aaa5965f54f458d0848b0e7c3ce445ec088

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.turfprox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:45 GMT
Last-Modified: Wed, 19 Oct 2016 07:08:04 GMT
Server: Apache
ETag: "1629685-3094-53f32785f9d00"
Vary: Host
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 12436

GET
H/1.1 200
OK logo2.gif
turfvictoire.com/lien/ Frame AE81 407 KB
408 KB 573ms
88ms Image
image/gif 173.225.100.28
IS-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://turfvictoire.com/lien/logo2.gif
Requested by: Host: www.turfprox.com
URL: http://www.turfprox.com/turf/offrepmu/
Protocol: HTTP/1.1
Server: 173.225.100.28 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
Software: LiteSpeed /
Resource Hash: aed0c8666e5c0a1f69060a3275ccd4eb32fcf3bb0e7d254ebe3266262a60b57b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.turfprox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
last-modified: Mon, 04 Oct 2021 14:14:45 GMT
server: LiteSpeed
content-type: image/gif
cache-control: public, max-age=604800
Connection: Keep-Alive
accept-ranges: bytes
Keep-Alive: timeout=5, max=100
content-length: 417279
expires: Sat, 17 Sep 2022 17:58:45 GMT

GET
H/1.1

200
OK

logo.gif
www.turfgeny.com/img/ Frame AE81
Redirect Chain

http://turfgeny.com/img/logo.gif
http://www.turfgeny.com/img/logo.gif

9 KB
9 KB

56ms
20ms

Image
image/gif

194.150.236.165
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.turfgeny.com/img/logo.gif
Requested by: Host: www.turfprox.com
URL: http://www.turfprox.com/turf/offrepmu/
Protocol: HTTP/1.1
Server: 194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns5.hiwit.net
Software: Apache /
Resource Hash: d5127e3bfb1b69e0213ad5552051e6687d4d8a452669e4a5c69899e9b4ff2378

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.turfprox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:45 GMT
Last-Modified: Tue, 13 Oct 2015 18:57:43 GMT
Server: Apache
ETag: "e77fd7-2458-52201055017c0"
Vary: Host
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 9304

Redirect headers

Date: Sat, 10 Sep 2022 17:58:45 GMT
X-Pad: avoid browser bug
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Location: http://www.turfgeny.com/img/logo.gif
Connection: Keep-Alive
Keep-Alive: timeout=15, max=100
Content-Length: 244

GET
H/1.1 200
OK geocompteur.php Show response
www.widgeo.net/geocompteur/ Frame AE81 5 KB
3 KB 255ms
216ms Script
application/javascript 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://www.widgeo.net/geocompteur/geocompteur.php?c=geoall2&id=2198744&adult=0&cat=sport&fonce=&claire=

Requested by

Host: www.turfprox.com
URL: http://www.turfprox.com/turf/offrepmu/

Protocol

HTTP/1.1

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2128c433af909d66850b0f569c627a4ed9b35bc4b1cdff1004050599fde0744a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.turfprox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yMtlUgWvD90VtzrHaO6BQ%2Bg6wsgC6U7WS2ehb%2FIAK7zNgYUSYVNvCCNjyfqL8vWiXvfpK1YFkXcpJSXZYPseZ7PNlBZ1vSkN%2FK0Jg6ofaW8mgmOQaqKNE2Zon8WDvcUR%2BD6kARJjEK%2F1ABE6"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
Connection: keep-alive
CF-RAY: 748a0db42ada99fa-CDG
Content-Length: 2027
expires: Sat, 17 Sep 2022 17:58:44 GMT

GET
H/1.1 200
OK logopm.png
www.widgeo.net/img/ Frame AE81 714 B
2 KB 73ms
36ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.widgeo.net/img/logopm.png

Requested by

Host: www.turfprox.com
URL: http://www.turfprox.com/turf/offrepmu/

Protocol

HTTP/1.1

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5fda4bddbc21f1d990ef4b42a6350e739a1870c73c6ab240aa921651bfe5a08

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.turfprox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 1458593
Cf-Polished: origFmt=png, origSize=847
Content-Disposition: inline; filename="logopm.webp"
Connection: keep-alive
Content-Length: 714
last-modified: Thu, 20 Jun 2019 15:14:49 GMT
Server: cloudflare
Vary: Accept
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HqvMvGa4b%2BBu2yu1l1r3t3TYWcd8smGBiIC5B2TCwwGRXPSMouZyU96oVl%2FWr3GBDAWrG4Q93fqMl1zBOwN0kWvEkumMvlyCyJtsXoACxinprcUV1s%2FX2vi95HbTHUqa65OxKxX4%2F9eP9vsK"}],"group":"cf-nel","max_age":604800}
Content-Type: image/webp
expires: Fri, 23 Sep 2022 20:48:52 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
Accept-Ranges: bytes
CF-RAY: 748a0db42ab5d2d5-CDG
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK ticket_pmu1.jpg
www.turfprox.com/turf/offrepmu/ Frame AE81 23 KB
23 KB 35ms
19ms Image
image/jpeg 194.150.236.165
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.turfprox.com/turf/offrepmu/ticket_pmu1.jpg
Requested by: Host: www.turfprox.com
URL: http://www.turfprox.com/turf/offrepmu/
Protocol: HTTP/1.1
Server: 194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns5.hiwit.net
Software: Apache /
Resource Hash: b415c26c4eb3661a7957634989bb41d47b2911822b3835814c24d12debbf7dd1

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.turfprox.com/turf/offrepmu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:45 GMT
Last-Modified: Tue, 13 Oct 2015 19:25:48 GMT
Server: Apache
ETag: "e78489-5cd7-5220169bf2700"
Vary: Host
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=98
Content-Length: 23767

GET
H/1.1 200
OK script.php Show response
script.starpass.fr/ Frame AE81 20 B
286 B 195ms
42ms Script
text/html 194.0.255.28
NEO-ASN legacy Ne...

General

Check archive.org

Show headers Download Go to

Full URL: https://script.starpass.fr/script.php?idd=433832&datas=
Requested by: Host: www.turfprox.com
URL: http://www.turfprox.com/turf/offrepmu/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.0.255.28 , France, ASN8218 (NEO-ASN legacy Neotelecoms, FR),
Reverse DNS: srv28.bdmultimedia.fr
Software: Apache /
Resource Hash: 65e35c6ae1f74e16cbe663763323963eec7c6a22512042ab0758bd68151934a1

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.turfprox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:09 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 40

GET
H/1.1 200
OK 120x60.gif
www.venez.fr/images/ Frame F0BC 4 KB
4 KB 27ms
25ms Image
image/gif 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.venez.fr/images/120x60.gif
Requested by: Host: www.venez.fr
URL: https://www.venez.fr/alternate-barre.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: 7dc792d48132ff15a9ad8c11a139bf26f8e13aa3df30a71582ae406ddffdab4f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.venez.fr/alternate-barre.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:44 GMT
Last-Modified: Wed, 02 Mar 2011 00:16:24 GMT
Server: Apache
ETag: "f4c-49d74d2b9c600"
Content-Type: image/gif
Cache-Control: max-age=604800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 3916

GET
H/1.1 200
OK site.js Show response
www.venez.fr/js/ Frame F0BC 2 KB
1 KB 28ms
26ms Script
application/javascript 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.venez.fr/js/site.js?www.venez.fr
Requested by: Host: www.venez.fr
URL: https://www.venez.fr/alternate-barre.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: 0c91a24c2deb753c963c48cd9c3e5d16ee96128b30bce193c4324e121728c306

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.venez.fr/alternate-barre.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:44 GMT
Content-Encoding: gzip
Last-Modified: Sat, 10 Sep 2022 17:58:44 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 1023
Expires: Sat, 17 Sep 2022 17:58:44 GMT

GET
H/1.1 200
OK button.png
www.turfprox.com/turf/offrepmu/ Frame AE81 2 KB
3 KB 40ms
20ms Image
image/png 194.150.236.165
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.turfprox.com/turf/offrepmu/button.png
Requested by: Host: www.turfprox.com
URL: http://www.turfprox.com/turf/offrepmu/
Protocol: HTTP/1.1
Server: 194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS: ns5.hiwit.net
Software: Apache /
Resource Hash: ac9e49f303ce8afc79a5984e6135d9f807d42fd72d6c4b5219638ad72424f846

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.turfprox.com/turf/offrepmu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:45 GMT
Last-Modified: Tue, 13 Oct 2015 19:25:40 GMT
Server: Apache
ETag: "e78482-8ff-5220169451500"
Vary: Host
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 2303

GET
H/1.1 200
OK barre90.gif
www.venez.fr/images/ Frame F0BC 110 B
416 B 35ms
25ms Image
image/gif 5.135.149.81
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.venez.fr/images/barre90.gif
Requested by: Host: www.venez.fr
URL: https://www.venez.fr/alternate-barre.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.135.149.81 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: web3.venez.net
Software: Apache /
Resource Hash: 49d4ba84e10d9d1f2a83956dde4f20625fd11efc01f60a3a4552a9e09a05a74f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.venez.fr/alternate-barre.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:44 GMT
Last-Modified: Thu, 15 Nov 2018 22:06:23 GMT
Server: Apache
ETag: "6e-57abb42dff5c0"
Content-Type: image/gif
Cache-Control: max-age=604800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 110

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209060101/ Frame CC45 345 KB
122 KB 144ms
84ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209060101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5203714787387788&plah=www.offrepmu.c4.fr

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84565692d0a5468e68d4867cb9d299e82f2e826c6c5be39142b8c79bf5e6977c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.offrepmu.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124232
x-xss-protection: 0
server: cafe
etag: 9992833256618324740
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 10 Sep 2022 17:58:45 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220907/r20190131/ Frame B495 10 KB
5 KB 86ms
26ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220907/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.offrepmu.c4.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 1012
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Sep 2022 17:41:53 GMT
etag: 8616628553774171045
expires: Sat, 24 Sep 2022 17:41:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 tcm.js Show response
www.widgeo.net/ Frame AE81 4 KB
2 KB 296ms
247ms Script
application/javascript 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.widgeo.net/tcm.js

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur.php?c=geoall2&id=2198744&adult=0&cat=sport&fonce=&claire=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78d18f6094a928bd2488d6d3d2959151533024806c8a402284569ef676d025dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.turfprox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Fri, 01 Jul 2022 12:09:33 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kUenDazo3yTIGyLqhP1812MG4inq2iRaOmW59kbhU7jRZ50zfOkxXwB14Xkha2T15aouNrnP0zBm9syZA%2Fn34W%2BzX1whFbO4J%2F620gaNnIN%2BZeuVfZQwRh5XbuaaL3okK4hDSVvz7nGbO%2FH%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-turbo-charged-by: LiteSpeed
cf-ray: 748a0db5cf13d5d9-CDG
expires: Sat, 17 Sep 2022 17:58:44 GMT

GET
H2 200 tcm_t_u.js Show response
www.widgeo.net/ Frame AE81 4 KB
2 KB 275ms
227ms Script
application/javascript 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.widgeo.net/tcm_t_u.js

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur.php?c=geoall2&id=2198744&adult=0&cat=sport&fonce=&claire=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a05f2146c5b8d3dcbd30a0e912a3dc5c28d30430d4fd9a62a464de1630ec87ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.turfprox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Mon, 25 Jul 2022 16:50:39 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oVaF2p9KDRnKvUwnIBcCIOYojwcqpboGEASSDd9n0V72nYkb8ojivVENpwRUOTVcj4tRbnIUR79%2FXk7ouzuhQixdYiSf0CLTpcTl1LFXuUjI0BeTSIrqAi8C7oiJiL8PVqiK1xuDR2AH00%2Fa"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-turbo-charged-by: LiteSpeed
cf-ray: 748a0db5cf15d5d9-CDG
expires: Sat, 17 Sep 2022 17:58:44 GMT

GET
H2 200 tag.min.js Show response
inklinkor.com/ Frame AE81 71 KB
25 KB 94ms
36ms Script
text/javascript 2606:4700:3030::ac43:d31d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://inklinkor.com/tag.min.js
Requested by: Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur.php?c=geoall2&id=2198744&adult=0&cat=sport&fonce=&claire=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:d31d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8abfd720f7d8cc630d1cd56f4a41cf9a4dded524f4cb648b8a6c2fe8a0f6353f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.turfprox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: *
age: 7173
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-trace-id: 20452dab134a85892b621c3bf187b874
pragma: no-cache
last-modified: Thu, 08 Sep 2022 14:32:55 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oYGbF1X8%2F%2BsXWcWKP8ovwWP7tvpTN4yYGg8BtYCMFNUozN1iTb%2BDuk%2BQ00Ajtdoksk1rlS2qntqNRrQtVPiRCUV5AnoLyX0ESV0fGmzyNpXKRF0y79z1l6gpeFkRFAeISmk%2Fa4v%2F64CfEzG%2B"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400
access-control-allow-credentials: true
cf-ray: 748a0db5d95099e7-CDG
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
expires: Sun, 11 Sep 2022 15:59:12 GMT

GET
H/1.1 200
OK geocompteur_html.php Show response
www.widgeo.net/geocompteur/ Frame 7416 15 KB
4 KB 155ms
155ms Document
text/html 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur.php?c=geoall2&id=2198744&adult=0&cat=sport&fonce=&claire=

Protocol

HTTP/1.1

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8089b518dd9070e8f05e87e2e3e841d77575bc460f7cf5f0df488596d609ba52

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.turfprox.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 748a0db58d6399fa-CDG
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 10 Sep 2022 17:58:45 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LnpcgZkSKl6fUh0tZerKHxe6KnBq63w2wQtVCzAsQ0tvjaNAPn8lc5knLtxZ8okS8p5D05sCQiY19IuTSpic5lTdZDH71jpsQcN3RxEMFIvDv31RLqdF1b9IWybudbVeVMaeZzsMGZ3lHqTI"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
cache-control: public, max-age=180
expires: Sat, 10 Sep 2022 18:01:44 GMT
p3p: CP="NOI ADM DEV COM NAV OUR STP"
vary: Accept-Encoding
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed

GET
H2 200 hitparade.php Show response
www.widgeo.net/ Frame 3025 2 KB
1 KB 271ms
228ms Document
text/html 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.widgeo.net/hitparade.php?pagexiti=geoall2

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur.php?c=geoall2&id=2198744&adult=0&cat=sport&fonce=&claire=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2e347d748f1ec7451a7c548762e93bbbc9132829120eb0c328129d52c86426d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.turfprox.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

cache-control: public, max-age=180
cf-cache-status: DYNAMIC
cf-ray: 748a0db5cf07d5d9-CDG
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 10 Sep 2022 17:58:45 GMT
expires: Sat, 10 Sep 2022 18:01:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WbojPFnsUi%2BKOpnbeFHwU0um5MJ9%2BWIIJeggzMkKleUmCwJdDq%2Fv%2BD7s6NLUy0Dt6Mq9sLJCFZLD2gxS8EsURZYQv%2FUqrggUBM8IcPTi34TAS6x5jr5o%2FCTtWsOBvORp9l2qtLuTN%2Bs3F6rz"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed

GET
H/1.1 200
OK buy.apu Show response
payment.allopass.com/buy/ Frame EDDA 9 KB
4 KB 882ms
291ms Document
text/html 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
Requested by: Host: www.turfprox.com
URL: http://www.turfprox.com/turf/offrepmu/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: 80a63d11779d9343c22d00a2c39a666eaaffb0da8ca85eead50cc693a67decc6

Request headers

Referer: http://www.turfprox.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Encoding: gzip
Content-Length: 3175
Content-Type: text/html; charset=UTF-8
Date: Sat, 10 Sep 2022 17:58:45 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP='NON NID OTPa OUR NOR' policy-ref='http://payment.allopass.com/info/p3p/policy-references.xml'
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

ticket_pmu.jpg
www.turfprox.com/turf/offrepmu/ Frame AE81
Redirect Chain

http://www.turfprox.com/turf/offrepmu/ticket_pmu.jpg
https://www.turfprox.com/turf/offrepmu/ticket_pmu.jpg

8 KB
9 KB

21ms
20ms

Image
image/jpeg

194.150.236.165
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.turfprox.com/turf/offrepmu/ticket_pmu.jpg

Requested by

Host: www.turfprox.com
URL: http://www.turfprox.com/turf/offrepmu/

Protocol

HTTP/1.1

Server

194.150.236.165 , France, ASN44976 (HIWIT_AS, FR),

Reverse DNS

ns5.hiwit.net

Software

Apache /

Resource Hash

70c931a12ab6a4d0bf386c6561309c23cafb4b927fb3dd57f6866545074a9637

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.turfprox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:45 GMT
Last-Modified: Tue, 13 Oct 2015 19:25:47 GMT
Server: Apache
ETag: "e78488-215b-5220169afe4c0"
Vary: Host
Content-Type: image/jpeg
Connection: Keep-Alive
Strict-Transport-Security: max-age=15768000
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=99
Content-Length: 8539

Redirect headers

Location: https://www.turfprox.com/turf/offrepmu/ticket_pmu.jpg
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2 200 / Show response
bedrapiona.com/5/3294720/ Frame AE81 45 B
542 B 81ms
21ms XHR
application/json 139.45.197.234
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://bedrapiona.com/5/3294720/?oo=1&js_build=iclick-v1.425.0
Requested by: Host: inklinkor.com
URL: https://inklinkor.com/tag.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.234 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 389df04d440cebbbb55c101252f8ef749ef505fba94fc90146cf555628bbf5d0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.turfprox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-trace-id: e11f419fe4c742723ff7926bb400315f
pragma: no-cache, no-cache
date: Sat, 10 Sep 2022 17:58:45 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: http://www.turfprox.com
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
content-length: 45
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame CC45 209 B
640 B 144ms
34ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.offrepmu.c4.fr&callback=_gfp_s_&client=ca-pub-5203714787387788

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209060101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5203714787387788&plah=www.offrepmu.c4.fr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

472d8e3c8c2b674cc50597bdaf60c2560232f5e77e9f622df83cac4c2748c42b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.offrepmu.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 195
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.fr/adsid/ Frame CC45 107 B
792 B 122ms
35ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=www.offrepmu.c4.fr

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.offrepmu.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 10 Sep 2022 17:58:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame CC45 107 B
549 B 120ms
34ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.offrepmu.c4.fr

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.offrepmu.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 10 Sep 2022 17:58:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1866 17 KB
8 KB 143ms
142ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5203714787387788&output=html&h=90&slotname=4563536207&adk=2647235303&adf=3604715433&pi=t.ma~as.4563536207&w=970&psa=0&format=970x90&url=http%3A%2F%2Fwww.offrepmu.c4.fr%2F&ea=0&wgl=1&dt=1662832725216&bpp=5&bdt=455&idt=251&shv=r20220907&mjsv=m202209060101&ptt=9&saldr=aa&correlator=737976569746&frm=23&ife=1&pv=2&ga_vid=1669214694.1662832725&ga_sid=1662832725&ga_hid=145810130&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=20&ady=0&biw=1600&bih=1200&isw=1600&ish=90&ifk=2442246655&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761792%2C42531705%2C44770881%2C31062931&oid=2&pvsid=3789821193597021&tmod=1724509726&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=o%7Co%7CaeE%7C&abl=NA&pfx=0&fu=4&bc=23&ifi=1&uci=1.onqgnhgjswye&fsb=1&dtd=266

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e308a7f13818486601b03b2e06af293b29ebcc2f2bef6dd76947d90728cc98f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.offrepmu.c4.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 8031
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Sep 2022 17:58:45 GMT
expires: Sat, 10 Sep 2022 17:58:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 7416 5 KB
1 KB 96ms
36ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

910612fc65208677f4e2fff60558e0f1949138a3696402a17ed5582efe0d2649

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 10 Sep 2022 17:04:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 10 Sep 2022 17:58:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 10 Sep 2022 17:58:45 GMT

GET
H2 200 geo_css.php
www.widgeo.net/geocompteur/css/ Frame 7416 5 KB
2 KB 216ms
215ms Stylesheet
text/css 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.widgeo.net/geocompteur/css/geo_css.php?c=geoall2&size=

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e6f00f8423f9d7fbaf4564c97400ead5eb437cace358ffdf13383bb9efc569d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w%2FPnyCGEVbHs7FfeX3rOvw%2B5dIaeJaAm4y8bytJvESCOwT21LTR2d7vJCZBw9omLIkm1BxcqdQ94%2F3f%2Bi%2FCmVrRhE0v37Eqew%2Fi%2FDSqrAFtr4adbshrKuwea5o7hhKL7X6rw%2FQAarXFUGbpe"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 748a0db68895d5d9-CDG
expires: Sat, 17 Sep 2022 17:58:44 GMT

GET
H2 200 flag_united%20states.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 1008 B
1 KB 44ms
39ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_united%20states.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6baa676f5ca2682fd2d7945ca2d3b06759d8a1bdd4974e4c3e00b80643410399

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 175589
cf-polished: origFmt=png, origSize=1214
content-disposition: inline; filename="flag_united%20states.webp"
content-length: 1008
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BpaOn3mKgojmCg44rKp7NpWw1sivmKwDtPUQ0KXPioEAZjSB4ORsgvj4FHAQhOr95dsVldFc%2FlmljqPHjmLnsiiNhmRDaVjSECuPcRlboFzQuXo90Ox6Ss1FY6905PCVYOMqUWXmEOg0FJVX"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sat, 08 Oct 2022 17:12:15 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db698bad5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_mali.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 706 B
1 KB 45ms
38ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_mali.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25f14b8cb855a61b4ff8cf23545a8cddca92dc7f76b157aa2f5a5a8ff19664e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 165933
cf-polished: origFmt=png, origSize=925
content-disposition: inline; filename="flag_mali.webp"
content-length: 706
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NT%2BN0RI%2BAMyI1VWv3o%2FDlUjSOdn%2FjJlr%2BEyFagHvVDUUUbJuP44LLOAXZVaO8U4q5rlADUI2RLidze9CnpJd7EqCMlLTD66L%2BQIOVdqAPZxz5YwV7TUB56TDH1UYKp6EL7cfq0pHVQyC%2BAv2"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sat, 08 Oct 2022 19:53:11 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db698bfd5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_burkina%20faso.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 780 B
1 KB 59ms
53ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_burkina%20faso.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f355e564dbb69ea1e15036b492804fed3ef2f141a5315b3e31ee5820af23ddc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1539549
cf-polished: origFmt=png, origSize=980
content-disposition: inline; filename="flag_burkina%20faso.webp"
content-length: 780
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S%2FoyStiTZ90dfpqMgwaZc9HIRu343R9TZlwWqYU%2BWB9WvLBJ37ATyxWrJ3AZDoveSKveR5pf4i12f3oVXzNZZXQFiM2ferbZZYS1Avk12TKdVaNThdmpvU%2FcbR%2BbiF9435K2lVvuRpgTu8UR"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Thu, 22 Sep 2022 22:19:35 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db698c1d5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_morocco.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 774 B
1 KB 34ms
28ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_morocco.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c8caec91ec3dde8806152942a044c1a9296856d8d2744e665ac6f27e2268619

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 387726
cf-polished: origFmt=png, origSize=962
content-disposition: inline; filename="flag_morocco.webp"
content-length: 774
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k92aXi8x16BvjojJeR4Bv0eT42dHIokFWaW%2BviBJCJEvJLuNgDs%2BTTX5sRK1xbbMAfPuOjpYhsVCXeGlcIXBfmXcsLhid0tmx0VU571ZGijRtS3%2FVDLaa9XAs3OqVAx0ZYBi705eOX3U%2Fx7H"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Thu, 06 Oct 2022 06:16:38 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db698c5d5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_france.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 696 B
1 KB 42ms
36ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_france.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf91a9e6437f46b4e59f5786b40ac2da0d23f70060729e3e9adbd1bbbd2ab716

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 169883
cf-polished: origFmt=png, origSize=901
content-disposition: inline; filename="flag_france.webp"
content-length: 696
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uc6phNRsvbV%2FljhcBlMv0p8Uh%2BDBxQw1KsHgyqzmFPDz0s6yxR%2BFoq%2Fp%2FvYhMuZShR8YokpRa7QGEGCYojRwObjf%2Bc%2Bkp6HDWDpn3%2BWxhE%2BR8v2X%2BxC8iSFy9y7514L8YGXsgLDPEgmlacIA"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sat, 08 Oct 2022 18:47:21 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db698c8d5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_south%20africa.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 1 KB
1 KB 34ms
29ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_south%20africa.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d32406c95c7750f53373117a45b227a64b0fbf8382c8bcc5cc937ebb171bc51f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 167463
cf-polished: origFmt=png, origSize=1287
content-disposition: inline; filename="flag_south%20africa.webp"
content-length: 1102
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WSpi%2FlBjaMAmy22sk5vqffrp3WoubCA%2B23Xxi4Hhc7Z6RfrcwGeWjz5N8Ba3918r4edmqMRx50SXKBOvgFum%2B3OpxQj9GIMVltPAB0wFWBMRmberSl7TPvoLeA%2BB%2B4gOJb7O8R24qXkubGKD"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sat, 08 Oct 2022 19:27:41 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db698cad5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_niger.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 798 B
1 KB 43ms
37ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_niger.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51268488626794c0bf2f103c43013b30e89c39a3746a9c4fc14c0ee73d8ae84c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 23667
cf-polished: origFmt=png, origSize=1002
content-disposition: inline; filename="flag_niger.webp"
content-length: 798
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Z2UaEw1XiGcu3CfXOr1VCoxO7vVxpqXEUDLsGML62d%2FpB8GS2rnMh2Cf24HVETm6Kphjq8gL6W3F6%2BmyT5KiVxRFQPV970dlyPQRNwtXPwCRDTb57ApO4UVTD2eEGb19V2TwbOIbPo4cYQ9"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Mon, 10 Oct 2022 11:24:17 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db698cdd5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_chad.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 634 B
998 B 54ms
49ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_chad.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5c27bccc92627ec75a67d870db5857d40d2f3522df1a01c429c40a19f010d78

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 23667
cf-polished: origFmt=png, origSize=812
content-disposition: inline; filename="flag_chad.webp"
content-length: 634
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UnejF%2BUxdqBfc%2BSkA19epMDtFh6sYLjYuBwBxMVcNpU1M8g7ZBFPRrgv6TlTavO9vdIZzEhsOCvq%2BTDX8UsJrQKiwKS4%2FabRznlfJCnQ8x3YexJ3E8BzmCSP24e7loA1BgyK7C4RakvuLIGX"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Mon, 10 Oct 2022 11:24:17 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db698ced5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_senegal.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 824 B
1 KB 41ms
35ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_senegal.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79ddc7167e6e464e0598a8d77c7dfd629369a3c6b043b4952591a23cc109765f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2185504
cf-polished: origFmt=png, origSize=1034
content-disposition: inline; filename="flag_senegal.webp"
content-length: 824
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BkRgTHikg7Ogd149nagSUZHdsPdm%2B9DCx1o3YBxHzeRKceSVyKXfLeJtbW27aDCj%2FeZpkeBPNMlmInVwcbjgJAgkETwlMvnxx5cWXj0wNqHWnLkLIUH7OuVUzfmkHUd52ncK5fxNClngH1ke"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Thu, 15 Sep 2022 10:53:40 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db698cfd5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_guinea.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 718 B
1 KB 45ms
40ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_guinea.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7efdc65a1b9c96f18cafa0ecff56af0389df458f4b6b8f53a447e89721ed8749

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1920965
cf-polished: origFmt=png, origSize=915
content-disposition: inline; filename="flag_guinea.webp"
content-length: 718
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y4AwKPHhpHTxQ2BvhqRVp47Mpl1WIvtRDptAFQVmfX82pPNYT7m3NbwNj4oPUTzrtoOt1YK3utEBwUWHqn01fnmSGIYRlXXDY%2FBwZvjLIbs38%2Fb7NT8LYwZIF0xQHMMRj094lGVRTs72n9we"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sun, 18 Sep 2022 12:22:39 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a8e1d5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_cameroon.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 762 B
1 KB 44ms
39ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_cameroon.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64495c7e3289052a726f7b9f85c84ddcd4472736a55c5ee8fc01cb5d9da08c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 170526
cf-polished: origFmt=png, origSize=980
content-disposition: inline; filename="flag_cameroon.webp"
content-length: 762
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kMU9i0SrnbuG9C5XgrVla0ukK6PY3BCMehgLpk%2ByGRWO0ZPqf9DVGsf2BQOfyeqS82d733EC25thjBWJXyChAus%2FFz9zmxAxgFdKgiPMPBn%2BMIdSrHR74TfPxNx4YfH18WIJ5RvtifhHC9t%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sat, 08 Oct 2022 18:36:38 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a8e3d5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_reunion.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 1 KB
1 KB 45ms
40ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_reunion.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f0c4762d576389a110cee7fbca8b96c4d7c64fc3713d4d4f60cf0c09dbcce6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2180737
cf-polished: origFmt=png, origSize=1142
content-disposition: inline; filename="flag_reunion.webp"
content-length: 1026
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Ezs4JPKmCL69JjQygO43%2FuXqSF3umaUA2rJ%2BE%2FGbvjHEjG6J76rNEuW7aeJsZJMwPsKqd2PnJeHw2lJQzYAi1zZn%2Br4Vf7NTDJsB77td1Dcx4xIxPFd%2Ff5KLzuxXSKrOCb0SB26N%2FdcOCyu"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Thu, 15 Sep 2022 12:13:07 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a8e6d5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_gabon.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 652 B
1020 B 44ms
39ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_gabon.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a07f1527129bcf149f43e45f1a7a5097d80fae8d709176ed8570d9ab8aa5e22e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 154834
cf-polished: origFmt=png, origSize=841
content-disposition: inline; filename="flag_gabon.webp"
content-length: 652
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DU%2BPxpB%2Fe2q728GkKT2Kwv4j3qbw89xLcFT7thNB4V5tz80%2BDr8Fr8WmepbPUX3hiotfag0Be9MK%2Bnlvop6%2BsyPYblZwOsC96tpbpD2yOwQpFzOsAJz2zW%2F0JeijTD94WUUpcIpXD%2FV5eY6M"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sat, 08 Oct 2022 22:58:11 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a8ead5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_germany.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 686 B
1 KB 45ms
40ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_germany.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b4f1b8a79090e222e116c0bb9a7333a8b88f41dd2172122f67e8c0f1a6c2e21

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 173830
cf-polished: origFmt=png, origSize=873
content-disposition: inline; filename="flag_germany.webp"
content-length: 686
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WXQmjc2DD51VVv9QHoPkuqQvAVjBlJChiPFVx0Kb8pOtbCLd%2BIn4y3FhEEmaYx51hWqVMSBCcFggGjVEKmB9HYh7bsID3Rp7QjpjNAs7C8DIks%2BBJAccQlVkqm%2BHio4U40nubNc5sQO4od1k"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sat, 08 Oct 2022 17:41:34 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a8ebd5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_nigeria.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 758 B
1 KB 46ms
41ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_nigeria.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8b10565f31e567e5d8a5f6481c4d6b652931dc865f8c6f43c8435850cecc6e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 773623
cf-polished: origFmt=png, origSize=977
content-disposition: inline; filename="flag_nigeria.webp"
content-length: 758
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2FtPzOfXoj5dDM4QhCPEmd850cviMy8%2BV%2BeDqhzAFURRLTsCfZz2697P6ZJ6%2FF4qei35V5y7X6MygrZ4W8lGeRdObh1W18eGAFwWw42rwqeVdJlATYOM6yPHSFVl16xQGL9%2Fx%2FCN3ZjlDsnw"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sat, 01 Oct 2022 19:05:01 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a8ecd5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_tunisia.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 874 B
1 KB 51ms
46ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_tunisia.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9df324499f52ae5e86a2ec1b4048d197e5f391eae730db8910cece42cc798608

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 166414
cf-polished: origFmt=png, origSize=1132
content-disposition: inline; filename="flag_tunisia.webp"
content-length: 874
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pwn2mBqHZJIOAqdDt9iq0xM4SN4NzuoMfU%2BudcFV6kfAB%2FxjI8kq%2FoYcvIdvzsJ4xZf4BFZ9k4dQJwgDJssUr2evQhFuQqPE%2FOrHlR1%2Bo1tAAsR4HoMUd6B2N1w%2B1j91piUPft7lUZEhLroS"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sat, 08 Oct 2022 19:45:10 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a8eed5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_china.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 702 B
1 KB 50ms
46ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_china.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07f1ad3d856683310a9969f848d718b5f55850ff8c7bea5adec121a54edb4f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 769862
cf-polished: origFmt=png, origSize=863
content-disposition: inline; filename="flag_china.webp"
content-length: 702
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SIbLH657zpi%2FLyHLMflWGiLhqRQJviuQXc7JvwKvtMtXAsUh8kiURS8yEZZymU6kxAkbEehEmJBeTop4%2FLwO1xNaYD686wZwf7GLJUy3YgaXrbR5OAsDhDvx8I%2Bs2QOLCxu%2Fz1R5uWSZbJUX"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sat, 01 Oct 2022 20:07:43 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a8f1d5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_madagascar.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 722 B
1 KB 49ms
45ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_madagascar.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ef026f2eff55ca1760598b139548e1d5c2f2117371f558f7cb5d9a799df17c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 165477
cf-polished: origFmt=png, origSize=942
content-disposition: inline; filename="flag_madagascar.webp"
content-length: 722
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rotz%2F5%2FRNJlj7Te43vS8iiw1sVbXj9PKjfDYtJgADdF7%2FMKYMEUZ0OB6ELJC2xpzOum2SkuXA8Da6axlMjD0Ur%2BGklsFgoCh2zPKvevTYSK2Bz5QSXCTw0gyWJCh4HKhUHVbjvU0AzIVhjAD"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sat, 08 Oct 2022 20:00:47 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a8f2d5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_united%20kingdom.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 1 KB
2 KB 47ms
43ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_united%20kingdom.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1319ad29f9822f08a6740f0b89e91127cfb11a449f99528f0a7928156032c9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1545356
cf-polished: origFmt=png, origSize=1459
content-disposition: inline; filename="flag_united%20kingdom.webp"
content-length: 1220
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uoidMN4ccYnmlwoiZVhZUFIeFqmA1yt%2FWkRSN4%2Fqc4KwfRooiEB0iRwbjeM3EMy2%2FoLY1xM5zAAMwSX5UzPa18Tqlv4TFzKTs5uh95hY18MTZzRtRcMiJiL1tiJ3rZrDMyQy2nPY%2FV2uQdIE"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Thu, 22 Sep 2022 20:42:48 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a8f3d5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_singapore.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 768 B
1 KB 45ms
41ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_singapore.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04f122230781518f0b5807695a1c731e33bea9ba0264d612c799485074204627

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 174337
cf-polished: origFmt=png, origSize=939
content-disposition: inline; filename="flag_singapore.webp"
content-length: 768
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nsgsbACKG3HEgwiy5dlBKKpYt3wpZ%2BjJfsoX6f%2FdiEYsSkRSP7G7ZJyHvH6zxYo2xS5kqVlF6jJtyPFYiyujwuBdUjtUT3rsJhmF4sBFPZkjfxUDLZVteS0EMUX6oURGYrA%2Bc5dW2crLQeEV"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sat, 08 Oct 2022 17:33:07 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a8f4d5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_guadeloupe.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 696 B
1 KB 50ms
46ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_guadeloupe.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf91a9e6437f46b4e59f5786b40ac2da0d23f70060729e3e9adbd1bbbd2ab716

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 162225
cf-polished: origFmt=png, origSize=901
content-disposition: inline; filename="flag_guadeloupe.webp"
content-length: 696
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vl3R7m0cHM0n7ubeISO8R0cKKOKMlsHVIqVixMCHrOeJXnZtoB6Areo34uh0QJNMt%2BDr7HZDzmF%2Bw%2Fyd%2FbJ1BjNL4IGJMQDLlRqVyFn4TClaELhhLrnZDPFXm0fghqS7RfSNTSJqc7LG0QdH"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sat, 08 Oct 2022 20:54:59 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a8f6d5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_india.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 806 B
1 KB 46ms
42ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_india.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b73e30b7030de7ec01db85eb01edfb3d228169583d6ccc6583bec0552d7ce172

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 170466
cf-polished: origFmt=png, origSize=1027
content-disposition: inline; filename="flag_india.webp"
content-length: 806
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g3HxaRnlPCEtbZCNkqTmPbfHLSEF9BIPQxi0CFiF0Jlvtmnn8%2BDfSvGCwyOllXSnpp7IxUa%2BrXusoKY9REaDR6K4TLTbAvzV3k37yLVuAZFR0G8Apjy3vKkdNb%2BJqnfIr3DZbrkH5rQGYmHP"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sat, 08 Oct 2022 18:37:38 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a8f7d5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_mexico.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 898 B
1 KB 49ms
45ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_mexico.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e625a4a1fd8634f22935c0e559d3cc5a69b25f78233832c677a8a58f857e2ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 167463
cf-polished: origFmt=png, origSize=1131
content-disposition: inline; filename="flag_mexico.webp"
content-length: 898
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UKGb2Xy2FtlK97hbv46KkgjWaYrQvB4JSWlJqBrIx84aslT1pMI3%2BElUWPS2fow%2BmUcKAjk6A4KNI%2BPMrBOIq8Slue2UAj%2FBETP2Z2My%2FXqsPs5DxP%2FzJqzKORRExtFqr%2FFrV2bNMFv5mJjw"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sat, 08 Oct 2022 19:27:41 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a8f8d5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_benin.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 710 B
1 KB 50ms
47ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_benin.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27d9e95348604155762e0fa4367a7767251e5b43956c80d2798d4af18f4bd704

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2185257
cf-polished: origFmt=png, origSize=946
content-disposition: inline; filename="flag_benin.webp"
content-length: 710
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JorgxWOcJo0BfNcoPtvfk7q%2F5mejjhR8EZVT0YtNt8kBvViID0AtrosNXCYJwuWFFrKqSDSe1%2BG0P62J%2FnwXDYqXcoN%2BsVvnZ6WadoIwxa5QqePgU7%2B1SwbBCN2Va1cqF0uKHpBKAiEhJCMW"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Thu, 15 Sep 2022 10:57:47 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a8f9d5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_congo.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 810 B
1 KB 47ms
44ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_congo.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79ba56f1dc7115f34dfc9acf266e3389b20ad4f0c4ad97bd2273aaff498c6816

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 23667
cf-polished: origFmt=png, origSize=1056
content-disposition: inline; filename="flag_congo.webp"
content-length: 810
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NuLNijz3Hla%2B0YqNPcxGH68D%2FfBRlmilOPSA7uVA7J1d1VlTGZXnWZZxWovPe8aOBA0TCZ96TDCqY86Z4%2FRIY%2FN6l8L2pX7JeTO0Me3T830ItH8%2B7lh68o%2F7zOeeSuvZkDorKADixEKNVC4X"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Mon, 10 Oct 2022 11:24:17 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a8fbd5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_netherlands.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 710 B
1 KB 46ms
43ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_netherlands.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

286ee399704cd53efeabbca51dfc8459fb9633265ae4e9e046610f7d61d087bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 173830
cf-polished: origFmt=png, origSize=892
content-disposition: inline; filename="flag_netherlands.webp"
content-length: 710
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0bxzx5T9eYJGYCe8yxVNisBl2wDrHEujUax2X922tV2s%2FTQkPBHMHMzsIMoeAGvQVGQv2l5E64etpyMmqdprrVnalKFatFe9LXyOH8%2BnQb3xHdma2gXBVpAT7C8mMO7f1fbK8VKZMvzJjAgi"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sat, 08 Oct 2022 17:41:35 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a8fdd5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_central%20african%20republic.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 1 KB
2 KB 230ms
227ms Image
image/png 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_central%20african%20republic.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5adf8e6dd0fb4a760d5c9d0de61f7bad107e009b30b99c2b846b08cb822c99c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MZI%2BydXawG%2FpcjkwoKATjP5RFisLIXzFEmmlPv8MuYUH6tMAfwAHF72Szt%2FEeBrJEXN8Gd3FUKB07AHi5zKQhJPS4xecUc%2FMybPP1E%2FgNYFHr0iDnTWY7pm7A9J%2FpzH3lp2p9o9KpIkM8uGw"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a8ffd5d9-CDG
vary: Accept-Encoding
content-length: 1180
expires: Mon, 10 Oct 2022 17:58:44 GMT

GET
H2 200 flag_europe.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 1 KB
2 KB 50ms
47ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_europe.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddbcd618422bf20ce1a95a0cad804d0fbb0c55488f83cacd16d1f79aaa6a0c6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10569
cf-polished: origFmt=png, origSize=1210
content-disposition: inline; filename="flag_europe.webp"
content-length: 1050
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7LOEku7%2Bt8AO8Yfm8KtD7ICl9UBVUl2Kj4WvwxbgRSmHUNKZeLU2%2By3dM%2FF8n5rd3sWkfaPub51RTNLJjzGtyMcd%2F%2BWGO1mmzRl1igDwzTao8D6CwYo%2BvyxqMIkY%2FA8Z%2FHdMwivW6GVKEei2"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Mon, 10 Oct 2022 15:02:35 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a900d5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 flag_martinique.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 1 KB
1 KB 50ms
48ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_martinique.png

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3a2e7f8a593c02e3a003abff713a64bd3d6f39434455a8eb57f8812c75459ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1462239
cf-polished: origFmt=png, origSize=1315
content-disposition: inline; filename="flag_martinique.webp"
content-length: 1088
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cd6iOu63zf8b%2BPnwO2Szcu1u26%2BTnANANJ%2Bz1W6%2Bs%2BQbZIMcnhRHKbpOkA1ZrU6Uvkz%2BPbjkLsZ7QVU90%2B2Qby5MrVOglz9xJHRy1Cg08wSm2C8POVGBRAhAfhk8hmgaFCGS5aHLOxKMuH9S"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Fri, 23 Sep 2022 19:48:05 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db6a901d5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H/1.1 200
OK rocket-loader.min.js Show response
www.widgeo.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ Frame 7416 12 KB
5 KB 23ms
21ms Script
application/javascript 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://www.widgeo.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com

Protocol

HTTP/1.1

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/geocompteur/geocompteur_html.php?id=2198744&c=geoall2&size=&nostats=&title=OFFRE%20PMU&ref=www.turfprox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 06 Sep 2022 17:30:56 GMT
Server: cloudflare
ETag: W/"631783d0-302c"
X-Frame-Options: DENY
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3nruJFfQW4xJoHExGr2Q3A%2BlpPjyYM4Z11k%2B0EgVUI2POmcpnMWhBEfM6VfAEKmlno31An%2BZhBiqslAtH4PnFs6LjVW5uwSR%2FE16pYE5DphUD%2BbuDTOHMIq9d1kMwDtKACI0E%2BkANY%2BwwgPi"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=172800, public
CF-RAY: 748a0db69f7899fa-CDG
Expires: Mon, 12 Sep 2022 17:58:45 GMT

GET
H2 200 rocket-loader.min.js Show response
www.widgeo.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ Frame 3025 12 KB
4 KB 22ms
21ms Script
application/javascript 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.widgeo.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.widgeo.net
URL: https://www.widgeo.net/hitparade.php?pagexiti=geoall2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.widgeo.net/hitparade.php?pagexiti=geoall2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 06 Sep 2022 17:30:56 GMT
server: cloudflare
etag: W/"631783d0-302c"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JzCQmLpz6TFG8HTYAsUqWXcvIWh8hXm4w5xDMBeQ3Mc%2FVhr5OGwTrC2vH%2FV8AxwjAmaKNcwSiIs4Mjz%2BrF26tlkchLjwmD7n8lku%2FTmTkg9aK9y5XGvsFmwxdyVMOiiA%2FkbA%2BbJfpzF618%2BZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 748a0db749f3d5d9-CDG
vary: Accept-Encoding
expires: Mon, 12 Sep 2022 17:58:45 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9D43 624 B
300 B 65ms
64ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCZw2EY16frwgEwAQ&v=APEucNWkNu6tvivZPRPdKHzQfKQa2sc0yvbyuT-q1MH82HwBMQqLqdcl2H7GgfvQNo9_ob9gmR0IRfT0odlFRIJY3wnFQ-lD9ZeUUuhIe4kvrnTH9QAXRRex2kBYb5JKgJo16waRPE-NLww01e7frtOLJssD1ZXdKY-ES99C4OQNYx5hc6b3Iao

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5203714787387788&output=html&h=90&slotname=4563536207&adk=2647235303&adf=3604715433&pi=t.ma~as.4563536207&w=970&psa=0&format=970x90&url=http%3A%2F%2Fwww.offrepmu.c4.fr%2F&ea=0&wgl=1&dt=1662832725216&bpp=5&bdt=455&idt=251&shv=r20220907&mjsv=m202209060101&ptt=9&saldr=aa&correlator=737976569746&frm=23&ife=1&pv=2&ga_vid=1669214694.1662832725&ga_sid=1662832725&ga_hid=145810130&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=20&ady=0&biw=1600&bih=1200&isw=1600&ish=90&ifk=2442246655&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761792%2C42531705%2C44770881%2C31062931&oid=2&pvsid=3789821193597021&tmod=1724509726&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=o%7Co%7CaeE%7C&abl=NA&pfx=0&fu=4&bc=23&ifi=1&uci=1.onqgnhgjswye&fsb=1&dtd=266

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5203714787387788&output=html&h=90&slotname=4563536207&adk=2647235303&adf=3604715433&pi=t.ma~as.4563536207&w=970&psa=0&format=970x90&url=http%3A%2F%2Fwww.offrepmu.c4.fr%2F&ea=0&wgl=1&dt=1662832725216&bpp=5&bdt=455&idt=251&shv=r20220907&mjsv=m202209060101&ptt=9&saldr=aa&correlator=737976569746&frm=23&ife=1&pv=2&ga_vid=1669214694.1662832725&ga_sid=1662832725&ga_hid=145810130&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=20&ady=0&biw=1600&bih=1200&isw=1600&ish=90&ifk=2442246655&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761792%2C42531705%2C44770881%2C31062931&oid=2&pvsid=3789821193597021&tmod=1724509726&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=o%7Co%7CaeE%7C&abl=NA&pfx=0&fu=4&bc=23&ifi=1&uci=1.onqgnhgjswye&fsb=1&dtd=266
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Sep 2022 17:58:45 GMT
expires: Sat, 10 Sep 2022 17:58:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4EDB 79 KB
33 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DWXRdjH2FP_IPPWCTP7jhAKsYjQ0y7iIzFGMfVDttguHq3ZpZ7ZV14UHrkyc9lEp7-BkKIfpzzRho-6vJpMCRsv36QFQ&cry=1&dbm_d=AKAmf-Cg-_H9rzoMeBRjS7YsKiLTcVhkk54Cq86ZEvzC9pYpgqAB0JxR14PtkHkZaaKE4wUIEhSYDs8JFWzADM39nskXOassmrQfzJ7OBjWAcgkJBeS5fuBRbRDfICOW-MDiAbP2i8KxLvpdFSYPoNVZxWgWF4CVD4ZJ_kqDBnkAu9xlZxsbOgsYMBaiTOFYnIpmkh8ghugNVUhWwvX9Ly_FrXFz2q4uvjSDoXdT156ZA-tOXqPsCiWvO3AAq6R0ma1al_FBoPekPq3su2UhfqUMUTdEz-tQ-OREvvcg7s37YPMSYAtC-vr2IfpUO7v9hD2DSbAy5h4R7YTetumlByqs-VZEBycyojQnwFJoMebN47J1VcuWzilNtuSUWZ2lmNdJdu-28n68sHrUyJairZCtsAolxcRvwWvADaQuuJVetb6n8sWLut0mVZbjst-zhUyWIIuuJ12B2zVzknIvTrMxC9GhFy6rCdXCO48t9KEtdwebKuutiE8btk2og1aAKcWTJYKHNVLCURlUo56R-9rSkx2WXNUBfOtxDXA5FpNypVBMqcuNg8WZ3c4c8PzR1zRP7KWmqIUhkSfPZiIy3ZGGT4c-MdTc0alhHHTHKnJVZ3iC6nvGcLSDW6CReypoCg9VlDgoCaloVnCeuG5dDOgKJpK0qEEzH-g5DGIfRa5QKE6cU91O2kO4j-PwDOse9i4J2L0ZdJQw99eadgDMd239RcrCh0VmCY4ae42inLVrYm9slu52B_xwWoaQ-w0SAT6t_P22sZ6BTXv14ifcjIVRSq-WfzPe5kwoYuGeBfbU4kAZn73Fb-ilkJ2SdcVC5ozGU0J-T-HihZw-pflZSkKKXOrv38G142GYoCBDDFqIQ8pwU9fztguKsACA4JUEUmOlsl1lcGPmsfJia_zcvIWrRNlcUKSZT4VAXmG4BuBPDOYearT8WmOp4l8z7g_krBU1X22d7itiylXLYsv0J6edHYZs9HUv0kTIipi5FdWIkdUkJYQ39xXAgcExFSOErLrZFCwmmqg1bPUAQUqSIiMzvjdJPbzzXMxIumBKccpPFcb_yqitnrabpBce_ObFtXpO7wP7zwHxZ-cxMgUqd8VLkvYiZf9cjy6Ap9EK5anWKJzmMOrF-SxouCJmcyzO3yy-_lCV-RjTYRNdJ_gU4xFxYgNJ7a7T1BvFIa-ENcncQasLRG0qSzWlhCx93WuDz3ss7YtPChZj0YuR2DFnfs4Bpa4bY1wL5Hac0mMk-jM4pmlGz6GUsRtw5b5uowl53AUN-XzdCMMD65EdR1_JXRwPC6FHzXm2lmGIWQpB5BbyBefg7PhgDGr5tbZUZb-y6RoSUjgNoo5WJPM6Kk3cuS439_7j3tWpWS97TFaQVfBnlpZ_uk933UvPMg-znBcUR5Q3o4jILkKdkTKIqJzvKvdMuVuIvCt6aBmqqlUC8_RPpXc5ZBNR5VTwK2K8z10x0TRc47oNcxrT-hjch9_Wr0pn9_p7G141y607Hng_2QJLfxYLrJn7YZsYcJu3TUKZUdrxUMF0ehxGBqfO-NAlonObJlvo5n4jLrScLpPxp81GyYcuv-OUZ4-ogwH_c1zzYkDE_E_HwZ4TprdBrrVf13i8DRJqEwDWvQUL8FLodZczAdxBf7fuTLd5oU-rBuaijr3qRrxYxc2Mugadg-RLNr7Nsf0zUEOMaRWbziLArjgJBG7OT357hc1VvBSLeNHnaqt4IvdJjPXZUC2nwOylVxSzaXOCd7_go8N9lyIvr4UoZZdpxSnxnyGmCFJdT0xf4f8-bjHSmzE07pffDPZI4lJ-ro8xU_TB7OTS8naRKc3Bp2Xu-NaR4NuwR889SZOKLfnSj9ZfYtso-GU-msmXYnW2apK0R-tR-LjQxLOlVGRvSXU4ZNsR4imZnoTBpTMvVYGuPSaNZp4KYxlvv-uzax8-jEIW0WqMW2VdAKKa0Hh9X4e9rbrc9R2WWBQlS1RtC4BegK4jnwhF_HkedFIg4AIFdEG4djgabITaHh8Dv2-WaHZO7pSLf7sDg_dWZnFkDsUVh97x1BnAZesg4lUaFvSMCnhHU84W0Jq4admkwPtvdMqwqR1aWAn-jvP3MPUtudUfXePcRk3jiIKHjzkhimF3rKMujPWaKizVgf7G7KTOeEM8J1MWTUdvORFpvlkq3riBCKxExz_B9WuXcP_Pcxni1fHFT6gZ7qgLK4mBg8035iU0Gk6ryutyyinFu3CS3GB5W7OR7HFXSrn8InXEgOlH0mmErATc5GolnNY62DFhD3Xo9Yb_b72MjXei8QGIH7XwMPmomC2Ml3LVUW7F06johYbAVRnpx-XXr_T7qsLat-nc63tQLnr9uDWz6anhdI9uKe3_wywkuzJJh_mgKdfeQqB-wtE0wpm1zW-6nrylAfNfyV4LU-grL8tUOpfsQxQbihdCHr1b8DCffFDWtI6Xt1U5VZijTETEpxQ66wPrsMZ_UqLOoRD1WNAl3nzRLA9jVCQjPD9cxRFbCFx8CWWkMbIMB7I7idGrDGSbSkHAJzOJuBHJ-FSCyvUo3N5AR-5H-FQQWcFnWj00dtJQJyOpUwHYDW9q95sv9bFG4nU0lhG9yyaJ_s1Bc_i13Sjqex8bg2Y7x5dWKroJmC1j27vHFSg3S5MtDBnSIDYJwN0GBfW9u1j_yegnoUfGyp0Rwung6ZWMu_DJ5KeayAFdzUx9VZeNG07TEXCjtT4nbXc3LBwa1HCpiY-Tpvg_hXMFW2Sa_1dM8ZkDTb_sF8hNhz5SLR27sO4KD6_VEqtARHz7SJUzEdDUQaGU4TLmYKJSM1e8TEhUWMk9b1LVkVw62jTNhqAkkdQTwjTQAZzE9nyeLP4FeBaAnCoDEVZRBP0hrpjvhxqjPagQgET78mid0KLoprfy0bMZdvHuEODzyjQqjYlhGTijjBl8E0p-31gICWt0be3rHtknSzdDYrdg2Xn4TYQ_q-qnR7dQ3i7KGX05zHXUzBJTh8DqOLFkmU24wYfBrQn6VLYq&cid=CAASBORoDr4&rfl=3%2Chttp%253A%252F%252Fwww.offrepmu.c4.fr%242%2Chttp%253A%252F%252Fwww.offrepmu.c4.fr%252F%240

Requested by

Host: www.offrepmu.c4.fr
URL: http://www.offrepmu.c4.fr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

671b08d69f045365c997a46f5d45b5c65c7888b8d017aa28643da52f6076030f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5203714787387788&output=html&h=90&slotname=4563536207&adk=2647235303&adf=3604715433&pi=t.ma~as.4563536207&w=970&psa=0&format=970x90&url=http%3A%2F%2Fwww.offrepmu.c4.fr%2F&ea=0&wgl=1&dt=1662832725216&bpp=5&bdt=455&idt=251&shv=r20220907&mjsv=m202209060101&ptt=9&saldr=aa&correlator=737976569746&frm=23&ife=1&pv=2&ga_vid=1669214694.1662832725&ga_sid=1662832725&ga_hid=145810130&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=20&ady=0&biw=1600&bih=1200&isw=1600&ish=90&ifk=2442246655&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761792%2C42531705%2C44770881%2C31062931&oid=2&pvsid=3789821193597021&tmod=1724509726&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=o%7Co%7CaeE%7C&abl=NA&pfx=0&fu=4&bc=23&ifi=1&uci=1.onqgnhgjswye&fsb=1&dtd=266
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Sep 2022 17:58:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34112
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame 4EDB 3 KB
1 KB 102ms
28ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:21:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Sep 2022 17:21:27 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4EDB 141 KB
44 KB 112ms
38ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50f77fa9d32c1323f7e50da8d807f556cdddaea2161de6cf84a0c8b4c1dd6f79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44740
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1662550240112033"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 10 Sep 2022 17:58:45 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame 4EDB 17 KB
8 KB 100ms
26ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e368951bc5918b3d9fbc8205bfdf0d8be8b79da09b457bb113307063f3b1bc89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:25:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2021
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7592
x-xss-protection: 0
server: cafe
etag: 7248493764890666469
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Sep 2022 17:25:04 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4EDB 42 B
63 B 113ms
60ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Ai8KRmaX0Y8wv6HqBLTRXO2C0pxZTTabffsqYAg1kwz_WCuFTDUsVaOF6ehhkGcVU-3jcvdU9hpieAEahzaW_rLnhLpSRVQk73MYZMw5lwCm_SKHw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 3025 206 KB
73 KB 104ms
45ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-RP7FMTL79Y

Requested by

Host: www.widgeo.net
URL: https://www.widgeo.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

95551356617eca3ffb049bb12551d6a95995809bcbfaf974f1b89f0e43bc1f7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 74152
x-xss-protection: 0
expires: Sat, 10 Sep 2022 17:58:45 GMT

GET
H2

200

hit.xiti
logv33.xiti.com/ Frame 3025
Redirect Chain

https://logv33.xiti.com/hit.xiti?s=281802&p=geoall2&hl=17x58x45&r=1600x1200x24x24&ref=http://www.turfprox.com/
https://logv33.xiti.com/hit.xiti?s=281802&p=geoall2&hl=17x58x45&r=1600x1200x24x24&ref=http://www.turfprox.com/&Rdt=On

373 B
644 B

28ms
27ms

Image
image/gif

65.9.68.209
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logv33.xiti.com/hit.xiti?s=281802&p=geoall2&hl=17x58x45&r=1600x1200x24x24&ref=http://www.turfprox.com/&Rdt=On

Requested by

Host: www.turfprox.com
URL: http://www.turfprox.com/turf/offrepmu/

Protocol

Server

65.9.68.209 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-68-209.fra56.r.cloudfront.net

Software

Resource Hash

86fd3be02ab9497ebb14a884fb226386cd0db257b234b005f0000326ae8c9081

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
strict-transport-security: max-age=15768000
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: no-store
content-length: 373
x-amz-cf-id: KboU6rG66CopcG51n2cZe2P14sNUhT7vxeYAhEFSKxiRV895LtdWMw==

Redirect headers

date: Sat, 10 Sep 2022 17:58:45 GMT
via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
strict-transport-security: max-age=15768000
x-cache: Miss from cloudfront
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: /hit.xiti?s=281802&p=geoall2&hl=17x58x45&r=1600x1200x24x24&ref=http://www.turfprox.com/&Rdt=On
cache-control: no-store
content-type: text/html; charset=utf-8
content-length: 137
x-amz-cf-id: yRRV3MFmqHZEPJo9CCDmweHv8UMJtc402twVaqsxt_xUpz4qOxMIiw==

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 9D43
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15

43 B
878 B

78ms
48ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCZw2EY16frwgEwAQ&v=APEucNWkNu6tvivZPRPdKHzQfKQa2sc0yvbyuT-q1MH82HwBMQqLqdcl2H7GgfvQNo9_ob9gmR0IRfT0odlFRIJY3wnFQ-lD9ZeUUuhIe4kvrnTH9QAXRRex2kBYb5JKgJo16waRPE-NLww01e7frtOLJssD1ZXdKY-ES99C4OQNYx5hc6b3Iao
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray: 748a0db8f9fcd34b-CDG
pragma: no-cache
date: Sat, 10 Sep 2022 17:58:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xyhWW%2B2dQFTdpo3V%2FeK26NNPDD3WKxZzBRFEXHx00rVjjD8QTKdqbJl3SuxlrncdZArNyWr1i9NECduBWxTnyBL8kZ7lvo57TtRlorkeV7pczyVEEWMkLi0p5YQvxzYLGe8UqwKFBsieJA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 10 Sep 2022 17:58:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 9D43
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YxzQVeKkCqfkQBf-N57zCAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15

43 B
846 B

121ms
121ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCZw2EY16frwgEwAQ&v=APEucNWkNu6tvivZPRPdKHzQfKQa2sc0yvbyuT-q1MH82HwBMQqLqdcl2H7GgfvQNo9_ob9gmR0IRfT0odlFRIJY3wnFQ-lD9ZeUUuhIe4kvrnTH9QAXRRex2kBYb5JKgJo16waRPE-NLww01e7frtOLJssD1ZXdKY-ES99C4OQNYx5hc6b3Iao
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray: 748a0db9ebacd34b-CDG
pragma: no-cache
date: Sat, 10 Sep 2022 17:58:46 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PyqfKaP1xBMu36gwURX9c11oZVRZPmdeCYZrZpkKDJOwZOM1VcpYO1MnbMoFIIb%2F1ZCS%2F%2Fzwshi8tUG32j1fP07UMGbXOQ8Ow%2FZFedlLCbGKVOXTOx8OrsImrM4YVFDEUzDI2V9110KWxg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 10 Sep 2022 17:58:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 9D43 170 B
502 B 108ms
36ms Image
image/png 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCZw2EY16frwgEwAQ&v=APEucNWkNu6tvivZPRPdKHzQfKQa2sc0yvbyuT-q1MH82HwBMQqLqdcl2H7GgfvQNo9_ob9gmR0IRfT0odlFRIJY3wnFQ-lD9ZeUUuhIe4kvrnTH9QAXRRex2kBYb5JKgJo16waRPE-NLww01e7frtOLJssD1ZXdKY-ES99C4OQNYx5hc6b3Iao

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Sep 2022 17:58:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9D43
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODYxNTYyNjA4NzM3MzkwNjM2Ng%3D%3D

170 B
188 B

91ms
37ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODYxNTYyNjA4NzM3MzkwNjM2Ng%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Sep 2022 17:58:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 10 Sep 2022 17:58:45 GMT
X-Proxy-Origin: 178.33.144.179; 178.33.144.179; 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 96bd19fb-3e50-470e-b7b3-80a836981846
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODYxNTYyNjA4NzM3MzkwNjM2Ng%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 4EDB 106 KB
38 KB 119ms
27ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: www.offrepmu.c4.fr
URL: http://www.offrepmu.c4.fr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 15:22:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9378
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Sep 2022 15:22:27 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220907/r20110914/elements/html/ Frame 4EDB 8 KB
3 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220907/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DWXRdjH2FP_IPPWCTP7jhAKsYjQ0y7iIzFGMfVDttguHq3ZpZ7ZV14UHrkyc9lEp7-BkKIfpzzRho-6vJpMCRsv36QFQ&cry=1&dbm_d=AKAmf-Cg-_H9rzoMeBRjS7YsKiLTcVhkk54Cq86ZEvzC9pYpgqAB0JxR14PtkHkZaaKE4wUIEhSYDs8JFWzADM39nskXOassmrQfzJ7OBjWAcgkJBeS5fuBRbRDfICOW-MDiAbP2i8KxLvpdFSYPoNVZxWgWF4CVD4ZJ_kqDBnkAu9xlZxsbOgsYMBaiTOFYnIpmkh8ghugNVUhWwvX9Ly_FrXFz2q4uvjSDoXdT156ZA-tOXqPsCiWvO3AAq6R0ma1al_FBoPekPq3su2UhfqUMUTdEz-tQ-OREvvcg7s37YPMSYAtC-vr2IfpUO7v9hD2DSbAy5h4R7YTetumlByqs-VZEBycyojQnwFJoMebN47J1VcuWzilNtuSUWZ2lmNdJdu-28n68sHrUyJairZCtsAolxcRvwWvADaQuuJVetb6n8sWLut0mVZbjst-zhUyWIIuuJ12B2zVzknIvTrMxC9GhFy6rCdXCO48t9KEtdwebKuutiE8btk2og1aAKcWTJYKHNVLCURlUo56R-9rSkx2WXNUBfOtxDXA5FpNypVBMqcuNg8WZ3c4c8PzR1zRP7KWmqIUhkSfPZiIy3ZGGT4c-MdTc0alhHHTHKnJVZ3iC6nvGcLSDW6CReypoCg9VlDgoCaloVnCeuG5dDOgKJpK0qEEzH-g5DGIfRa5QKE6cU91O2kO4j-PwDOse9i4J2L0ZdJQw99eadgDMd239RcrCh0VmCY4ae42inLVrYm9slu52B_xwWoaQ-w0SAT6t_P22sZ6BTXv14ifcjIVRSq-WfzPe5kwoYuGeBfbU4kAZn73Fb-ilkJ2SdcVC5ozGU0J-T-HihZw-pflZSkKKXOrv38G142GYoCBDDFqIQ8pwU9fztguKsACA4JUEUmOlsl1lcGPmsfJia_zcvIWrRNlcUKSZT4VAXmG4BuBPDOYearT8WmOp4l8z7g_krBU1X22d7itiylXLYsv0J6edHYZs9HUv0kTIipi5FdWIkdUkJYQ39xXAgcExFSOErLrZFCwmmqg1bPUAQUqSIiMzvjdJPbzzXMxIumBKccpPFcb_yqitnrabpBce_ObFtXpO7wP7zwHxZ-cxMgUqd8VLkvYiZf9cjy6Ap9EK5anWKJzmMOrF-SxouCJmcyzO3yy-_lCV-RjTYRNdJ_gU4xFxYgNJ7a7T1BvFIa-ENcncQasLRG0qSzWlhCx93WuDz3ss7YtPChZj0YuR2DFnfs4Bpa4bY1wL5Hac0mMk-jM4pmlGz6GUsRtw5b5uowl53AUN-XzdCMMD65EdR1_JXRwPC6FHzXm2lmGIWQpB5BbyBefg7PhgDGr5tbZUZb-y6RoSUjgNoo5WJPM6Kk3cuS439_7j3tWpWS97TFaQVfBnlpZ_uk933UvPMg-znBcUR5Q3o4jILkKdkTKIqJzvKvdMuVuIvCt6aBmqqlUC8_RPpXc5ZBNR5VTwK2K8z10x0TRc47oNcxrT-hjch9_Wr0pn9_p7G141y607Hng_2QJLfxYLrJn7YZsYcJu3TUKZUdrxUMF0ehxGBqfO-NAlonObJlvo5n4jLrScLpPxp81GyYcuv-OUZ4-ogwH_c1zzYkDE_E_HwZ4TprdBrrVf13i8DRJqEwDWvQUL8FLodZczAdxBf7fuTLd5oU-rBuaijr3qRrxYxc2Mugadg-RLNr7Nsf0zUEOMaRWbziLArjgJBG7OT357hc1VvBSLeNHnaqt4IvdJjPXZUC2nwOylVxSzaXOCd7_go8N9lyIvr4UoZZdpxSnxnyGmCFJdT0xf4f8-bjHSmzE07pffDPZI4lJ-ro8xU_TB7OTS8naRKc3Bp2Xu-NaR4NuwR889SZOKLfnSj9ZfYtso-GU-msmXYnW2apK0R-tR-LjQxLOlVGRvSXU4ZNsR4imZnoTBpTMvVYGuPSaNZp4KYxlvv-uzax8-jEIW0WqMW2VdAKKa0Hh9X4e9rbrc9R2WWBQlS1RtC4BegK4jnwhF_HkedFIg4AIFdEG4djgabITaHh8Dv2-WaHZO7pSLf7sDg_dWZnFkDsUVh97x1BnAZesg4lUaFvSMCnhHU84W0Jq4admkwPtvdMqwqR1aWAn-jvP3MPUtudUfXePcRk3jiIKHjzkhimF3rKMujPWaKizVgf7G7KTOeEM8J1MWTUdvORFpvlkq3riBCKxExz_B9WuXcP_Pcxni1fHFT6gZ7qgLK4mBg8035iU0Gk6ryutyyinFu3CS3GB5W7OR7HFXSrn8InXEgOlH0mmErATc5GolnNY62DFhD3Xo9Yb_b72MjXei8QGIH7XwMPmomC2Ml3LVUW7F06johYbAVRnpx-XXr_T7qsLat-nc63tQLnr9uDWz6anhdI9uKe3_wywkuzJJh_mgKdfeQqB-wtE0wpm1zW-6nrylAfNfyV4LU-grL8tUOpfsQxQbihdCHr1b8DCffFDWtI6Xt1U5VZijTETEpxQ66wPrsMZ_UqLOoRD1WNAl3nzRLA9jVCQjPD9cxRFbCFx8CWWkMbIMB7I7idGrDGSbSkHAJzOJuBHJ-FSCyvUo3N5AR-5H-FQQWcFnWj00dtJQJyOpUwHYDW9q95sv9bFG4nU0lhG9yyaJ_s1Bc_i13Sjqex8bg2Y7x5dWKroJmC1j27vHFSg3S5MtDBnSIDYJwN0GBfW9u1j_yegnoUfGyp0Rwung6ZWMu_DJ5KeayAFdzUx9VZeNG07TEXCjtT4nbXc3LBwa1HCpiY-Tpvg_hXMFW2Sa_1dM8ZkDTb_sF8hNhz5SLR27sO4KD6_VEqtARHz7SJUzEdDUQaGU4TLmYKJSM1e8TEhUWMk9b1LVkVw62jTNhqAkkdQTwjTQAZzE9nyeLP4FeBaAnCoDEVZRBP0hrpjvhxqjPagQgET78mid0KLoprfy0bMZdvHuEODzyjQqjYlhGTijjBl8E0p-31gICWt0be3rHtknSzdDYrdg2Xn4TYQ_q-qnR7dQ3i7KGX05zHXUzBJTh8DqOLFkmU24wYfBrQn6VLYq&cid=CAASBORoDr4&rfl=3%2Chttp%253A%252F%252Fwww.offrepmu.c4.fr%242%2Chttp%253A%252F%252Fwww.offrepmu.c4.fr%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:49:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 545
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3181
x-xss-protection: 0
server: cafe
etag: 10699485926258732851
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Sep 2022 17:49:40 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220907/r20110914/ Frame 4EDB 30 KB
12 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220907/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

efa230a3973395419cb2746d720c89db14d28401636f48514642360656c172ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:55:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 182
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11782
x-xss-protection: 0
server: cafe
etag: 11425859616848618248
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Sep 2022 17:55:43 GMT

GET
H2 200 geowidget_js.js Show response
www.widgeo.net/geocompteur/ Frame 7416 916 B
964 B 29ms
28ms Script
application/javascript 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.widgeo.net/geocompteur/geowidget_js.js

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec482ce87b4f7f6f06450ba94fdbf5ad7062e8d2af9172607a645e5199cfcfeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 375930
cf-polished: origSize=2217
cf-bgj: minify
last-modified: Thu, 13 Feb 2020 12:35:42 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FQDUnpKiR51rmI5vXudyRUbSPQUxORCLlfeNI%2B4FC0FqisZvUN%2BuPLyyRhb0RsXzxYGXKnBN3lSmlCHpsjHpIqztLxgeX5OSqLaR6M18AmD34BxpGPVcD2dsQjyWkwyhXA0OYWPCVGCknnR6"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 748a0db7eb4cd5d9-CDG
expires: Tue, 13 Sep 2022 09:33:14 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.4.2/ Frame 7416 70 KB
25 KB 41ms
26ms Script
text/javascript 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Requested by

Host: www.widgeo.net
URL: http://www.widgeo.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Fri, 09 Sep 2022 05:53:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 129897
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24715
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Sep 2023 05:53:48 GMT

GET
H2 200 earth_red.png
www.widgeo.net/geocompteur/img/tmp/ Frame 7416 3 KB
3 KB 28ms
27ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/img/tmp/earth_red.png

Requested by

Host: www.widgeo.net
URL: https://www.widgeo.net/geocompteur/css/geo_css.php?c=geoall2&size=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e994d6dfb98c97b89266605ccb40fade20b65078c94749428fd2d2485725a602

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.widgeo.net/geocompteur/css/geo_css.php?c=geoall2&size=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2188482
cf-polished: origFmt=png, origSize=3362
content-disposition: inline; filename="earth_red.webp"
content-length: 2616
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xq0FtW2zZwvrSvO%2BEvinO4LuWiTwlATRWiuSjDx%2BT9qHeyJ6i9iqTafa6uApVSaW82mQpvd2yMnuPrMt3rXr23cth6HXOYvvt6Px%2F8a%2B%2BtewjqBcScN%2BzrCokdPIDbYYEMgas1VR6riXbcGn"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Thu, 15 Sep 2022 10:04:02 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db7eb4ed5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 geoall2.png
www.widgeo.net/geocompteur/img/tmp/ Frame 7416 772 B
1 KB 27ms
27ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/img/tmp/geoall2.png

Requested by

Host: www.widgeo.net
URL: https://www.widgeo.net/geocompteur/css/geo_css.php?c=geoall2&size=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c3762b6ce9b046a83662f848b5d40874144e875d40856ef66562e1f83c761d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.widgeo.net/geocompteur/css/geo_css.php?c=geoall2&size=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 145874
cf-polished: origFmt=png, origSize=2007
content-disposition: inline; filename="geoall2.webp"
content-length: 772
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A092rfy03A5e4zjxorhIfExvGhSB2YFiSG8YOYauuzAeolx77QcQacGrxPEitxTKYCdgZ%2BRT8EKSgsF9h6Y%2FR7UCQb48kFYQb7Aq7vwKK7XbS%2BWOT8jkKkjN3MmFMgEUtZV2%2FbM7QDfu9mNK"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sun, 09 Oct 2022 01:27:30 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db7eb51d5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ Frame 7416 44 KB
44 KB 87ms
26ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://www.widgeo.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 05 Sep 2022 18:50:24 GMT
x-content-type-options: nosniff
age: 428901
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Sep 2023 18:50:24 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 4EDB 41 KB
15 KB 85ms
29ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Fri, 09 Sep 2022 07:50:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 122868
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Sep 2023 07:50:57 GMT

GET
DATA 200
OK truncated
/ Frame 4EDB 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e675e54ab622c53a7994be2f0943e37670fbc7aa12b1687a51f0d6b1cdeb78ed

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 flag_niger.png
www.widgeo.net/geocompteur/shadow/ Frame 7416 798 B
1 KB 27ms
27ms Image
image/webp 2606:4700:20::681a:a16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.widgeo.net/geocompteur/shadow/flag_niger.png

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51268488626794c0bf2f103c43013b30e89c39a3746a9c4fc14c0ee73d8ae84c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.widgeo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 23667
cf-polished: origFmt=png, origSize=1002
content-disposition: inline; filename="flag_niger.webp"
content-length: 798
last-modified: Thu, 20 Jun 2019 15:14:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=olWljCDzL%2BiALlXGjJziEhr%2FSvAsoi3HZaNdi%2FZ7f%2BalbtbBeZ6gSa6R9OW52PU%2F1YhJHML0dLhYOKMq3dGWJoJGdImPlzZlULVHL63UsEHFhwp9r0gzV4iugZzgMHmKpp2b1S2enwV6yRwn"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Mon, 10 Oct 2022 11:24:17 GMT
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 748a0db92e03d5d9-CDG
cf-bgj: imgq:100,h2pri

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C6F7 22 KB
8 KB 26ms
26ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 122868
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 09 Sep 2022 07:50:57 GMT
expires: Sat, 09 Sep 2023 07:50:57 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/10196239086468997911/ Frame 6CB1 89 KB
21 KB 80ms
26ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10196239086468997911/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d74d225ed3a1ba493176f184c57877252a54ed81fc6031d6908ef70a11d4670

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 193373
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 21272
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 08 Sep 2022 12:15:53 GMT
expires: Fri, 08 Sep 2023 12:15:53 GMT
last-modified: Fri, 18 Feb 2022 17:46:32 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4EDB 0
437 B 113ms
86ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsut7zSGaIv1fgtd-HFh4EhvbZP0bYwzN9nkUjJtVYDqvLhGmUNsoFpzZjYDlGNj00ovl2LTvLMeVPsdCf3oVp2hQqi_3GkmR14QllMuhiKbcJuAEUTFkUdD8-Duy2-27ndFNKpuz0HUW1dgNpRp0M3ajUhVVpRU2VrgWhTyj8ForZ8WK2aF1W6k7bWoWjDh8kxnjUtrbMXO9JBRPyRX8DYqV2yIe3bSZJCUHyPOwUGdmRGYyf0X8n46JXHhkx5ap_cFKcoOQDDoyidF6bFbG2gBztFfJbCWYwT0gPmaBTAz09mvgoGTi0qUFZobXdMSRUf2lABRAGZVVZFt7mbTx0jBREnOHcteOmUYMSc70cXAuk1fRA4po6SwA0U_ylkmfvs9wfVW4YZeDWpH8IiQKdu83OQhsJfeeoBFne2yfUtScKL5cbGZVgLViJbMHQ8UGL1QlyDiFkVtfzAOBBBaEbkG4zLDB7XozdLFgMyL3sJDJjWhPEKgLDxVqrNBPa3A-_Inuj-4e0nUKbfYvW-okLJsloYbN7qZLuQj2cOUIF8B-A40JHe3kBq_lSllX_pkX255KO8anBq_GqEmIZqoKY40rrzqeL1TKct7Dc-ha_Mw0L_1SG1rF_VUHm9vbnnoPUyuqS_cSX6_8zY4MWMFz4iUC_-sit2Gt6gD-GRlXB7bjgTNHOL922Sd1DljTt1arP-goofcHCy9icLBnlBrGezDEazpSqFPdFjeUOwa8uOBsmoyXhH8N1sjs6hFCFqgwlGshlgNZ6nSRjenVesQSPkA1RgyAJIx29dvCXrruf4XOl87pK8V9kTJfODFE1dDpGH1wShRaxsknOoHENfrg0vnFYKujHYqFmgxETZRLbHAw4funKnWqHZCQHsUo7N4ZKqDTViJuzeQUjsONwM_RFDoUb8kfh4Q2B5NFDVnPxxtL8iwq_tX84zyb7Y-Zy-VI7EqFiGaDxHCGksON3FAAn4IaVVIlaTD7i_yHTz73FxPOxCrdVcIZOfPnM5eUHav3kCMc6vg38jE8Qvc3symWD_zHQps7_CqraIeutckHWz0gWrwzA2AQyroQ145Sqpbam_NFS0hXCKM7-ZrjUiius1alxBdTwiWevEvH49ggE2Ns0VHqy8U6WcIycsOIHshz4PXcuhXgeawvOLZ5_uFyodJyzOQ0buSQ5phBeNOuTtSI-LXdAqqBRu-mjW6zElFywQE1caC_qurKy-uyhgRjOHtf-Yu5TmLeUxoPf3oeumG_VIfoJCbNrr4&sai=AMfl-YSbtXPpMI0-yUnII_Y5HPgfj5mur5-lmD9uYtMwbN61EzkoEkdKyh2w287ErGjLHXILJghxZtvN0ZC7f6DQvvfzyEBN0FZlcVaNZj7g5Xmv_aFM04y-BNxORuRFP9QtOa1TRmPpfIY802CDyrNW7pRWpbg&sig=Cg0ArKJSzGO7mN74xfnnEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=223&cbvp=1&cstd=220&cisv=r20220907.43658&adurl=

Requested by

Host: www.offrepmu.c4.fr
URL: http://www.offrepmu.c4.fr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Sat, 10 Sep 2022 17:58:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 CgETvhyXIYksjpVuZOiCWYZFr3TNicAtz6hsjYVMHCQ.js Show response
pagead2.googlesyndication.com/bg/ Frame C6F7 36 KB
15 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CgETvhyXIYksjpVuZOiCWYZFr3TNicAtz6hsjYVMHCQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a0113be1c9721892c8e956e64e882598645af74cd89c02dcfa86c8d854c1c24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 11:52:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21986
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15836
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Sep 2023 11:52:19 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 6CB1 8 KB
752 B 89ms
35ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:500,700,regular,700italic

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10196239086468997911/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c233ce3b2c93066a4fe602720eaee31dba0c23d5b832e7aac994f71d04697325

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 10 Sep 2022 17:58:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 10 Sep 2022 17:58:46 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 10 Sep 2022 17:58:46 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 6CB1 29 KB
10 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10196239086468997911/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10196239086468997911/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Fri, 09 Sep 2022 21:22:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74154
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 10 Sep 2022 21:22:52 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 6CB1 15 KB
16 KB 86ms
26ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:500,700,regular,700italic

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 05 Sep 2022 16:44:52 GMT
x-content-type-options: nosniff
age: 436434
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Sep 2023 16:44:52 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 6CB1 15 KB
15 KB 90ms
30ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:500,700,regular,700italic

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Fri, 09 Sep 2022 13:27:29 GMT
x-content-type-options: nosniff
age: 102677
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Sep 2023 13:27:29 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 6CB1 16 KB
16 KB 103ms
43ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:500,700,regular,700italic

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 05 Sep 2022 12:56:05 GMT
x-content-type-options: nosniff
age: 450161
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Sep 2023 12:56:05 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C6F7 0
20 B 66ms
65ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BfcoOVdAcY4agKZOigQergKIwAAAAADgB4AQC&bg=!4eKl4qbNAAZTikH4c4o7ACkAdvg8WsXTxucuGL4UrgAmi7BVJwds6kZKvquEX4J8Hf9B7VYTT-vRPAIAAACHUgAAAAJoAQeZA2QUV6yYn8cC1tAiaLsLEooJaxpAggQUgmsOXEkapktzw8zADoPysWnDlbtdB4LE410nXuAJrFNV-ZfddCKRjHais7AqTH2ABUyORwD8EB5CrTXPLAiAQkiyjmh43-qeuo3KnkaQkfatz2ciSs2-OHDljpsnUBdcUXCTWZnyAoWsrxscems8x09r1zs_IHMhQXQj0_zX8jPHC7Yw3Y87ztXCy0YdPc-NGQdhxvf9lqH5iNGVaJjthGVYBtzoGgo8kX1TXOvdRBv0vgrFM0gdSLr2EQy_1-QyYsQw7-GgOYyjNxyv7lgwNwy5QtvMva6OBsTLApM1yUGQFfkWyRugGPURqpAqICwQ0lVikL3QCXPasvSCzEX_i0PjvaxXfp94ZG6nk1IChyAwngVb3FPGQWUfOkBtKa53PMBNgLv3WPNDYAZvofuEnjK5Ol9pORkaxbBtXOgB9XJ5FfVGnK-_im4OETmxcj4du__blOuKsF-K01WLDxMPaAY-3kvxtBSIbDKhRMDfJCtEghDx0fC0F9lMsl5YKWVuwNZ9bbV6AoRlDSoRgCCXDQ5o5uK27lvE3IAsfAU6r59oWeE1BEeKgBYoL0mabngPSUDlFqYb3O47UEFN04Phv6lmckNhJGfz4FF0p1kWM2pxB1UEth6VRZkLJhOjno-qTgJ7mJnmyKjvgM2qGRC9s7y9lqMTyyJGyD_LihSOgRRwPPuhkpvXJtTq33NvLYOLCebSkeGCrrkwcWGbaAJ0FEWfqtBeVpgDgqVjz0qDK9Cwpq72sqX9tOthlM9nfM66AAZ08So9bpPxnCzvWjbovDCb6g2POh9UUqYNJxkAu5hCTzeW7-7ODhk24dNBBd8Esm3iqFxhUt0r6KXcMRAI9iNP1mEmXPw3A7Ebbs9EHIEa_JUgAPyEqhx5-50dnVfmFxBnoYIWqcqdn9KuxNVmzx_EWXL4DZ8m_0-QaPIAtOxWZgQUJlim7hRwBtUZF020W9nZQfMLX5QoIJa3qKTl4iNyYdJP4_MIeAdVT79A2-HHVx4QBnbAXwDFo0ZSCZOjYVsW_JLljlj8xbkulL5q4GlKS488dtRo4G4KVTH_IXBDdwEJt029_kH7RqamrE88Ey310FSJZ1GmX9kxYevatjel79gp2-C7Qp3Qtbn_

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Sep 2022 17:58:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 BitdefenderLogo_white-_2_.png
s0.2mdn.net/sadbundle/10196239086468997911/ Frame 6CB1 28 KB
28 KB 30ms
29ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10196239086468997911/BitdefenderLogo_white-_2_.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10196239086468997911/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09390420931de1a5876504eb4ebc8af93bd0464e7837af05c971b8afd33f6dbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10196239086468997911/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:06:27 GMT
x-content-type-options: nosniff
age: 190339
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28426
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 17:46:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 13:06:27 GMT

GET
H3 200 DIP-728x90.jpg
s0.2mdn.net/sadbundle/10196239086468997911/ Frame 6CB1 4 KB
4 KB 28ms
27ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10196239086468997911/DIP-728x90.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10196239086468997911/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e2febd816ca74d843f100c2e7417cef8430cef84f5817d2ac1e5963d62eaff4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10196239086468997911/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 09:34:03 GMT
x-content-type-options: nosniff
age: 375883
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3967
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 17:46:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 09:34:03 GMT

GET
H/1.1 200
OK jBox.all.min.css
payment.allopass.com/static/css/jBox/ Frame EDDA 16 KB
4 KB 64ms
22ms Stylesheet
text/css 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.allopass.com/static/css/jBox/jBox.all.min.css
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: 16393c3e769e20445f7f78adf6a188dae9d932249842c1033dc2144bac1296ac

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:46 GMT
Content-Encoding: gzip
Last-Modified: Tue, 16 Nov 2021 13:36:55 GMT
Server: Apache
ETag: "40fd0-40d7-5d0e804cbabc0"
Vary: Accept-Encoding
Content-Type: text/css
Connection: close
Accept-Ranges: bytes
Content-Length: 3631

GET
H/1.1 200
OK base.css
payment.allopass.com/static/css/ Frame EDDA 81 KB
15 KB 70ms
27ms Stylesheet
text/css 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.allopass.com/static/css/base.css?68
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: adfe383e215844ddafe2b7149d13c92118cc519a174bf6035494bab363034f4c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:46 GMT
Content-Encoding: gzip
Last-Modified: Fri, 26 Nov 2021 09:46:13 GMT
Server: Apache
ETag: "218e6-143f2-5d1adf6294340"
Vary: Accept-Encoding
Content-Type: text/css
Connection: close
Accept-Ranges: bytes
Content-Length: 14716

GET
H/1.1 200
OK carousel.css
payment.allopass.com/static/css/ Frame EDDA 21 KB
3 KB 65ms
23ms Stylesheet
text/css 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.allopass.com/static/css/carousel.css?68
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: 1decf61f3465e4585a9a8cd868c343796bb6f43dfd1f03fa0b361dab97b4627c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:46 GMT
Content-Encoding: gzip
Last-Modified: Tue, 16 Nov 2021 13:36:55 GMT
Server: Apache
ETag: "216eb-54eb-5d0e804cbabc0"
Vary: Accept-Encoding
Content-Type: text/css
Connection: close
Accept-Ranges: bytes
Content-Length: 2387

GET
H/1.1 200
OK jquery-1.3.2.min.js Show response
payment.allopass.com/static/js/ext/ Frame EDDA 56 KB
20 KB 67ms
25ms Script
application/javascript 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.allopass.com/static/js/ext/jquery-1.3.2.min.js
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: c8370a2d050359e9d505acc411e6f457a49b21360a21e6cbc9229bad3a767899

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:46 GMT
Content-Encoding: gzip
Last-Modified: Tue, 16 Nov 2021 13:36:55 GMT
Server: Apache
ETag: "4106c-dfa6-5d0e804cbabc0"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 19740

GET
H/1.1 200
OK jquery-1.11.3.min.js Show response
payment.allopass.com/static/js/ext/ Frame EDDA 94 KB
33 KB 70ms
28ms Script
application/javascript 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.allopass.com/static/js/ext/jquery-1.11.3.min.js
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:46 GMT
Content-Encoding: gzip
Last-Modified: Tue, 16 Nov 2021 13:36:55 GMT
Server: Apache
ETag: "21807-176d5-5d0e804cbabc0"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 33279

GET
H/1.1 200
OK general.js Show response
payment.allopass.com/onetime/scripts/ Frame EDDA 4 KB
2 KB 65ms
23ms Script
application/javascript 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.allopass.com/onetime/scripts/general.js?04
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: c1893b3f02db32e36ee562842bc299d27c047656416c204667abf42f04777d2a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:46 GMT
Content-Encoding: gzip
Last-Modified: Tue, 16 Nov 2021 13:36:55 GMT
Server: Apache
ETag: "23081-f37-5d0e804cbabc0"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 1593

GET
H/1.1 200
OK jBox.all.min.js Show response
payment.allopass.com/static/js/ext/ Frame EDDA 51 KB
13 KB 149ms
23ms Script
application/javascript 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.allopass.com/static/js/ext/jBox.all.min.js
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: d176bb09818fe74dc0e1d369c411c2e3ca68bbf64a8eb76b43ec306520229833

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:46 GMT
Content-Encoding: gzip
Last-Modified: Tue, 16 Nov 2021 13:36:55 GMT
Server: Apache
ETag: "4106a-cb59-5d0e804cbabc0"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 12605

GET
H2 200 top.js Show response
gmu-apps.com/js/ Frame EDDA 54 KB
6 KB 562ms
166ms Script
application/javascript 54.219.10.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gmu-apps.com/js/top.js
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.219.10.208 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-10-208.us-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: cdca24fd19906ad7adbf066e55d3ee87750c3901e9b5d1beb538408274d32109

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Sep 2022 17:58:46 GMT
content-encoding: gzip
last-modified: Fri, 02 Apr 2021 20:31:35 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
content-length: 5772
expires: Sun, 8 Mar 1981 10:00:00 GMT

GET
H/1.1 200
OK fr.png
payment.allopass.com/icons/flags/24x24/ Frame EDDA 536 B
774 B 60ms
20ms Image
image/png 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.allopass.com/icons/flags/24x24/fr.png
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: 54df4beda3ad05d5c621511ff15b2882588ff457e36132035d5f21fb29f2a750

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:46 GMT
Last-Modified: Tue, 26 Nov 2019 14:39:45 GMT
Server: Apache
ETag: "42c49-218-59840d9ebee40"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 536

GET
H/1.1 200
OK check-codes.js Show response
payment.allopass.com/static/js/ Frame EDDA 2 KB
1 KB 65ms
26ms Script
application/javascript 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.allopass.com/static/js/check-codes.js?01
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: 97a9de3830f4bd7bcb7cf4805dbdcf1f4c6e843fcd4a814c6a5d7bc2b11fee1a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:46 GMT
Content-Encoding: gzip
Last-Modified: Fri, 29 Jul 2022 07:06:45 GMT
Server: Apache
ETag: "420de-9d7-5e4ec4afc0b40"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 795

GET
H/1.1 200
OK fingerprint2.min.js Show response
payment.allopass.com/static/js/ext/ Frame EDDA 33 KB
10 KB 61ms
23ms Script
application/javascript 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.allopass.com/static/js/ext/fingerprint2.min.js
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: faf063f091dd745b82f9aeb12544a10ef3ee5989078c1a90d377d863fff884c7

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:46 GMT
Content-Encoding: gzip
Last-Modified: Tue, 16 Nov 2021 13:36:55 GMT
Server: Apache
ETag: "21805-8432-5d0e804cbabc0"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 10209

GET
H/1.1 200
OK arrow-down.png
payment.allopass.com/static/css/images/ Frame EDDA 315 B
553 B 60ms
20ms Image
image/png 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.allopass.com/static/css/images/arrow-down.png
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: c0a130d7b90ac605b17acd40337aa673f2f6b1779801ba8ea7d894d38b87ba36

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:46 GMT
Last-Modified: Tue, 16 Nov 2021 13:36:55 GMT
Server: Apache
ETag: "21735-13b-5d0e804cbabc0"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 315

GET
H/1.1 200
OK carousel.js Show response
payment.allopass.com/static/js/ Frame EDDA 7 KB
2 KB 59ms
21ms Script
application/javascript 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.allopass.com/static/js/carousel.js?5
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: 8db08a66fc20669ae93e6d8e919f56a863ce77d3e1ea0bb97efc4c35da450435

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:46 GMT
Content-Encoding: gzip
Last-Modified: Tue, 16 Nov 2021 13:36:55 GMT
Server: Apache
ETag: "41065-1b55-5d0e804cbabc0"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 1830

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame EDDA 111 KB
43 KB 98ms
44ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NHFGDSD

Requested by

Host: payment.allopass.com
URL: https://payment.allopass.com/buy/buy.apu?ids=302567&idd=1294049

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9ad9a784ba5d431dff6d949860bca9ea4537710fac364abc02477f05a073a0ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:46 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43670
x-xss-protection: 0
last-modified: Sat, 10 Sep 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 10 Sep 2022 17:58:46 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4EDB 0
26 B 65ms
64ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.offrepmu.c4.fr
URL: http://www.offrepmu.c4.fr/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 10 Sep 2022 17:58:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame CC45 14 KB
11 KB 135ms
79ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220907&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50f2a94dc3951cdfeea3c03328dfbe921c4ec22ca96daa1c45073e01d2a020f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.offrepmu.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 10 Sep 2022 17:58:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11154
x-xss-protection: 0

GET
H/1.1 200
OK duration.css
payment.allopass.com/static/css/ Frame EDDA 3 KB
1 KB 36ms
21ms Stylesheet
text/css 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.allopass.com/static/css/duration.css
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/static/css/base.css?68
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: b88598db6441341112078d3c81ea00ddf76e566ad9c68dcfec28a4d5100ca7b8

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/static/css/base.css?68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:46 GMT
Content-Encoding: gzip
Last-Modified: Tue, 16 Nov 2021 13:36:55 GMT
Server: Apache
ETag: "216ec-b61-5d0e804cbabc0"
Vary: Accept-Encoding
Content-Type: text/css
Connection: close
Accept-Ranges: bytes
Content-Length: 793

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame CC45 17 KB
6 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.offrepmu.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 10 Sep 2022 17:58:46 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 824F 13 KB
5 KB 27ms
26ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.offrepmu.c4.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 4749
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Sep 2022 16:39:37 GMT
expires: Sun, 10 Sep 2023 16:39:37 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 23EA 783 B
1 KB 96ms
36ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bf301e36ba1a22534bd6ed4c605c75675fcb36b9ebe44c4ad8b16cae12ad484a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fhqSToXrA2BuhJyyxrpdFw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.offrepmu.c4.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 510
content-security-policy: script-src 'report-sample' 'nonce-fhqSToXrA2BuhJyyxrpdFw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 10 Sep 2022 17:58:46 GMT
expires: Sat, 10 Sep 2022 17:58:46 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 CgETvhyXIYksjpVuZOiCWYZFr3TNicAtz6hsjYVMHCQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 824F 36 KB
15 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CgETvhyXIYksjpVuZOiCWYZFr3TNicAtz6hsjYVMHCQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a0113be1c9721892c8e956e64e882598645af74cd89c02dcfa86c8d854c1c24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 11:52:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21987
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15836
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Sep 2023 11:52:19 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame EDDA 49 KB
20 KB 85ms
25ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NHFGDSD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 3406
date: Sat, 10 Sep 2022 17:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sat, 10 Sep 2022 19:02:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 23EA 0
0 60ms
59ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220907&jk=3789821193597021&rc=
Requested by: Host: www.offrepmu.c4.fr
URL: http://www.offrepmu.c4.fr/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 824F 0
10 B 25ms
25ms Image
text/plain 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?aDv7cQ
Requested by: Host: www.offrepmu.c4.fr
URL: http://www.offrepmu.c4.fr/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 17:58:46 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1 200
OK secure-lock.gif
payment.allopass.com/static/css/icons/ Frame EDDA 181 B
418 B 60ms
21ms Image
image/gif 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.allopass.com/static/css/icons/secure-lock.gif
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/static/css/base.css?68
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: b74d93c2e43195ed06c03dcc855663cce5faec3d82a53598eb84f0714bb5ced9

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/static/css/base.css?68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:46 GMT
Last-Modified: Tue, 16 Nov 2021 13:36:55 GMT
Server: Apache
ETag: "2172e-b5-5d0e804cbabc0"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 181

GET
H/1.1 200
OK field.png
payment.allopass.com/static/css/images/ Frame EDDA 170 B
407 B 59ms
21ms Image
image/png 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.allopass.com/static/css/images/field.png
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/static/css/base.css?68
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: 7ffb9e58d885b0eaf644c52103b65f0019590149c75e77ff18f826d9bb3fa4e9

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/static/css/base.css?68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:46 GMT
Last-Modified: Tue, 16 Nov 2021 13:36:55 GMT
Server: Apache
ETag: "40fab-aa-5d0e804cbabc0"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 170

GET
H/1.1 200
OK logo-mobiyo-small.png
payment.allopass.com/static/css/images/ Frame EDDA 12 KB
12 KB 59ms
21ms Image
image/png 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.allopass.com/static/css/images/logo-mobiyo-small.png
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/static/css/base.css?68
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: 56b137612eb9e7e11421f576f02d3ea90e604fd12ab5873e6ff90aa9101e28db

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/static/css/base.css?68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:46 GMT
Last-Modified: Tue, 16 Nov 2021 13:36:55 GMT
Server: Apache
ETag: "2196b-2e5e-5d0e804cbabc0"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 11870

GET
H/1.1 200
OK carousel-row-mobiyo.png
payment.allopass.com/static/css/images/ Frame EDDA 87 KB
87 KB 60ms
21ms Image
image/png 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.allopass.com/static/css/images/carousel-row-mobiyo.png
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/static/css/carousel.css?68
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: 5b0231eec0d06b77f534fe202e99a40e89685551d6f1afdebc3c581e3ea76a0b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/static/css/carousel.css?68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:46 GMT
Last-Modified: Tue, 16 Nov 2021 13:36:55 GMT
Server: Apache
ETag: "2173e-15a80-5d0e804cbabc0"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 88704

GET
H/1.1 200
OK carousel-row.png
payment.allopass.com/static/css/images/ Frame EDDA 87 KB
87 KB 60ms
21ms Image
image/png 185.119.26.1
WEBDEVIIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.allopass.com/static/css/images/carousel-row.png
Requested by: Host: payment.allopass.com
URL: https://payment.allopass.com/static/css/carousel.css?68
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS: 1.26.119.185.in-addr.arpa
Software: Apache /
Resource Hash: 3826392fad8affe0e8f105c96299f4b3550fdd588c90603a12cc3db9b8e529c0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://payment.allopass.com/static/css/carousel.css?68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 17:58:46 GMT
Last-Modified: Tue, 16 Nov 2021 13:36:55 GMT
Server: Apache
ETag: "40fa3-15c04-5d0e804cbabc0"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 89092

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4EDB 42 B
64 B 63ms
62ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvrBvm7iNOfP67EUfojQeXbp9XYi1g2e8eniRPyOCPvlREs5plOpYhyS1_jQqD3hQsNpRJjiNptEWjWxOfGGOJJ85nI0Qwx1dEE7RI-Dj_9CYh-_R0313-rnx2iLcyI7oluJKb_vQ&sai=AMfl-YTQ2KC1spyUJ7aYzYBaLRtWLflzmdE8bbYzt3LP57_2bZOp5aSQSYoxMn8uSTbmEH2YDHYsFKgoVAM1&sig=Cg0ArKJSzIEDJxRu5ds1EAE&cid=CAASBORoDr4&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220907&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2647235303&rs=2&la=0&cr=0&vs=4&r=v&rst=1662832725641&rpt=558&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Sep 2022 17:58:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame CC45 0
0 64ms
64ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220907&jk=3789821193597021&bg=!4OOl46fNAAZTikH4c4o7ACkAdvg8WrBaSi8mWaA6e08GyjUy1266S5W7l9Hgu1Yn0kU3_oLtbfSrFgIAAACiUgAAAAFoAQcKAC5IYAGwJrNyz8rXFixKgz3vFpqTUl549s8dMg5DxZdjeBDSlRJhWpbKDY_kUnefmQLvylOPXaAPaC5-PMAmBc_qP_WvZY5OdCUTz27Vp5Pqxwgw6mCy-9YIRDOnQ-noROfyB9UI0cgrf_Bcml6F_fU1kkc13iz5rio3XnjlbpLNTa93_E53t-TPo9p3h_mO4Fes6gZu4I3a8cftlr0xvcb6_JUwtMOLeeEb5auBV83RjRdoQZ8lg92rAyvNyw4Kvq_t0XeueBVmrobwnyoTcaixBrYiglvMDHsedklB-aSIXThRxRhpA-vk80Bb-vP4srABImcoKiM8jH9pnr1er1QY21_5v3I5SSvmm3ulXrthzEAA1vTA_VB5oPs-mXCZ3R4tUmEmyU1tbrx7rfTec6f_3foCnK-m7mV7KdDQyO-wvSAijLQHbvN53phDM9bFJ63YxnZw9CrgcgNJNgRX6Nf3DNc_l6Ni0x8VLfpCx-3D-t6AZy_tryR_60xkkW6DNeuyvlaz9SQxXDf5k5Gn2XY6dAQmj8QnxpHGxgURWfuvFSXjk0UVOieHup3_m2sgJRC-GEtJVMLAyX_4ugl4vRhCTucMImd4vJ_vhror22mYdmgcOslenGs52jAB0ul8IDdRimSHn7ZKp4ymjy0dbF-Rijm8pY7GbjEulZ2Tdgt-1dPi8-zYdVBrJX2gkfn93O2YedMVhW9Gim9mW9seQqiHKgjCd5_0teYPyixPv1znts_sAiEqQDmyqkehWtubD09ILbzWac2Rk_ihDgPtHoVjE0tuw3xxWNNYhWx-HCV8h6ANjDLkeM-9pgdISS2p0fw8tpu78fmKA8fyNKbzRInZEFiHCX1_0WY2SO7LOOsvNyoa0SK9g6TMCNOoTiWcr7ZiwKJDb2TNVuIsELV12cI0LtQCX_NJUvBNdCHWKpNa646uTbjdyegsbMLgqHA9_Sxrt-obWZdDcbHoNfn8_MWP3gPAKh5M9SYXo1_1edQEjdEX0sZQ39QsY9ilPVYJfVJcH0Jn9B3VRM3cLY7074hm9PK8zSx779AEZdvOniSuvA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.offrepmu.c4.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

POST
H2 200 chk.php Show response
gmu-apps.com/ Frame EDDA 0
94 B 482ms
168ms XHR
text/html 54.219.10.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gmu-apps.com/chk.php
Requested by: Host: www.offrepmu.c4.fr
URL: http://www.offrepmu.c4.fr/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.219.10.208 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-10-208.us-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://payment.allopass.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Sat, 10 Sep 2022 17:58:47 GMT
server: Apache
content-length: 0
content-type: text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.c4.fr/	1970-01-20 15:15:28	Name: __gads Value: ID=d5b9304fb9d48350-220ef5941bce0072:T=1662832725:RT=1662832725:S=ALNI_MbBWrsFHrH-oSnIzabt-05eDSMOtQ
.doubleclick.net/	1970-01-20 15:15:28	Name: IDE Value: AHWqTUn6s0QNHbzc4D0r5icCYPTRc43Qi2AX8mdYqg-puE2zk32Wf96CAKE23nCq
.xiti.com/	1970-01-20 15:22:40	Name: atid Value: 6E8D4FB7-1AFB-4D3A-AFBB-D3C6FF855F4F
.casalemedia.com/	1970-01-20 14:39:28	Name: CMID Value: YxzQVeKkCqfkQBf-N57zCAAA
.casalemedia.com/	1970-01-20 08:03:28	Name: CMPS Value: 1200
.casalemedia.com/	1970-01-20 08:03:28	Name: CMPRO Value: 1200
.adnxs.com/	1970-01-20 08:03:28	Name: uuid2 Value: 8615626087373906366
.casalemedia.com/	1970-01-20 08:03:28	Name: CMTS Value: 1158
payment.allopass.com/	1969-12-31 23:59:59	Name: ShopSessionId Value: 145a0e7f-5e22-43e2-a2da-4050ec483bb2
.allopass.com/	1970-01-20 14:39:28	Name: AP_CUSK Value: 3585494788

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.fr
ajax.googleapis.com
bedrapiona.com
cm.g.doubleclick.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
gmu-apps.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
img.root-top.com
inklinkor.com
logv33.xiti.com
pagead2.googlesyndication.com
partner.googleadservices.com
payment.allopass.com
s0.2mdn.net
script.starpass.fr
tpc.googlesyndication.com
turfgeny.com
turfvictoire.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.offrepmu.c4.fr
www.pronostar.net
www.turfgeny.com
www.turfprox.com
www.venez.fr
www.widgeo.net
104.18.18.126
139.45.197.234
142.250.181.226
142.250.186.66
173.225.100.28
185.119.26.1
194.0.255.28
194.150.236.165
194.150.236.179
2606:4700:20::681a:a16
2606:4700:3030::ac43:d31d
2606:4700:3038::6815:ea1b
2a00:1450:4001:801::2008
2a00:1450:4001:808::2002
2a00:1450:4001:809::2002
2a00:1450:4001:809::200e
2a00:1450:4001:80b::2001
2a00:1450:4001:811::2002
2a00:1450:4001:811::2004
2a00:1450:4001:812::200a
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:831::2006
37.252.172.249
5.135.149.81
54.219.10.208
65.9.68.209
04f122230781518f0b5807695a1c731e33bea9ba0264d612c799485074204627
07f1ad3d856683310a9969f848d718b5f55850ff8c7bea5adec121a54edb4f48
09390420931de1a5876504eb4ebc8af93bd0464e7837af05c971b8afd33f6dbf
0a0113be1c9721892c8e956e64e882598645af74cd89c02dcfa86c8d854c1c24
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c91a24c2deb753c963c48cd9c3e5d16ee96128b30bce193c4324e121728c306
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
16393c3e769e20445f7f78adf6a188dae9d932249842c1033dc2144bac1296ac
1b4f1b8a79090e222e116c0bb9a7333a8b88f41dd2172122f67e8c0f1a6c2e21
1decf61f3465e4585a9a8cd868c343796bb6f43dfd1f03fa0b361dab97b4627c
1e2febd816ca74d843f100c2e7417cef8430cef84f5817d2ac1e5963d62eaff4
2128c433af909d66850b0f569c627a4ed9b35bc4b1cdff1004050599fde0744a
25f14b8cb855a61b4ff8cf23545a8cddca92dc7f76b157aa2f5a5a8ff19664e9
27d9e95348604155762e0fa4367a7767251e5b43956c80d2798d4af18f4bd704
286ee399704cd53efeabbca51dfc8459fb9633265ae4e9e046610f7d61d087bb
2c8caec91ec3dde8806152942a044c1a9296856d8d2744e665ac6f27e2268619
2e625a4a1fd8634f22935c0e559d3cc5a69b25f78233832c677a8a58f857e2ce
3289fc83b622ca0a13683fa81b006a05de135d1938744d6e30e5c9be2f2d782a
3826392fad8affe0e8f105c96299f4b3550fdd588c90603a12cc3db9b8e529c0
389df04d440cebbbb55c101252f8ef749ef505fba94fc90146cf555628bbf5d0
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
472d8e3c8c2b674cc50597bdaf60c2560232f5e77e9f622df83cac4c2748c42b
49d4ba84e10d9d1f2a83956dde4f20625fd11efc01f60a3a4552a9e09a05a74f
4bee4831055a077c68cb1f7384b95fc6afa5adba7028456d9f24122cf73fec3a
4c3762b6ce9b046a83662f848b5d40874144e875d40856ef66562e1f83c761d2
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50f2a94dc3951cdfeea3c03328dfbe921c4ec22ca96daa1c45073e01d2a020f8
50f77fa9d32c1323f7e50da8d807f556cdddaea2161de6cf84a0c8b4c1dd6f79
51268488626794c0bf2f103c43013b30e89c39a3746a9c4fc14c0ee73d8ae84c
54df4beda3ad05d5c621511ff15b2882588ff457e36132035d5f21fb29f2a750
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56b137612eb9e7e11421f576f02d3ea90e604fd12ab5873e6ff90aa9101e28db
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
5b0231eec0d06b77f534fe202e99a40e89685551d6f1afdebc3c581e3ea76a0b
5d74d225ed3a1ba493176f184c57877252a54ed81fc6031d6908ef70a11d4670
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64495c7e3289052a726f7b9f85c84ddcd4472736a55c5ee8fc01cb5d9da08c27
65e35c6ae1f74e16cbe663763323963eec7c6a22512042ab0758bd68151934a1
671b08d69f045365c997a46f5d45b5c65c7888b8d017aa28643da52f6076030f
6baa676f5ca2682fd2d7945ca2d3b06759d8a1bdd4974e4c3e00b80643410399
6dc51f0013ed6369adbe988ed91caba1fe3b92b0bba44da6f99b0f3200a41592
6ef026f2eff55ca1760598b139548e1d5c2f2117371f558f7cb5d9a799df17c2
70c931a12ab6a4d0bf386c6561309c23cafb4b927fb3dd57f6866545074a9637
78d18f6094a928bd2488d6d3d2959151533024806c8a402284569ef676d025dd
79ba56f1dc7115f34dfc9acf266e3389b20ad4f0c4ad97bd2273aaff498c6816
79ddc7167e6e464e0598a8d77c7dfd629369a3c6b043b4952591a23cc109765f
7dc792d48132ff15a9ad8c11a139bf26f8e13aa3df30a71582ae406ddffdab4f
7e308a7f13818486601b03b2e06af293b29ebcc2f2bef6dd76947d90728cc98f
7e6f00f8423f9d7fbaf4564c97400ead5eb437cace358ffdf13383bb9efc569d
7efdc65a1b9c96f18cafa0ecff56af0389df458f4b6b8f53a447e89721ed8749
7ffb9e58d885b0eaf644c52103b65f0019590149c75e77ff18f826d9bb3fa4e9
8089b518dd9070e8f05e87e2e3e841d77575bc460f7cf5f0df488596d609ba52
80a63d11779d9343c22d00a2c39a666eaaffb0da8ca85eead50cc693a67decc6
8339a530df38805ff92d2d53161d9f8ced0d376e1756984e0ff3d313f7607bbd
84565692d0a5468e68d4867cb9d299e82f2e826c6c5be39142b8c79bf5e6977c
86fd3be02ab9497ebb14a884fb226386cd0db257b234b005f0000326ae8c9081
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8abfd720f7d8cc630d1cd56f4a41cf9a4dded524f4cb648b8a6c2fe8a0f6353f
8db08a66fc20669ae93e6d8e919f56a863ce77d3e1ea0bb97efc4c35da450435
8f0c4762d576389a110cee7fbca8b96c4d7c64fc3713d4d4f60cf0c09dbcce6c
910612fc65208677f4e2fff60558e0f1949138a3696402a17ed5582efe0d2649
9207d6d5b64eacd523ec2cd4ac6b5aaa5965f54f458d0848b0e7c3ce445ec088
95551356617eca3ffb049bb12551d6a95995809bcbfaf974f1b89f0e43bc1f7f
97a9de3830f4bd7bcb7cf4805dbdcf1f4c6e843fcd4a814c6a5d7bc2b11fee1a
9ad9a784ba5d431dff6d949860bca9ea4537710fac364abc02477f05a073a0ee
9b0386754c0251e6ffcb2dba87a546b10794b3cbbfe5fbc2e061afe2311e0441
9dd04d4969981c650f779991f9ef442a1455109ca0a90a251edb02e324c5a389
9df324499f52ae5e86a2ec1b4048d197e5f391eae730db8910cece42cc798608
9e032db98153483f8208e9346448d8acdf7866b33693c0e4e1bf916ca9a7cd1f
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a05f2146c5b8d3dcbd30a0e912a3dc5c28d30430d4fd9a62a464de1630ec87ed
a07f1527129bcf149f43e45f1a7a5097d80fae8d709176ed8570d9ab8aa5e22e
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2e347d748f1ec7451a7c548762e93bbbc9132829120eb0c328129d52c86426d
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
ac9e49f303ce8afc79a5984e6135d9f807d42fd72d6c4b5219638ad72424f846
adfe383e215844ddafe2b7149d13c92118cc519a174bf6035494bab363034f4c
aed0c8666e5c0a1f69060a3275ccd4eb32fcf3bb0e7d254ebe3266262a60b57b
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b415c26c4eb3661a7957634989bb41d47b2911822b3835814c24d12debbf7dd1
b73e30b7030de7ec01db85eb01edfb3d228169583d6ccc6583bec0552d7ce172
b74d93c2e43195ed06c03dcc855663cce5faec3d82a53598eb84f0714bb5ced9
b88598db6441341112078d3c81ea00ddf76e566ad9c68dcfec28a4d5100ca7b8
bf301e36ba1a22534bd6ed4c605c75675fcb36b9ebe44c4ad8b16cae12ad484a
bf49dc55bd1cb2f331a5e37547db7c45f890b13f2944f5e8f5fc950a753d8980
bf91a9e6437f46b4e59f5786b40ac2da0d23f70060729e3e9adbd1bbbd2ab716
c0a130d7b90ac605b17acd40337aa673f2f6b1779801ba8ea7d894d38b87ba36
c1319ad29f9822f08a6740f0b89e91127cfb11a449f99528f0a7928156032c9e
c1893b3f02db32e36ee562842bc299d27c047656416c204667abf42f04777d2a
c233ce3b2c93066a4fe602720eaee31dba0c23d5b832e7aac994f71d04697325
c5c27bccc92627ec75a67d870db5857d40d2f3522df1a01c429c40a19f010d78
c5fda4bddbc21f1d990ef4b42a6350e739a1870c73c6ab240aa921651bfe5a08
c8370a2d050359e9d505acc411e6f457a49b21360a21e6cbc9229bad3a767899
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cdca24fd19906ad7adbf066e55d3ee87750c3901e9b5d1beb538408274d32109
d176bb09818fe74dc0e1d369c411c2e3ca68bbf64a8eb76b43ec306520229833
d32406c95c7750f53373117a45b227a64b0fbf8382c8bcc5cc937ebb171bc51f
d5127e3bfb1b69e0213ad5552051e6687d4d8a452669e4a5c69899e9b4ff2378
d5adf8e6dd0fb4a760d5c9d0de61f7bad107e009b30b99c2b846b08cb822c99c
ddbcd618422bf20ce1a95a0cad804d0fbb0c55488f83cacd16d1f79aaa6a0c6c
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59
e368951bc5918b3d9fbc8205bfdf0d8be8b79da09b457bb113307063f3b1bc89
e3a2e7f8a593c02e3a003abff713a64bd3d6f39434455a8eb57f8812c75459ad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e675e54ab622c53a7994be2f0943e37670fbc7aa12b1687a51f0d6b1cdeb78ed
e8b10565f31e567e5d8a5f6481c4d6b652931dc865f8c6f43c8435850cecc6e7
e994d6dfb98c97b89266605ccb40fade20b65078c94749428fd2d2485725a602
ec482ce87b4f7f6f06450ba94fdbf5ad7062e8d2af9172607a645e5199cfcfeb
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efa230a3973395419cb2746d720c89db14d28401636f48514642360656c172ce
f355e564dbb69ea1e15036b492804fed3ef2f141a5315b3e31ee5820af23ddc6
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
faf063f091dd745b82f9aeb12544a10ef3ee5989078c1a90d377d863fff884c7

www.offrepmu.c4.fr Open in urlscan Pro 5.135.149.81 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

135 Requests

84 %HTTPS

52 %IPv6

27 Domains

33 Subdomains

26 IPs

5 Countries

1673 kBTransfer

3122 kBSize

10 Cookies

0 Outgoing links

Redirected requests

135 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.offrepmu.c4.fr Open in urlscan Pro
5.135.149.81 Public Scan

Screenshot
Live screenshot

Full Image

135
Requests

84 %
HTTPS

52 %
IPv6

27
Domains

33
Subdomains

26
IPs

5
Countries

1673 kB
Transfer

3122 kB
Size

10
Cookies

135 HTTP transactions
1 data transactions