Submitted URL: https://animezeno.onionlive.workers.dev/
Effective URL: https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr
Submission: On March 06 via api from LU — Scanned from DE

Summary

This website contacted 10 IPs in 3 countries across 12 domains to perform 51 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is kingadblocker.com.
TLS certificate: Issued by E1 on February 29th 2024. Valid for: 3 months.
This is the only time kingadblocker.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 3 139.45.197.234 9002 (RETN-AS)
5 139.45.195.8 9002 (RETN-AS)
2 139.45.195.253 9002 (RETN-AS)
1 18 172.64.166.25 13335 (CLOUDFLAR...)
9 139.45.197.251 9002 (RETN-AS)
1 1 34.90.81.51 396982 (GOOGLE-CL...)
3 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
51 10
Apex Domain
Subdomains
Transfer
18 ladrecaidroo.com
ladrecaidroo.com
82 KB
9 jouteetu.net
jouteetu.net — Cisco Umbrella Rank: 30771 Failed
5 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 11818
3 KB
3 bedrapiona.com
bedrapiona.com — Cisco Umbrella Rank: 182901
16 KB
2 kingadblock.com
kingadblock.com — Cisco Umbrella Rank: 839321
5 KB
2 datatechone.com
datatechone.com — Cisco Umbrella Rank: 37995
936 B
1 tururu.info
tururu.info
1 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 310
29 KB
1 kingadblocker.com
kingadblocker.com
3 KB
1 pretrackings.com
tracking.pretrackings.com — Cisco Umbrella Rank: 295794
338 B
1 workers.dev
animezeno.onionlive.workers.dev
1 KB
0 Failed
function sub() { [native code] }. Failed
51 12
Domain Requested by
18 ladrecaidroo.com 1 redirects ladrecaidroo.com
9 jouteetu.net ladrecaidroo.com
5 my.rtmark.net bedrapiona.com
ladrecaidroo.com
3 bedrapiona.com 1 redirects animezeno.onionlive.workers.dev
bedrapiona.com
2 kingadblock.com kingadblocker.com
2 datatechone.com bedrapiona.com
ladrecaidroo.com
1 tururu.info kingadblocker.com
1 cdn.jsdelivr.net kingadblocker.com
1 kingadblocker.com
1 tracking.pretrackings.com 1 redirects
1 animezeno.onionlive.workers.dev
0 flcjnflecolckmhfcmhhkichjhajjnlb Failed kingadblocker.com
51 12

This site contains links to these domains. Also see Links.

Domain
kingadblock.com
Subject Issuer Validity Valid
onionlive.workers.dev
GTS CA 1P5
2024-03-03 -
2024-06-01
3 months crt.sh
bedrapiona.com
R3
2024-01-11 -
2024-04-10
3 months crt.sh
rtmark.net
R3
2024-03-02 -
2024-05-31
3 months crt.sh
datatechone.com
Sectigo RSA Domain Validation Secure Server CA
2023-12-10 -
2024-12-23
a year crt.sh
ladrecaidroo.com
GTS CA 1P5
2024-01-15 -
2024-04-14
3 months crt.sh
jouteetu.net
R3
2024-02-24 -
2024-05-24
3 months crt.sh
kingadblocker.com
E1
2024-02-29 -
2024-05-29
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-05-02 -
2024-05-01
a year crt.sh
kingadblock.com
GTS CA 1P5
2024-02-11 -
2024-05-11
3 months crt.sh
tururu.info
GTS CA 1P5
2024-01-18 -
2024-04-17
3 months crt.sh

This page contains 3 frames:

Primary Page: https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr
Frame ID: 3E0F6A95CA3791445ACEC5C6F7E96C94
Requests: 51 HTTP requests in this frame

Frame: https://tururu.info/a.php?id=0083&e=VPGCNBK0FG&c=cjpr8Un6N1rlp&r=pr&cid=65e8e4de5c0b77000193154b&z=21_4662728&v=13&dr=&inw=1600&inh=1200
Frame ID: 2FA205CC73CAD796FD486A89AF4DE9A9
Requests: 1 HTTP requests in this frame

Frame: https://kingadblock.com/clear.php
Frame ID: 46B2FEE14F914F0BC7EE3B3EE997A7E7
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Up - Ad Blocker

Page URL History Show full URLs

  1. https://animezeno.onionlive.workers.dev/ Page URL
  2. https://bedrapiona.com/4/5615727/ Page URL
  3. https://bedrapiona.com/?z=5615727&syncedCookie=true&rhd=false HTTP 302
    https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z... Page URL
  4. https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z... Page URL
  5. https://ladrecaidroo.com/submenu/4662728/?rhd=1&var=5615727&var3=789360621027332636&oaid=3ab2bc2de592... Page URL
  6. https://ladrecaidroo.com/rhd?z=4662728&syncedCookie=false&rhd=true HTTP 302
    https://tracking.pretrackings.com/click?pid=21&offer_id=4086&sub1=789360625989202690&sub2=4662728 HTTP 302
    https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

51
Requests

80 %
HTTPS

40 %
IPv6

12
Domains

12
Subdomains

10
IPs

3
Countries

139 kB
Transfer

435 kB
Size

17
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://animezeno.onionlive.workers.dev/ Page URL
  2. https://bedrapiona.com/4/5615727/ Page URL
  3. https://bedrapiona.com/?z=5615727&syncedCookie=true&rhd=false HTTP 302
    https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60 Page URL
  4. https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60&rdc=2 Page URL
  5. https://ladrecaidroo.com/submenu/4662728/?rhd=1&var=5615727&var3=789360621027332636&oaid=3ab2bc2de59290070735975a0d3fd8b9&usage_case=push_default Page URL
  6. https://ladrecaidroo.com/rhd?z=4662728&syncedCookie=false&rhd=true HTTP 302
    https://tracking.pretrackings.com/click?pid=21&offer_id=4086&sub1=789360625989202690&sub2=4662728 HTTP 302
    https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://bedrapiona.com/?z=5615727&syncedCookie=true&rhd=false HTTP 302
  • https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60

51 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
animezeno.onionlive.workers.dev/
1 KB
1 KB
Document
General
Full URL
https://animezeno.onionlive.workers.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:923 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41073afd70d67192731d0e6330e0c56eef44eac903dca4baa6b319d8a87928ed

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-ray
86058dfec8a58f40-FRA
content-encoding
br
content-type
text/html;charset=UTF-8
date
Wed, 06 Mar 2024 21:49:15 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EPg%2FTP4f2MzQIkvWouefeVWSNebZAuP%2FnksGBjXNt%2BEaqU93Yg1ANSLyUNjVyJWYOsJoOSkaC8vMHvms8REZOt%2F%2BAkgFdCB3hsqIUyqHuuuPneM5cR52ipTzgQxe7c4ACUoEbCk3glIo8njI%2FySGDPo1qHkgNLLAVXuQH1t2"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
/
bedrapiona.com/4/5615727/
33 KB
14 KB
Document
General
Full URL
https://bedrapiona.com/4/5615727/
Requested by
Host: animezeno.onionlive.workers.dev
URL: https://animezeno.onionlive.workers.dev/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.234 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
bd32c1de89562ee9efd9872aa638c571ab9c08f75622e324e8542c2b8ba818d0

Request headers

Referer
https://animezeno.onionlive.workers.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace Accept, Content-Type, Content-Length, Accept-Encoding, favicon
access-control-allow-methods
GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
* *
access-control-max-age
86400
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0 no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf8
date
Wed, 06 Mar 2024 21:49:16 GMT
expires
Tue, 11 Jan 1994 10:00:00 GMT Mon, 26 Jul 1997 05:00:00 GMT
link
<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma
no-cache no-cache
server
nginx
timing-allow-origin
*
x-trace-id
b940651ba06b1651897a5faf095f66c3
sftouch
bedrapiona.com/
2 B
610 B
Ping
General
Full URL
https://bedrapiona.com/sftouch?userId=00801764ae7f4b74e554113a6f8f8ea2&z=5615727&p_rid=6aed173e-07d2-4e54-96db-a33becb70765&p_src=sf&branchId=0&rb=3yvTJL5lJLuHMEsjp6MVwO5o31jvYkv0J9BQQRFR5o2Hq8DulG7SahJImwJV5cuRpS1Ui6ey1-qpBha-aV5yh7BNSFky8H0XgiHnEPmdB9_ijcAh7QmQp8-PwslmWF--C70Hza4WxfP4ODVjxC1CGnsMXDLNIWNDI-QeSGBm8TcRwgMrGpuMlMtFX0EeXR239c6yeCMh01IPaPThF1Qj_ZN-VXxF9lRj-O5f_s_GpeWdcSm-G5SzgOCcHE5Kvc6WJ6JNCiYjTqDlYaW2V6H6HPvado8OYDgEZttMnPr5477F_ObDB99BtdhtN6GYq63Xn2LtmlCu1V9L9F_PkJsM2tQs_wo=
Requested by
Host: bedrapiona.com
URL: https://bedrapiona.com/4/5615727/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.234 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bedrapiona.com/4/5615727/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 21:49:16 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
content-length
2
x-trace-id
98143058a0ad017ca8439b12a7b29ed8
pragma
no-cache
server
nginx
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-max-age
86400
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain
access-control-allow-origin
https://bedrapiona.com
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
expires
Tue, 11 Jan 1994 10:00:00 GMT
img.gif
my.rtmark.net/
43 B
491 B
Image
General
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=00801764ae7f4b74e554113a6f8f8ea2&z=5615727&p_rid=6aed173e-07d2-4e54-96db-a33becb70765&p_src=sf
Requested by
Host: bedrapiona.com
URL: https://bedrapiona.com/4/5615727/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bedrapiona.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 21:49:16 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
43
add
datatechone.com/log/
2 B
467 B
XHR
General
Full URL
https://datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=6aed173e-07d2-4e54-96db-a33becb70765
Requested by
Host: bedrapiona.com
URL: https://bedrapiona.com/4/5615727/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.253 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx/1.19.10 /
Resource Hash

Request headers

Referer
https://bedrapiona.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 06 Mar 2024 21:49:16 GMT
Server
nginx/1.19.10
Access-Control-Allow-Methods
POST, GET, OPTIONS, PUT, DELETE
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://bedrapiona.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length
2
/
ladrecaidroo.com/
Redirect Chain
  • https://bedrapiona.com/?z=5615727&syncedCookie=true&rhd=false
  • https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
42 KB
14 KB
Document
General
Full URL
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.166.25 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash
ff89ef6bf83fcf5991e71db7e554db028eb96a5e8de7106c33268c1e2560c8f0

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://bedrapiona.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods
GET, POST, OPTIONS, HEAD
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
86058e01ff432bfc-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 06 Mar 2024 21:49:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MxeWf0J7S4ESDcTV%2BGrEyMzM6OIw0u4%2BwQ9m1LanKDHI1AcbOtM1gDQ4XimQ0TynCf7i4xmbVfBbpdivoBFYoymehudw%2Fk%2FtVLI3m8ib9zhQ2O4HeyDRB1T3CfO5dmhUXYTz"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.4.33

Redirect headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://bedrapiona.com
access-control-max-age
86400
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
content-length
0
date
Wed, 06 Mar 2024 21:49:16 GMT
expires
Tue, 11 Jan 1994 10:00:00 GMT
link
<https://ladrecaidroo.com>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
location
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
pragma
no-cache
referrer-policy
no-referrer
server
nginx
strict-transport-security
max-age=1
timing-allow-origin
* *
x-content-type-options
nosniff
x-trace-id
45b1d63e973d919fe900fbcaceb51ac5
gid.js
my.rtmark.net/
65 B
543 B
Fetch
General
Full URL
https://my.rtmark.net/gid.js?userId=3ab2bc2de59290070735975a0d3fd8b9
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
ca6f01700beee433df6a1864857b8908715e2bd42c9a13d157a424d738cbee05
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ladrecaidroo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 21:49:16 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://ladrecaidroo.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
micro.tag.min.js
ladrecaidroo.com/pfe/current/
35 KB
13 KB
Script
General
Full URL
https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.166.25 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76d2557eeb69b8934253e2892c6a80cf8f27ecb31ca33605d798007a9b73d541

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 21:49:16 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 05 Mar 2024 15:56:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65e740c3-8a1a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=COEV8wMr2vYubEIEuEE6dJjmhAh%2BZv6ohnUG6H1O3FgrdiK3NVYPDIDCtlViA%2B5dkACIj2%2B0EQrghd00zkIaESMxBqohMcoTs3ZqMOif0dLvyG%2BSwVeVuqhZ7uwoJmcVrGW3"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
access-control-allow-credentials
true
cf-ray
86058e029fca2bfc-FRA
alt-svc
h3=":443"; ma=86400
truncated
/
327 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
ladrecaidroo.com/
2 B
422 B
XHR
General
Full URL
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60&mprtr=1
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.166.25 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.27
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 21:49:16 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.4.27
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ISIVBKZ%2BjFxKOxdudn%2F99E6ArED1aEbb%2Fa8sYxZwwogq8hBV6iBPpLcKjcooApDbkX6V7FLq5ReQR2M3lsOBi53wOYeCInM6J%2Fy6oTd1nncyuYXoyJa2iEc8CG8G8WShLzIt"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
86058e029fce2bfc-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc
h3=":443"; ma=86400
/
ladrecaidroo.com/19/4662728/
3 KB
2 KB
XHR
General
Full URL
https://ladrecaidroo.com/19/4662728/?abt_opts=1&var=5615727&var3=789360621027332636&ymid=&rhd=1
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.166.25 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c14a907321b11d0ea6d00b3bc42fae3db1ae97827e33c91af059faded58459cd
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 21:49:16 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-trace-id
8fdc288638375dc8466b3db7c0bdcca6
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fg0fJgF7GT4tcs8e%2BLMQt%2FX1gksMFFYM2krnn4qZejDvUhdmQlQ8XrNNSC2EO0tL7g7PKAL8ugO1jgVb%2FV80Q1t3nNGaJufUaYiiYPn1Gm7qsLdHT%2FPkn3glGakjvMdlZIkk"}],"group":"cf-nel","max_age":604800}
access-control-max-age
86400
access-control-allow-credentials
true
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin
*
link
<https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray
86058e029fd22bfc-FRA
expires
Tue, 11 Jan 1994 10:00:00 GMT
rhd
ladrecaidroo.com/
3 KB
3 KB
Fetch
General
Full URL
https://ladrecaidroo.com/rhd?rb=JF7hIS0sLYw16U1kVvfswWL0mkMqxiSCsM_EB20B5Jyi2Vwk6LOEL9HztmqQ6KEu2ZNoH9Z1kxxTqCtxNhV6CvUKfaOAh79wQS3AmTf6kzRkgPc2W-17ZgazdNfBdaH3uXWrgXcSg8gkDWo_zyNXLg-fRWOUnzyvMtEM1WMb7eNqO7zyvbbcpF3Pqic76wDf3RZUFm3ettm9nEG6GxXmGcnw8V9El4dqDyiiUYXJVP8V8vH02z2WdFH7veSW3_8t5v5e0K9qkW8CbaIE8gcuxa9nG1ey4et2yqu6UY2byVnT2qO3VetVNCeod2Ge_vrjvjykWK4sfH1e9laZijvOladBPGJHGYfVAqkIEb4IEDDftcvoerYORSmqIkivbaX1z-3jDSJOwHTgRRN6yuSkSct716f6dS5uK0L7H8es_68eoW4N7TGOI38lv_P350RDrKvXjOvYg3AgNJm4209z9tzbC3ZLdTeovyP-tWAWMtQ885iZJZPrqbPHlf5-dif8QlM1NYTq1ptSI7jytF-4rtvr-ebNEj1RmUl5ZP02vXZHYnfkMxNGiQ%3D%3D&request_ab2=0&zoneid=4662728&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wih=1200&wiw=1600&wfc=0&pl=https%3A%2F%2Fladrecaidroo.com%2F%3Fs%3D789360621027332636%26ssk%3Daa01ae8397e9015fbb3e48ae1e0e2c64%26svar%3D1709761756%26z%3D5615727%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb%26btz%3DEurope%2FBerlin%26bto%3D-60&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=5615727&var3=789360621027332636&ymid=&rhd=1&m=link
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.166.25 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 21:49:16 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-trace-id
d67db1f390b241ccdfeee58bd39ec619
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rosgo9y0ayiiWPFgWxqs%2BNMT%2FnFwxyVPXecY%2FlP8QgyZTsPETeIeLt3iZcaeQK6U0BWEO8LlQA3lL%2BVTsLj2dWWrX5RyHABhkTQT3lHRlIR%2FliMlFHFcTLej%2FkhB9zoMpAwf"}],"group":"cf-nel","max_age":604800}
access-control-max-age
86400
access-control-allow-credentials
true
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin
*
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray
86058e02ff822c52-FRA
expires
Tue, 11 Jan 1994 10:00:00 GMT
custom
jouteetu.net/
0
0

4662709
ladrecaidroo.com/sw-check-permissions/
0
997 B
Other
General
Full URL
https://ladrecaidroo.com/sw-check-permissions/4662709?var=5615727&ymid=789360621027332636&uhd=1&zoneId=4662709
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.166.25 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 21:49:16 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.4.33
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4vDse%2BVl4WB3FmLDuIp0bwmXdahRM8SbHdFDfk0ZOvu0Ql2g5AGTOyABE3xkNuo6L0ddi2ZSsjwwBy%2BBhVOdrsVc2HqZyM1JjLzP9D1ZSbZdOXF%2F16r9vMzDIguMIe3qLHBo"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-ray
86058e02ff8b2c52-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=86400
custom
jouteetu.net/
0
0

zone
ladrecaidroo.com/
0
522 B
Ping
General
Full URL
https://ladrecaidroo.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=ladrecaidroo.com&var=5615727&ymid=789360621027332636&var_3=&var_4=&dsig=&tg=1&sw=3.1.495&trace_id=df8905de-87bf-4d00-b5ea-9f15009b3d1a&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0=
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.166.25 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

x-trace-id
bdf4db03576d28439ca449564942cda8
date
Wed, 06 Mar 2024 21:49:16 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BdMztQPuVK7EZskT4uVwct87dBWb%2BPU3Y3z4nLCaGAjVZlB0XKiLFWdF97BbzD4YAIYKJApVDOlk3ZelHmKP4lHJHElBa62njsTCWYa7NcbzNQb5drsDO9FKx%2F4Mu8ZtKdVt"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://ladrecaidroo.com
access-control-allow-credentials
true
cf-ray
86058e02ff8d2c52-FRA
access-control-allow-headers
Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length
0
alt-svc
h3=":443"; ma=86400
custom
jouteetu.net/
0
0

custom
jouteetu.net/
0
0

gid.js
my.rtmark.net/
65 B
543 B
Fetch
General
Full URL
https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=789360621027332636&var=5615727
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
ca6f01700beee433df6a1864857b8908715e2bd42c9a13d157a424d738cbee05
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ladrecaidroo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 21:49:16 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://ladrecaidroo.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
custom
jouteetu.net/
0
0

custom
jouteetu.net/
0
0

custom
jouteetu.net/
0
0

zone
ladrecaidroo.com/
797 B
980 B
Fetch
General
Full URL
https://ladrecaidroo.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=ladrecaidroo.com&var=5615727&ymid=789360621027332636&var_3=&var_4=&dsig=&tg=1&sw=3.1.495&trace_id=df8905de-87bf-4d00-b5ea-9f15009b3d1a&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0=
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.166.25 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 21:49:16 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-trace-id
d1a67d957ad998b1195a15a2a56cf8ac
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mFBSZ8lhMI%2FrSaeEN0ZetmGFxhBfrDGKexyBx4MBzNYfim4%2FtDwE8IDPXRKbeWq%2F%2BVGYFohspKZuj%2FswAtuabsy8Cl7OSOSue7lo2YmxWz0Swb46IibQ3Q4uYevmnLA9Wr55"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
86058e030f9f2c52-FRA
access-control-allow-headers
Origin, X-Requested-With, X-Oaid, Content-Type, Accept
custom
jouteetu.net/
0
0

/
ladrecaidroo.com/
42 KB
14 KB
Document
General
Full URL
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60&rdc=2
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.166.25 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash
d141ca5783768a766463d755e97962ec5053ca65bf970bdf688189c43aea072d

Request headers

Referer
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods
GET, POST, OPTIONS, HEAD
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
86058e033fcb2c52-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 06 Mar 2024 21:49:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FEHFXadC8eQw3hLVtjZZMfpJ0rNjN4vfF3%2BgmXCEvU9elYjYiLs4ba927uIuhB6AYGbWHYz3N9E74U9FA77ZoUZkemMzeIvtELpYXfTa8web4IeeZuuKt3LSJFNhC84kV3JC"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.4.33
custom
jouteetu.net/
0
0

micro.tag.min.js
ladrecaidroo.com/pfe/current/
35 KB
13 KB
Script
General
Full URL
https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60&rdc=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.166.25 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76d2557eeb69b8934253e2892c6a80cf8f27ecb31ca33605d798007a9b73d541

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 06 Mar 2024 21:49:16 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 05 Mar 2024 15:56:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65e740c4-8a1a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CQDdVb32vlCe15MWx1sW4VCJk24CbzoKf5WpKXMT92WbFRztvLf9QGXMnf9rZxxagM%2FZimUb0jRpRw29nowV7pgNNd5rUfCbK%2B%2BRhH4IV20orRcYPboV8yxj4r0W9mI4VlkA"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
access-control-allow-credentials
true
cf-ray
86058e03c8562c52-FRA
alt-svc
h3=":443"; ma=86400
truncated
/
327 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
ladrecaidroo.com/19/4662728/
3 KB
3 KB
XHR
General
Full URL
https://ladrecaidroo.com/19/4662728/?abt_opts=1&var=5615727&var3=789360621027332636&ymid=&rhd=1
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60&rdc=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.166.25 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ef56f2891f098bd9be7a43c2d08afd2dbc74cea6c2b0c5c67489828d77ddbd9
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 21:49:16 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-trace-id
59a186c70edeeb2fb8734ef613f823c3
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OcbCLEOFDZL9u%2FaYIvuJt7x6mmE1bzJLU6u0%2BrKwBVrqupYxhdscWU5wD8vBLPmr%2BQoBqdJ00ALfceaS9FzluNZ%2BBRlISE3FQJ3hXOK8F%2BeBHVDxZKtmEsO9RM8g7blcxnhH"}],"group":"cf-nel","max_age":604800}
access-control-max-age
86400
access-control-allow-credentials
true
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin
*
link
<https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray
86058e03c8572c52-FRA
expires
Tue, 11 Jan 1994 10:00:00 GMT
/
ladrecaidroo.com/
2 B
532 B
XHR
General
Full URL
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60&rdc=2&mprtr=1
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60&rdc=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.166.25 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 21:49:16 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.4.33
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E7zyq0cdDUWnwgvY5CplFHhGBzd6%2BJMa7mIRupLt8Cw%2BuvvYUFlBy4Jjm%2FVt6TXTz6otserjYn8X6kxmLe9cEDHo%2FCER2Q%2Fc%2BMKdM6KRJ2K%2BO97bdyc5o5jR7eEM%2Bs0ZXSl8"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
86058e03d86b2c52-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc
h3=":443"; ma=86400
custom
jouteetu.net/
0
0
Ping
General
Full URL
https://jouteetu.net/custom
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ladrecaidroo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

4662709
ladrecaidroo.com/sw-check-permissions/
0
995 B
Other
General
Full URL
https://ladrecaidroo.com/sw-check-permissions/4662709?var=5615727&ymid=789360621027332636&uhd=1&zoneId=4662709
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.166.25 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 21:49:16 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.4.33
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B31PwCaro7WponEUHd24ol%2FHB4G1PH8yzF7qD8KjKH7zK3zytoILfdQWfi4Arde%2B15RZySGTs9bciJOOPfWNwnqkc3ylpb6JwuMwHAR1HijqPgB91YHhbkr7wXi5n3u7ctiL"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-ray
86058e0418ac2c52-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=86400
custom
jouteetu.net/
0
0
Ping
General
Full URL
https://jouteetu.net/custom
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ladrecaidroo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

zone
ladrecaidroo.com/
0
491 B
Ping
General
Full URL
https://ladrecaidroo.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=ladrecaidroo.com&var=5615727&ymid=789360621027332636&var_3=&var_4=&dsig=&tg=1&sw=3.1.495&trace_id=713078b8-e173-49e4-b214-a517ad414a37&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0=
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.166.25 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

x-trace-id
37aa24c5d4b20108f5de4258f959ce22
date
Wed, 06 Mar 2024 21:49:16 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xbj%2FWk7B%2BnQHWi6K4jLemfUfZQ6lpz%2FiHnyKdEu0xvKFuSuDZUs5CKdioCIqJf6U9dAeeayygjPky2h%2FCZBpNkcL96WDlNnP657E%2FYabErDKGY4IRlCjutW%2FrabZp5Gv4pHb"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://ladrecaidroo.com
access-control-allow-credentials
true
cf-ray
86058e0418ae2c52-FRA
access-control-allow-headers
Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length
0
alt-svc
h3=":443"; ma=86400
custom
jouteetu.net/
0
0
Ping
General
Full URL
https://jouteetu.net/custom
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ladrecaidroo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

custom
jouteetu.net/
0
0
Ping
General
Full URL
https://jouteetu.net/custom
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ladrecaidroo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

gid.js
my.rtmark.net/
65 B
543 B
Fetch
General
Full URL
https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=789360621027332636&var=5615727
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
ca6f01700beee433df6a1864857b8908715e2bd42c9a13d157a424d738cbee05
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ladrecaidroo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 21:49:16 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://ladrecaidroo.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
custom
jouteetu.net/
0
0
Ping
General
Full URL
https://jouteetu.net/custom
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ladrecaidroo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

custom
jouteetu.net/
0
0
Ping
General
Full URL
https://jouteetu.net/custom
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ladrecaidroo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

custom
jouteetu.net/
0
0
Ping
General
Full URL
https://jouteetu.net/custom
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ladrecaidroo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

zone
ladrecaidroo.com/
797 B
975 B
Fetch
General
Full URL
https://ladrecaidroo.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=ladrecaidroo.com&var=5615727&ymid=789360621027332636&var_3=&var_4=&dsig=&tg=1&sw=3.1.495&trace_id=713078b8-e173-49e4-b214-a517ad414a37&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0=
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.166.25 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b38378383eb664cf12ad5aa8d099385bb93501b02be65dfc066efa0c35517dd
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60&rdc=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 21:49:16 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-trace-id
1fb08b40cb12580c748cbaa4d1e9c01e
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4vPEjxDUdebP9lXG4067Cgi5xANd1SAF6GaORsy8hjNcCcNW8p6njB%2FpZJUiKtkFpnx9iTMEROxKwsWqD61xZJXIq4s8CB2rjqHCQG2WulM9rjJwdKjqcskDPdxpXEw4ps7J"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
86058e0428b52c52-FRA
access-control-allow-headers
Origin, X-Requested-With, X-Oaid, Content-Type, Accept
custom
jouteetu.net/
0
0
Ping
General
Full URL
https://jouteetu.net/custom
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ladrecaidroo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

custom
jouteetu.net/
0
0
Ping
General
Full URL
https://jouteetu.net/custom
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/pfe/current/micro.tag.min.js?z=4662709&ymid=789360621027332636&var=5615727&sw=/sw-check-permissions/4662709&uhd=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ladrecaidroo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

/
ladrecaidroo.com/submenu/4662728/
34 KB
13 KB
Document
General
Full URL
https://ladrecaidroo.com/submenu/4662728/?rhd=1&var=5615727&var3=789360621027332636&oaid=3ab2bc2de59290070735975a0d3fd8b9&usage_case=push_default
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60&rdc=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.166.25 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e3d12d679ec7f98c02f4caf5abd3bc82e56b27aae650c847b59455a7dfd9de9
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60&rdc=2
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
cf-cache-status
DYNAMIC
cf-ray
86058e077c2f2c52-FRA
content-encoding
br
content-type
text/html; charset=utf8
date
Wed, 06 Mar 2024 21:49:17 GMT
expires
Tue, 11 Jan 1994 10:00:00 GMT
link
<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OmEtNXpD2OrGPgu46%2FUPWwb1fnJuiIGabOK1PYHAHl46yYwXAXf3iswwT%2FXOkOGbNbzIelcVfODq1SBeSvqfq%2FpevLkHf6XLt%2FuFzf0fgY4AI7LVtqmqS6Tf5gJsBD3mXe%2BF"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=1
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-trace-id
9bee9f48ac41bf361790b5e56bbe5363
sftouch
ladrecaidroo.com/
2 B
763 B
Ping
General
Full URL
https://ladrecaidroo.com/sftouch?userId=3ab2bc2de59290070735975a0d3fd8b9&z=4662728&p_rid=9ea20e01-5da6-4e7b-82e7-4c33ffcf440d&p_src=sf&branchId=0&rb=3exk17xqTvap31IRnQX-gNMTc_dph-XUz_AuPOKdPEbZmR3m3j6lr3G2yHKQtZKVPMnuPda8C7D4HXgbZu4aSns-WvWZRXSOYYguNdjM_esyxedIe57AdEE9JQivq4070i-2Xuoe6xeQe5DQGNohDfbzKTjOYQtvqqchCeBA2ucJrVqvv16fv55nLh5834ZHNBDuMr7pBpkqKwwI6efuX0Sn7o3zdBRu5SO-GITFTDWfsrr7kiGS79LdxzqHlce8HrJpCDYXshYgCpY3xPBFrqIfAMsKWk_x0JkatC9e1aVk18gTNhsAFDaqHPa_wxB5OfItkbX8GPr9q0u9Vlla4b2D35Bi7YDLytnYJiFmzV6F9d4SxBmotnIzYXiONhiZEu5Uum8G6yDwrZLFHk_pB2yFnTg_14mkR0yO52qeqNvYT-mj3OFA2E2qm9FAH7Yl7ORNBrG0BdsIy1DmeOk8SxdvDCnTI0T4Dd5bLUhlBWTjtcjy-RDje8uHOAayQAy0zqi8WKiSob45cw5neiTEWCCOfNNh0ZhEYhu2_5hZy3WSA1iYD1PitUYgJKnkm7iu
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/submenu/4662728/?rhd=1&var=5615727&var3=789360621027332636&oaid=3ab2bc2de59290070735975a0d3fd8b9&usage_case=push_default
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.166.25 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ladrecaidroo.com/submenu/4662728/?rhd=1&var=5615727&var3=789360621027332636&oaid=3ab2bc2de59290070735975a0d3fd8b9&usage_case=push_default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 21:49:17 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
2
x-trace-id
b0cce4d8f4966e585369a2677dad700e
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain
access-control-allow-origin
https://ladrecaidroo.com
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9%2FolKeJHfLTYxuTfQXfzbCA5Dppr17hX9eqIRlHUH41Q3AUddmeZgQFG3JpEJH3M37KO65toyCQdY09vl6s9LER%2BCl01T5tq%2FytzcShIbrr3WRxEX6V619%2BQJHJXieXUAdik"}],"group":"cf-nel","max_age":604800}
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray
86058e07dcd42c52-FRA
expires
Tue, 11 Jan 1994 10:00:00 GMT
img.gif
my.rtmark.net/
43 B
506 B
Ping
General
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=3ab2bc2de59290070735975a0d3fd8b9&z=4662728&p_rid=9ea20e01-5da6-4e7b-82e7-4c33ffcf440d&p_src=sf
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/submenu/4662728/?rhd=1&var=5615727&var3=789360621027332636&oaid=3ab2bc2de59290070735975a0d3fd8b9&usage_case=push_default
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ladrecaidroo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 21:49:17 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
image/gif
access-control-allow-origin
https://ladrecaidroo.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
43
add
datatechone.com/log/
2 B
469 B
XHR
General
Full URL
https://datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=9ea20e01-5da6-4e7b-82e7-4c33ffcf440d
Requested by
Host: ladrecaidroo.com
URL: https://ladrecaidroo.com/submenu/4662728/?rhd=1&var=5615727&var3=789360621027332636&oaid=3ab2bc2de59290070735975a0d3fd8b9&usage_case=push_default
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.253 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx/1.19.10 /
Resource Hash

Request headers

Referer
https://ladrecaidroo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 06 Mar 2024 21:49:17 GMT
Server
nginx/1.19.10
Access-Control-Allow-Methods
POST, GET, OPTIONS, PUT, DELETE
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://ladrecaidroo.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length
2
Primary Request extension.php
kingadblocker.com/
Redirect Chain
  • https://ladrecaidroo.com/rhd?z=4662728&syncedCookie=false&rhd=true
  • https://tracking.pretrackings.com/click?pid=21&offer_id=4086&sub1=789360625989202690&sub2=4662728
  • https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr
8 KB
3 KB
Document
General
Full URL
https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a8acdb4efb0eacb9aaf949d808c5079d89402345f4a6390638481763a5e127e

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://ladrecaidroo.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
86058e0c2d0871b3-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 06 Mar 2024 21:49:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mn9QgR%2B%2BsBf0HxsllLDFgM2zCVVJCmmHPHWm89saA6UNaW9ROXXmHkflH8O4dT2wlhnh45%2FASkIyje4fk8mm3YzcbMnmNpvUO0Iz65NIqnA8stG1UOgHo5iwwR31TMB2jGgS5BWVhU4Aoqb7z0z9kQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

access-control-allow-origin
*
content-length
0
date
Wed, 06 Mar 2024 21:49:18 GMT
location
https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr
server
nginx
x-adjust-use-original-forwarded-for
1
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/
190 KB
29 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css
Requested by
Host: kingadblocker.com
URL: https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0bcf7898fdc3b87babca678cd19a8e3ef570e931c80a3afbffcc453738c951a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://kingadblocker.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 21:49:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
9924303
x-jsd-version
5.2.3
content-encoding
br
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230036-FRA
x-jsd-version-type
version
server
cloudflare
etag
W/"2f955-d5HdHzFzoNYsw5wh0q1x/I2tDnI"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uO051VbG%2F64anfaJyvtI5LJyF3efLfU%2Bg%2FaDeGQjNkOdpCQ%2BYF8DZtg9K987NZRcpJRu6qBGXBgldYn%2BjQ6%2Fth6K%2FmGnrFj7D5SV0blxJG%2FvwD3B23F5FIz6lGCADfyXzB47BFPUIhz%2Bt6wALXY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
86058e0df8d34d3e-FRA
icon.png
kingadblock.com/images/
4 KB
5 KB
Image
General
Full URL
https://kingadblock.com/images/icon.png
Requested by
Host: kingadblocker.com
URL: https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
091483d5419eb9e98f0edd49563409fad2eb24f1d10bc161b9716e0f0ee86b35

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://kingadblocker.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 21:49:18 GMT
cf-cache-status
DYNAMIC
last-modified
Wed, 16 Aug 2023 09:40:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"64dc99a9-1121"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=toNS0%2BXW%2FGqEQqTAM0wGOjyuQFKNWVNS5RUAQdRWtomtZOAjMDrgcjeTrhj1FjCvVxcIPguF%2BJLTELYN01%2BRDvj6ME%2BcpjcLI8%2BiWFdI7khz9iOIPA3D6hm%2FZzIvSya3F9CxlDdkiZ7nQqgMzqE%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
accept-ranges
bytes
cf-ray
86058e0dffd39170-FRA
alt-svc
h3=":443"; ma=86400
content-length
4385
icon.png
flcjnflecolckmhfcmhhkichjhajjnlb/
0
0

a.php
tururu.info/ Frame 2FA2
96 B
1 KB
Document
General
Full URL
https://tururu.info/a.php?id=0083&e=VPGCNBK0FG&c=cjpr8Un6N1rlp&r=pr&cid=65e8e4de5c0b77000193154b&z=21_4662728&v=13&dr=&inw=1600&inh=1200
Requested by
Host: kingadblocker.com
URL: https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:3b73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d5f7d977f9b96d4f7abe30653ea52b3406938d5175ebb743bf839beab7f59f6

Request headers

Referer
https://kingadblocker.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
86058e0ecb9b65ce-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 06 Mar 2024 21:49:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xJM0WYtn8hgbbDRg7wlAitQI5jtJW9ca2GVU3QUpgJ8Nw9%2Fcv4G6gs1eV%2FOJp0r0s%2FpEiZlpZe%2Bw%2BrVE60AUIfxX6jUFCxQaAQnG82O%2Fkz3KNGGetenwYObxlvXD3OGZnrVjXJ7oH9rdYw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
clear.php
kingadblock.com/ Frame 46B2
0
399 B
Document
General
Full URL
https://kingadblock.com/clear.php
Requested by
Host: kingadblocker.com
URL: https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://kingadblocker.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.29 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
86058e0e58359170-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 06 Mar 2024 21:49:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jXeOQZ7V6C38rAGrXa2%2FlfKZXHGDBdIbWHqWZh9VSDC7OMrjooAsrzaJYUYfoj2ZQhzSHuM7%2BUJ9HPApHlXldAaWbYCgDL3%2BW6lry3Je4Br1KCu5qY077HfloejuXcMQPzt3moAbcD99cyVj6D0%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
jouteetu.net
URL
https://jouteetu.net/custom
Domain
jouteetu.net
URL
https://jouteetu.net/custom
Domain
jouteetu.net
URL
https://jouteetu.net/custom
Domain
jouteetu.net
URL
https://jouteetu.net/custom
Domain
jouteetu.net
URL
https://jouteetu.net/custom
Domain
jouteetu.net
URL
https://jouteetu.net/custom
Domain
jouteetu.net
URL
https://jouteetu.net/custom
Domain
jouteetu.net
URL
https://jouteetu.net/custom
Domain
jouteetu.net
URL
https://jouteetu.net/custom
Domain
flcjnflecolckmhfcmhhkichjhajjnlb
URL
chrome-extension://flcjnflecolckmhfcmhhkichjhajjnlb/icon.png

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| req_existing_user object| landing_iframe function| openNewWindow function| openNewTab function| openSameTab function| listenInstallCompleted function| openInstructions object| windowObjectReference

17 Cookies

Domain/Path Name / Value
bedrapiona.com/ Name: OAID
Value: 00801764ae7f4b74e554113a6f8f8ea2
bedrapiona.com/ Name: oaidts
Value: 1709761756
my.rtmark.net/ Name: ID
Value: 00801764ae7f4b74e554113a6f8f8ea2
bedrapiona.com/ Name: syncedCookie
Value: true
ladrecaidroo.com/ Name: syncedCookie
Value: true
ladrecaidroo.com/ Name: prefetchAd_4662728
Value: true
ladrecaidroo.com/ Name: reverse
Value: ihM2UyMClGBJKnnCGAlWhqJmYXjKFmTFRCvHjuDGPMM
ladrecaidroo.com/ Name: oaidts
Value: 1709761757
ladrecaidroo.com/ Name: OAID
Value: 00801764ae7f4b74e554113a6f8f8ea2
tracking.pretrackings.com/ Name: afclick
Value: 65e8e4de5c0b77000193154b
tracking.pretrackings.com/ Name: afoffers
Value: {"4086":1709761758}
.tururu.info/ Name: c0083
Value: cjpr8Un6N1rlp
.tururu.info/ Name: r0083
Value: pr
.tururu.info/ Name: cid0083
Value: 65e8e4de5c0b77000193154b
.tururu.info/ Name: z0083
Value: 21_4662728
.tururu.info/ Name: e0083
Value: VPGCNBK0FG
.tururu.info/ Name: _asd
Value: 17097617584908007

18 Console Messages

Source Level URL
Text
other warning URL: https://bedrapiona.com/4/5615727/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60&rdc=2
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://ladrecaidroo.com/?s=789360621027332636&ssk=aa01ae8397e9015fbb3e48ae1e0e2c64&svar=1709761756&z=5615727&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Berlin&bto=-60&rdc=2
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://ladrecaidroo.com/afu.php?zoneid=4662728&var=4662728&rid=UOc2oKHlKAQMxeQ00KE1Mg%3D%3D&rhd=true&sf=1&is_mobile=false
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://ladrecaidroo.com/afu.php?zoneid=4662728&var=4662728&rid=UOc2oKHlKAQMxeQ00KE1Mg%3D%3D&rhd=true&sf=1&is_mobile=false
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
javascript error URL: https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr
Message:
Access to XMLHttpRequest at 'chrome-extension://flcjnflecolckmhfcmhhkichjhajjnlb/icon.png' from origin 'https://kingadblocker.com' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, https, chrome-untrusted.
network error URL: chrome-extension://flcjnflecolckmhfcmhhkichjhajjnlb/icon.png
Message:
Failed to load resource: net::ERR_FAILED
other warning URL: https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://kingadblocker.com/extension.php?jn=cjpr8Un6N1rlp&ju=21_4662728&jq=65e8e4de5c0b77000193154b&jp=pr
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

animezeno.onionlive.workers.dev
bedrapiona.com
cdn.jsdelivr.net
datatechone.com
flcjnflecolckmhfcmhhkichjhajjnlb
jouteetu.net
kingadblock.com
kingadblocker.com
ladrecaidroo.com
my.rtmark.net
tracking.pretrackings.com
tururu.info
flcjnflecolckmhfcmhhkichjhajjnlb
jouteetu.net
139.45.195.253
139.45.195.8
139.45.197.234
139.45.197.251
172.64.166.25
2606:4700:3030::6815:923
2606:4700:3032::6815:3b73
2606:4700::6810:5514
2a06:98c1:3120::3
34.90.81.51
091483d5419eb9e98f0edd49563409fad2eb24f1d10bc161b9716e0f0ee86b35
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
41073afd70d67192731d0e6330e0c56eef44eac903dca4baa6b319d8a87928ed
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc
6e3d12d679ec7f98c02f4caf5abd3bc82e56b27aae650c847b59455a7dfd9de9
6ef56f2891f098bd9be7a43c2d08afd2dbc74cea6c2b0c5c67489828d77ddbd9
76d2557eeb69b8934253e2892c6a80cf8f27ecb31ca33605d798007a9b73d541
7a8acdb4efb0eacb9aaf949d808c5079d89402345f4a6390638481763a5e127e
7b38378383eb664cf12ad5aa8d099385bb93501b02be65dfc066efa0c35517dd
8d5f7d977f9b96d4f7abe30653ea52b3406938d5175ebb743bf839beab7f59f6
bd32c1de89562ee9efd9872aa638c571ab9c08f75622e324e8542c2b8ba818d0
c0bcf7898fdc3b87babca678cd19a8e3ef570e931c80a3afbffcc453738c951a
c14a907321b11d0ea6d00b3bc42fae3db1ae97827e33c91af059faded58459cd
ca6f01700beee433df6a1864857b8908715e2bd42c9a13d157a424d738cbee05
d141ca5783768a766463d755e97962ec5053ca65bf970bdf688189c43aea072d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ff89ef6bf83fcf5991e71db7e554db028eb96a5e8de7106c33268c1e2560c8f0