URL: https://onion.kingoapp.com/
Submission Tags: falconsandbox
Submission: On January 20 via api from US

Summary

This website contacted 14 IPs in 3 countries across 11 domains to perform 56 HTTP transactions. The main IP is 2606:4700:3031::ac43:c3df, located in United States and belongs to CLOUDFLARENET, US. The main domain is onion.kingoapp.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 30th 2020. Valid for: a year.
This is the only time onion.kingoapp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
16 www.kingoapp.com onion.kingoapp.com
www.kingoapp.com
10 static.zdassets.com onion.kingoapp.com
static.zdassets.com
7 pagead2.googlesyndication.com onion.kingoapp.com
pagead2.googlesyndication.com
6 googleads.g.doubleclick.net pagead2.googlesyndication.com
2 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
2 kingosupport.zendesk.com static.zdassets.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 www.googletagmanager.com onion.kingoapp.com
1 www.google.de onion.kingoapp.com
1 www.google.com onion.kingoapp.com
1 stats.g.doubleclick.net www.google-analytics.com
1 www.googletagservices.com pagead2.googlesyndication.com
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 ekr.zdassets.com static.zdassets.com
1 onion.kingoapp.com
56 17
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-07-30 -
2021-07-30
a year crt.sh
ssl911790.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2020-10-28 -
2021-05-06
6 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-12-15 -
2021-03-09
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2021-01-05 -
2021-03-30
3 months crt.sh
*.googleadservices.com
GTS CA 1O1
2021-01-05 -
2021-03-30
3 months crt.sh
*.google.com
GTS CA 1O1
2020-12-15 -
2021-03-09
3 months crt.sh
www.google.com
GTS CA 1O1
2020-12-15 -
2021-03-09
3 months crt.sh
www.google.de
GTS CA 1O1
2021-01-05 -
2021-03-30
3 months crt.sh
kingosupport.zendesk.com
Cloudflare Inc ECC CA-3
2020-07-29 -
2021-07-29
a year crt.sh

This page contains 9 frames:

Primary Page: https://onion.kingoapp.com/
Frame ID: 769C1EB08BA5FEB20FB904DD8AE700E9
Requests: 39 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210113/r20190131/zrt_lookup.html
Frame ID: 091CA7F0C685D6D37868502054D8217E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9329193614793962&output=html&adk=1812271804&adf=3025194257&lmt=1602515122&plat=1%3A16809992%2C2%3A16809992%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fonion.kingoapp.com%2F&ea=0&flash=0&pra=5&wgl=1&dt=1611162100169&bpp=14&bdt=180&idt=171&shv=r20210113&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=305480312286&frm=20&pv=2&ga_vid=1008574314.1611162100&ga_sid=1611162100&ga_hid=1019066848&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C21066435%2C21067981%2C21068084%2C21068769%2C21069109&oid=3&pvsid=2459052153061784&pem=652&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=189
Frame ID: D3588FB52434E458DA3867A8F4AE393D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9329193614793962&output=html&h=60&slotname=6460434907&adk=3512819451&adf=691532466&pi=t.ma~as.6460434907&w=468&lmt=1602515122&psa=0&format=468x60&url=https%3A%2F%2Fonion.kingoapp.com%2F&flash=0&wgl=1&dt=1611162100265&bpp=4&bdt=276&idt=112&shv=r20210113&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=305480312286&frm=20&pv=1&ga_vid=1008574314.1611162100&ga_sid=1611162100&ga_hid=1019066848&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=559&ady=1135&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C21066435%2C21067981%2C21068084%2C21068769%2C21069109&oid=3&pvsid=2459052153061784&pem=652&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=8192&bc=31&ifi=1&uci=a!1&fsb=1&xpc=6ij1wUYXJD&p=https%3A//onion.kingoapp.com&dtd=120
Frame ID: 37D15933B3A30B56476DF7325C69DD27
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9329193614793962&output=html&h=280&adk=3523991940&adf=669096100&pi=t.aa~a.3005450789~rp.4&w=1040&fwrn=4&fwrnh=100&lmt=1602515122&rafmt=1&to=qs&pwprc=6800568531&psa=1&format=1040x280&url=https%3A%2F%2Fonion.kingoapp.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1611162100893&bpp=2&bdt=904&idt=-M&shv=r20210113&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D312a3965232aab0f-224a76d097b9009f%3AT%3D1611162100%3ART%3D1611162100%3AS%3DALNI_MbO-wUY1-fJDk_GCBBbtuTQESr6zw&prev_fmts=0x0%2C468x60&nras=1&correlator=305480312286&frm=20&pv=1&ga_vid=1008574314.1611162100&ga_sid=1611162100&ga_hid=1019066848&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=280&ady=1589&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C21066435%2C21067981%2C21068084%2C21068769%2C21069109&oid=3&pvsid=2459052153061784&pem=652&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Grom59ELax&p=https%3A//onion.kingoapp.com&dtd=8
Frame ID: 1D90A776CF9B65F944CDD8820D6C9707
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9329193614793962&output=html&h=280&adk=1867657217&adf=358975529&pi=t.aa~a.772858473~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1602515122&rafmt=1&to=qs&pwprc=6800568531&psa=1&format=1200x280&url=https%3A%2F%2Fonion.kingoapp.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1611162100893&bpp=1&bdt=904&idt=0&shv=r20210113&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D312a3965232aab0f-224a76d097b9009f%3AT%3D1611162100%3ART%3D1611162100%3AS%3DALNI_MbO-wUY1-fJDk_GCBBbtuTQESr6zw&prev_fmts=0x0%2C468x60%2C1040x280&nras=1&correlator=305480312286&frm=20&pv=1&ga_vid=1008574314.1611162100&ga_sid=1611162100&ga_hid=1019066848&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2409&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C21066435%2C21067981%2C21068084%2C21068769%2C21069109&oid=3&pvsid=2459052153061784&pem=652&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=WUdSC1OAna&p=https%3A//onion.kingoapp.com&dtd=14
Frame ID: A76D1C122CBBD1CE431CF6429DD4D90E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210113/r20190131/zrt_lookup.html?fsb=1
Frame ID: 356E6627826C63BD82CDDE55DCCC1359
Requests: 1 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/latest/preload.f8bcdce5adebc1f98d39.js
Frame ID: 7342D82C300664B98FF94394F20A857A
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/220/runner.html
Frame ID: F70958168577E6225C4C2E5F5EDD8F7D
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Overall confidence: 100%
Detected patterns
  • script /react.*\.js/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
  • html /<!-- (?:End )?Google Tag Manager -->/i

Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

56
Requests

100 %
HTTPS

79 %
IPv6

11
Domains

17
Subdomains

14
IPs

3
Countries

1444 kB
Transfer

3833 kB
Size

9
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

56 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
onion.kingoapp.com/
24 KB
6 KB
Document
General
Full URL
https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c3df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d9f02574d29020397a315f347a12ee931612e55d412ab8f20faf4260371155f

Request headers

:method
GET
:authority
onion.kingoapp.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:39 GMT
content-type
text/html
set-cookie
__cfduid=d8f106ba6d8fbbd7b7fa7faf7b848a1361611162099; expires=Fri, 19-Feb-21 17:01:39 GMT; path=/; domain=.kingoapp.com; HttpOnly; SameSite=Lax __cf_bm=a8b91c01ce42dc1cd87a2e3c3763c42d1f000f1d-1611162099-1800-ARwiw9OmwIt0rh5DEz+NdwbSWWsXtDe+BkD/fSJpcaE19A2PZTPabhsvDuzL2f0oL39peRA9d3J7cIMNA7eH1Pw=; path=/; expires=Wed, 20-Jan-21 17:31:39 GMT; domain=.kingoapp.com; HttpOnly; Secure; SameSite=None
last-modified
Mon, 12 Oct 2020 15:05:22 GMT
cf-cache-status
DYNAMIC
cf-request-id
07c257b83d000017763bac4000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xlR6M45vdAkZp8YsdJjcr0IY4WYWDD2B86R%2BR50p9hmlYGPhB4y1h0TdqPmupgAYLbLf1v4UAfNBnT7t3yLruKBT3Jkw%2BYx7Kf0%2FGoKAdBxB0ZFSgTugkH5MfdbtEdk%3D"}],"group":"cf-nel"}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
614a5bd38d451776-FRA
content-encoding
br
snippet.js
static.zdassets.com/ekr/
24 KB
7 KB
Script
General
Full URL
https://static.zdassets.com/ekr/snippet.js?key=1e11f77c-acad-4fb9-b34f-93444c955a7f
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb4b7a1be5f80c37ac74daa6f20b193b24414f23da856ad2560a0053e65a2cb7
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
content-encoding
br
cf-cache-status
HIT
age
2
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
strict-transport-security
max-age=0
x-amz-request-id
EEE40648CBD36B5E
x-amz-id-2
6LxX28rrvXYYenYkqY4iatfvBLM/fmr2+X+KZwoXupPIwMkVrGJtqieKEMZPxOR83Kk0iUw91Ag=
last-modified
Tue, 10 Mar 2020 23:13:51 GMT
server
cloudflare
etag
W/"f47f1934dec578b3ec2daacb7e61d9c9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=3600, s-maxage=60
x-amz-version-id
QzcBmfzwuCnSPtNhWyKUV.rVnAqAKY6a
cf-request-id
07c257b9710000ee2fd7169000000001
cf-ray
614a5bd58c55ee2f-CDG
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
133 KB
47 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c685db1a28aa02aa1b43f51d4a85e823a140760be641d58559ee796a3739ff2b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
47567
x-xss-protection
0
server
cafe
etag
506700201699315331
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 20 Jan 2021 17:01:39 GMT
bootstrap.min.css
www.kingoapp.com/static/css/
107 KB
17 KB
Stylesheet
General
Full URL
https://www.kingoapp.com/static/css/bootstrap.min.css
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c3df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5fd723750763ebb731f9221e413e7d64d58d5192dc040e42292ed3dcccca732

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 27 Apr 2016 03:26:35 GMT
server
cloudflare
age
6666
etag
W/"5720316b-1abce"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=X0cAGY2UXV2xQTuR1FD0OVG%2FnxaFLQXId4pahQFrTHlFlgU8G63soyRRVuHiEo0GawFKLfSbgq9kcF4yHM7mYhRgY9kxqcWRF%2BkpKCHhNmAznFydgGx9poJWLZtr"}],"group":"cf-nel"}
content-type
text/css
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
614a5bd509221776-FRA
cf-request-id
07c257b926000017761c1ee000000001
jquery.min.js
www.kingoapp.com/static/js/
93 KB
32 KB
Script
General
Full URL
https://www.kingoapp.com/static/js/jquery.min.js
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c3df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 18 May 2016 04:23:04 GMT
server
cloudflare
age
6703
etag
W/"573bee28-17278"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oey6ZCRW%2BQVzUuBV7oUTfJeNZkTTXhFQdelyKS7AqQW8%2F6ZkV9axZkC4Ph4WkvyJrmivQL6dTRox4ojvGP%2FRtoSk5hwz7CIkdj3yJGWYboRoQepPOa29bpOZ5L7%2B"}],"group":"cf-nel"}
content-type
application/javascript
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
614a5bd509291776-FRA
cf-request-id
07c257b926000017763c131000000001
base.css
www.kingoapp.com/static/css/
13 KB
4 KB
Stylesheet
General
Full URL
https://www.kingoapp.com/static/css/base.css
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c3df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8436fddfc43a48a65e4daddf38498d3fa9f5298e197bbe1629c4cba7567ffa7

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6666
cf-polished
origSize=16793
cf-request-id
07c257b92500001776c117b000000001
last-modified
Thu, 29 Mar 2018 08:33:46 GMT
server
cloudflare
etag
W/"5abca4ea-4199"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=EconSOmnsp91TVvzqFn5%2BvhT5snae845AaOQzan%2FVUxzxXHli3ANhe2WVrzzmaGaDZARwy2%2FV5R%2Fo2pgufLPa1DOJ1Bgb%2BILRmqL35NEuqP1KB2P38iKsKZLxo4z"}],"group":"cf-nel"}
content-type
text/css
cache-control
max-age=14400
cf-ray
614a5bd509261776-FRA
cf-bgj
minify
js
www.googletagmanager.com/gtag/
96 KB
38 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-44056125-1
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
106af77380c0d4b3b09fcc1e378e644143fc2bc686be1129477995a1e91507aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38965
x-xss-protection
0
last-modified
Wed, 20 Jan 2021 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 20 Jan 2021 17:01:40 GMT
kingo-logo.png
www.kingoapp.com/static/images/
7 KB
7 KB
Image
General
Full URL
https://www.kingoapp.com/static/images/kingo-logo.png
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c3df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
429c5eb262a3ef2648d2b23ee91d1e6cca21931816efb5124234e3b261a1a1bc

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6666
content-length
6964
cf-request-id
07c257b97800001776c50e1000000001
last-modified
Wed, 27 Apr 2016 03:26:35 GMT
server
cloudflare
etag
"5720316b-1b34"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4QAdkd1Lw89SvI5OaNKY6WlxaEttCNB7PpmnPYffV37uARi4WngCOVTeA9or9U84BKS0qTgAVE1%2BbW3S5OotCUHgMXZbJrhSnAqqek8AUxi8Yxf1bdGTck9sV7ZN"}],"group":"cf-nel"}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
614a5bd58a4c1776-FRA
KingoRootPC-icon.png
www.kingoapp.com/static/images/
25 KB
25 KB
Image
General
Full URL
https://www.kingoapp.com/static/images/KingoRootPC-icon.png
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c3df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3751d6519eb244034ca0c32f0e46ecf9cd7855eadcfa42067a5e62d0ba3e2ff1

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6603
content-length
25575
cf-request-id
07c257b9860000177623005000000001
last-modified
Tue, 17 May 2016 07:11:39 GMT
server
cloudflare
etag
"573ac42b-63e7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9%2B70tPlAjVa4ZbkG8%2FECHEcExdeyMVJD7HRy%2BMw13ciMCR2TeBkhuGcKZV9SrBpuxZM2pclt51mHN%2BIbL24B%2Fq25p%2FGJK4ZeSFh%2FoZ%2BNfnPbbLyc7Wml6y8vOC4z"}],"group":"cf-nel"}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
614a5bd5aa741776-FRA
KingoRoot-icon.png
www.kingoapp.com/static/images/
24 KB
25 KB
Image
General
Full URL
https://www.kingoapp.com/static/images/KingoRoot-icon.png
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c3df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2c909d2a470a99f4fb0e5b60f5d5ae14a1878ad6a3c89efcaf431c3404a600f

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6603
content-length
25027
cf-request-id
07c257b995000017761830d000000001
last-modified
Tue, 17 May 2016 07:11:39 GMT
server
cloudflare
etag
"573ac42b-61c3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nvlmlRPlobIjsg%2B07kcorqN2MOw82lBqFqLm%2BVMxyOFqREmQj7W2ASwb0WRqEFn9erEwTFdk5C9ONaYwwAJeXqiyUzV%2Bi8NsMznPiDiv3xiD41iIlEnGvLWFs2yj"}],"group":"cf-nel"}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
614a5bd5baa71776-FRA
KingoSuperUser-icon.png
www.kingoapp.com/static/images/
23 KB
23 KB
Image
General
Full URL
https://www.kingoapp.com/static/images/KingoSuperUser-icon.png
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c3df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce25f63921277f7da3c747533314af89b748830c9e8e9b598a4962838b5b7b93

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
855
content-length
23506
cf-request-id
07c257b99500001776c0ad4000000001
last-modified
Tue, 17 May 2016 07:11:39 GMT
server
cloudflare
etag
"573ac42b-5bd2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=IdbVIkkmrLxeMJ2nV32XEor3RjwdmG5LJ80MLLuQYyJqJ9Ax8CDrjn48cWXlN7zwwowvQ5ZKkoz%2BtXYMXzrVWdRzWdaH%2F9ax8ku%2FEDg9nrepakKTFA0B9VTBryeR"}],"group":"cf-nel"}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
614a5bd5baa81776-FRA
rushos_cleaner-icon.png
www.kingoapp.com/static/images/
6 KB
6 KB
Image
General
Full URL
https://www.kingoapp.com/static/images/rushos_cleaner-icon.png
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c3df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
371ee6d05aae5b293157e55bbe0ff5517fb17a5153bf1db4e5ec4238a1c15358

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
855
content-length
5694
cf-request-id
07c257b9a700001776eb272000000001
last-modified
Wed, 14 Mar 2018 09:12:02 GMT
server
cloudflare
etag
"5aa8e762-163e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=WXMbPHFcEGGUil8%2FYJvCWzOmB%2BhJLqun5pOVAVcJK5s8OTA8Cf%2FmmfyUlSMJlth7VShxWCTlxYRwvyzuT3lQqDo6re63ruv2XlZhKpm%2BTCn7P5GvUhXZ0sECIHsy"}],"group":"cf-nel"}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
614a5bd5dae11776-FRA
onionbrowser-icon.png
www.kingoapp.com/static/images/
15 KB
15 KB
Image
General
Full URL
https://www.kingoapp.com/static/images/onionbrowser-icon.png
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c3df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7e4d278e690a18a0289ce6e60f1b47d8790a5b5d25bfee54e00759111579b1b

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
855
content-length
15422
cf-request-id
07c257b9a700001776c610b000000001
last-modified
Fri, 16 Mar 2018 09:20:59 GMT
server
cloudflare
etag
"5aab8c7b-3c3e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Hh9B8XL8Yn3FLfyj%2BTo8e4rPGlXiVd3FQNNn%2FVEZRaVvju3QxO7UV1ciPgDYbkPYWgILcI7NVo%2B%2BlaPTzmuOr7HGnZidpeqY4PjtCE5w60Zl1q%2F997AbM%2BDnzdBH"}],"group":"cf-nel"}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
614a5bd5dae41776-FRA
KingoSuperBattery-icon.png
www.kingoapp.com/static/images/
22 KB
22 KB
Image
General
Full URL
https://www.kingoapp.com/static/images/KingoSuperBattery-icon.png
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c3df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
605d12ce84891d371d71b1c35e373d3314962d93ee9860bb11d386248ef5d191

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6602
content-length
22029
cf-request-id
07c257b9a8000017760a34e000000001
last-modified
Tue, 17 May 2016 07:11:39 GMT
server
cloudflare
etag
"573ac42b-560d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=k9ZqwT%2BLkwLFYBB14LbJbIH3mpvilkWJcd2CvbVePYdpWaSEUBtMGAex%2BntTnIFWBs8bDDXh%2BzdAl6we%2FFjsaNNMOXToSVlNhrRhefgAlOllxZkdroHqLHXPejNr"}],"group":"cf-nel"}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
614a5bd5dae61776-FRA
browser5.png
www.kingoapp.com/static/images/
32 KB
33 KB
Image
General
Full URL
https://www.kingoapp.com/static/images/browser5.png
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c3df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b6a10a419cf274cd9ce4d3edb6571b63c1cdda9e473d5ed95cd41b9cba68860

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
4069
content-length
33043
cf-request-id
07c257b9ab000017762086e000000001
last-modified
Fri, 16 Mar 2018 10:04:15 GMT
server
cloudflare
etag
"5aab969f-8113"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Png5iEiFgPcykHE%2Bn3LgdM57iRgz5uWyCNbb5t5hJcyw%2FZh8j693qsvSWqiQIJMTecO1W6R2O%2BLaxrgTzCkTwo0VPAwDOIp9PtINRocHEc%2FxCrWtJEPmWNCTZOqH"}],"group":"cf-nel"}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
614a5bd5dae81776-FRA
browser-say.png
www.kingoapp.com/static/images/
115 KB
116 KB
Image
General
Full URL
https://www.kingoapp.com/static/images/browser-say.png
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c3df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
505716f5173d2a1e7e1b6f15d8f131460d3c96703d6bd945782c00482220e391

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
4069
content-length
118242
cf-request-id
07c257b9a800001776153f0000000001
last-modified
Fri, 16 Mar 2018 10:04:10 GMT
server
cloudflare
etag
"5aab969a-1cde2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=sbx7sDKDGri8lAeq2vraWO5p%2FQ8UcAsgzEnlWUjrfBE387ydMpQNOuLRauHeBd13F4NLUoEGaIrORB9HDE8TLXzcSqS556yYPqEe4oDCzc0J90RFi72DKWz6uXGU"}],"group":"cf-nel"}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
614a5bd5daea1776-FRA
browser-nopic.png
www.kingoapp.com/static/images/
154 KB
155 KB
Image
General
Full URL
https://www.kingoapp.com/static/images/browser-nopic.png
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c3df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2e5d5d439573bfe383c40ee15e63bb85805771b673bf454d81246e093eb8585

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
4069
content-length
157849
cf-request-id
07c257b9a8000017760f302000000001
last-modified
Fri, 16 Mar 2018 10:04:16 GMT
server
cloudflare
etag
"5aab96a0-26899"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FLuHEw%2F2roA6vDOQ1x0cP4FQKb0wSWTIecW9cB77eGfVWDrEh94ROdYF4hp5iyo63d6SiweBSrs2C7KO%2B7H%2B6gI6d3Fmz2MLfbWB1%2Bk6Yz9Y10bkwH5H%2B9Eski3y"}],"group":"cf-nel"}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
614a5bd5daed1776-FRA
browser-video.png
www.kingoapp.com/static/images/
100 KB
100 KB
Image
General
Full URL
https://www.kingoapp.com/static/images/browser-video.png
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c3df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8802889f282a082070b5d39bac5c9278c706fba4cbea307b105a3c53e3800469

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
4069
content-length
101986
cf-request-id
07c257b9b6000017762d2d3000000001
last-modified
Fri, 16 Mar 2018 10:04:13 GMT
server
cloudflare
etag
"5aab969d-18e62"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BZ%2Bkz5fsITLTeoKAbnmEAvpd6FBcLbQaxq8qzz%2Btx0dMMwnk982VQ7fg9VzvUpCbGBUJiAvHELd5nK9lThesNUyX%2BymJJPDiAEJpCtMQ%2FA3fbuaXIWA2E%2BMvH71H"}],"group":"cf-nel"}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
614a5bd5eb261776-FRA
gtm.js
www.googletagmanager.com/
0
0
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KZ96P8
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

1e11f77c-acad-4fb9-b34f-93444c955a7f
ekr.zdassets.com/compose/
949 B
849 B
XHR
General
Full URL
https://ekr.zdassets.com/compose/1e11f77c-acad-4fb9-b34f-93444c955a7f
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=1e11f77c-acad-4fb9-b34f-93444c955a7f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9bc57a563d0e9a1f576105a0850772105c11aa9fe49527a367f7a5868301670d
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
content-encoding
br
vary
Origin, Accept-Encoding
cf-cache-status
EXPIRED
status
200 OK
strict-transport-security
max-age=0
cf-request-id
07c257ba240000edb77d192000000001
x-request-id
61c3a1b7-04a8-48a5-9f34-6f7a0342f1f3
x-runtime
0.002999
server
cloudflare
etag
W/"9bc57a563d0e9a1f576105a085077210"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=600, public, s-maxage=60, stale-while-revalidate=600, stale-if-error=3600
cf-ray
614a5bd69d66edb7-CDG
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20210113/r20190131/
228 KB
85 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210113/r20190131/show_ads_impl_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
61bef528f51b67951802ce74eedb99dda7b476671a1cacef80c4a8fe0a5633ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
87099
x-xss-protection
0
server
cafe
etag
6583541633825610200
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Wed, 20 Jan 2021 17:01:40 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210113/r20190131/ Frame 091C
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20210113/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20210113/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://onion.kingoapp.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://onion.kingoapp.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Wed, 20 Jan 2021 02:52:04 GMT
expires
Wed, 03 Feb 2021 02:52:04 GMT
content-type
text/html; charset=UTF-8
etag
12197657918578843409
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4751
x-xss-protection
0
age
50976
cache-control
public, max-age=1209600
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
battery-download-btn.png
www.kingoapp.com/static/images/
7 KB
7 KB
Image
General
Full URL
https://www.kingoapp.com/static/images/battery-download-btn.png
Requested by
Host: www.kingoapp.com
URL: https://www.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c3df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3149f9c51622b561c5dbcc32c8b3dd72e5905b339b016c068b1687c81e911e3

Request headers

Referer
https://www.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
5225
content-length
6722
cf-request-id
07c257b9e000001776de170000000001
last-modified
Wed, 27 Apr 2016 03:26:35 GMT
server
cloudflare
etag
"5720316b-1a42"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=e5Jm8NIgY%2BcWzlYrF2JmIfkyWAUZK9X%2FcpwzxsZ7SLISN7pz8hjBJt3euzNtYzI15GEQQucwDvYR5mxPKegPoy5K3AbCJdUEeb%2F2CreifDqkz8x4BJtzDH945X3e"}],"group":"cf-nel"}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
614a5bd63bcc1776-FRA
social.png
www.kingoapp.com/static/images/
5 KB
6 KB
Image
General
Full URL
https://www.kingoapp.com/static/images/social.png
Requested by
Host: www.kingoapp.com
URL: https://www.kingoapp.com/static/css/base.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c3df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a09834393782751fe244c5450f531cbc5c20621f471eae7e748e340f9e429a7b

Request headers

Referer
https://www.kingoapp.com/static/css/base.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
5239
content-length
5350
cf-request-id
07c257ba2e00001776d7a49000000001
last-modified
Wed, 27 Apr 2016 03:26:35 GMT
server
cloudflare
etag
"5720316b-14e6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Or1DG0uXBaDVnY2OjkKB%2Ftqde89PlqAmsEn4m2muLFAupRecc%2FfVUAfjrtaJ%2FNyMf4%2FpUbCkBxcIs3Wi3LsYoIPYBw7jqUlf6ZigvZcJaSKLJNsmuRjYy4TXH2z5"}],"group":"cf-nel"}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
614a5bd6acf01776-FRA
analytics.js
www.google-analytics.com/
46 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-44056125-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
6128
date
Wed, 20 Jan 2021 15:19:32 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Wed, 20 Jan 2021 17:19:32 GMT
cookie.js
partner.googleadservices.com/gampad/
202 B
643 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=onion.kingoapp.com&callback=_gfp_s_&client=ca-pub-9329193614793962
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210113/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s07-in-f2.1e100.net
Software
cafe /
Resource Hash
c2de647153b7a6797b5b82ff8c3707100de97eff0f2f944a079d535068bb8b31
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
194
x-xss-protection
0
integrator.js
adservice.google.de/adsid/
109 B
169 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=onion.kingoapp.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210113/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Jan 2021 17:01:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
109 B
169 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=onion.kingoapp.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210113/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Jan 2021 17:01:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/
0
23 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fonion.kingoapp.com%2F&tn=DIV&cls=navbar-fixed-bottom&ign=false
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jan 2021 17:01:40 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/
0
40 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fonion.kingoapp.com%2F&tn=NAV&cls=container-fluid%20navbar%20navbar-kingo&ign=false
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jan 2021 17:01:40 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame D358
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9329193614793962&output=html&adk=1812271804&adf=3025194257&lmt=1602515122&plat=1%3A16809992%2C2%3A16809992%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fonion.kingoapp.com%2F&ea=0&flash=0&pra=5&wgl=1&dt=1611162100169&bpp=14&bdt=180&idt=171&shv=r20210113&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=305480312286&frm=20&pv=2&ga_vid=1008574314.1611162100&ga_sid=1611162100&ga_hid=1019066848&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C21066435%2C21067981%2C21068084%2C21068769%2C21069109&oid=3&pvsid=2459052153061784&pem=652&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=189
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210113/r20190131/show_ads_impl_fy2019.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9329193614793962&output=html&adk=1812271804&adf=3025194257&lmt=1602515122&plat=1%3A16809992%2C2%3A16809992%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fonion.kingoapp.com%2F&ea=0&flash=0&pra=5&wgl=1&dt=1611162100169&bpp=14&bdt=180&idt=171&shv=r20210113&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=305480312286&frm=20&pv=2&ga_vid=1008574314.1611162100&ga_sid=1611162100&ga_hid=1019066848&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C21066435%2C21067981%2C21068084%2C21068769%2C21069109&oid=3&pvsid=2459052153061784&pem=652&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=189
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://onion.kingoapp.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://onion.kingoapp.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 20 Jan 2021 17:01:40 GMT
server
cafe
content-length
38057
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 20-Jan-2021 17:16:40 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires
Wed, 20 Jan 2021 17:01:40 GMT
cache-control
private
osd.js
www.googletagservices.com/activeview/js/current/
73 KB
28 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210113/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
080da30aa445e67edb9fa3673bf91badd76a12ec0457d3d4d098bf48f62dc7cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1610714114181599"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28294
x-xss-protection
0
expires
Wed, 20 Jan 2021 17:01:40 GMT
collect
www.google-analytics.com/j/
2 B
68 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1019066848&t=pageview&_s=1&dl=https%3A%2F%2Fonion.kingoapp.com%2F&ul=en-us&de=UTF-8&dt=Best%20Phone%20Browser%20APP%20for%20Android&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IAhAAUABAAAAAC~&jid=138494656&gjid=665035319&cid=1008574314.1611162100&tid=UA-44056125-1&_gid=976126436.1611162100&_r=1&gtm=2ou161&z=1011075571
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4001:c03::65 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 20 Jan 2021 17:01:40 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://onion.kingoapp.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 37D1
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9329193614793962&output=html&h=60&slotname=6460434907&adk=3512819451&adf=691532466&pi=t.ma~as.6460434907&w=468&lmt=1602515122&psa=0&format=468x60&url=https%3A%2F%2Fonion.kingoapp.com%2F&flash=0&wgl=1&dt=1611162100265&bpp=4&bdt=276&idt=112&shv=r20210113&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=305480312286&frm=20&pv=1&ga_vid=1008574314.1611162100&ga_sid=1611162100&ga_hid=1019066848&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=559&ady=1135&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C21066435%2C21067981%2C21068084%2C21068769%2C21069109&oid=3&pvsid=2459052153061784&pem=652&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=8192&bc=31&ifi=1&uci=a!1&fsb=1&xpc=6ij1wUYXJD&p=https%3A//onion.kingoapp.com&dtd=120
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210113/r20190131/show_ads_impl_fy2019.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9329193614793962&output=html&h=60&slotname=6460434907&adk=3512819451&adf=691532466&pi=t.ma~as.6460434907&w=468&lmt=1602515122&psa=0&format=468x60&url=https%3A%2F%2Fonion.kingoapp.com%2F&flash=0&wgl=1&dt=1611162100265&bpp=4&bdt=276&idt=112&shv=r20210113&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=305480312286&frm=20&pv=1&ga_vid=1008574314.1611162100&ga_sid=1611162100&ga_hid=1019066848&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=559&ady=1135&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C21066435%2C21067981%2C21068084%2C21068769%2C21069109&oid=3&pvsid=2459052153061784&pem=652&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=8192&bc=31&ifi=1&uci=a!1&fsb=1&xpc=6ij1wUYXJD&p=https%3A//onion.kingoapp.com&dtd=120
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://onion.kingoapp.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://onion.kingoapp.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 20 Jan 2021 17:01:40 GMT
server
cafe
content-length
205
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 20-Jan-2021 17:16:40 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires
Wed, 20 Jan 2021 17:01:40 GMT
cache-control
private
collect
stats.g.doubleclick.net/j/
4 B
90 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-44056125-1&cid=1008574314.1611162100&jid=138494656&gjid=665035319&_gid=976126436.1611162100&_u=IAhAAUAAAAAAAC~&z=1491954925
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 20 Jan 2021 17:01:40 GMT
content-type
text/plain
access-control-allow-origin
https://onion.kingoapp.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/
42 B
119 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-44056125-1&cid=1008574314.1611162100&jid=138494656&_u=IAhAAUAAAAAAAC~&z=557595581
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jan 2021 17:01:40 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
107 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-44056125-1&cid=1008574314.1611162100&jid=138494656&_u=IAhAAUAAAAAAAC~&z=557595581
Requested by
Host: onion.kingoapp.com
URL: https://onion.kingoapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jan 2021 17:01:40 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
reactive_library_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20210113/r20190131/
142 KB
51 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210113/r20190131/reactive_library_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210113/r20190131/show_ads_impl_fy2019.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
212ec18aaef0eddb381b124114799910d9920c8bf704e7350681b858695b29ab
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
52197
x-xss-protection
0
server
cafe
etag
5357816700311629216
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Wed, 20 Jan 2021 17:01:40 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 1D90
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9329193614793962&output=html&h=280&adk=3523991940&adf=669096100&pi=t.aa~a.3005450789~rp.4&w=1040&fwrn=4&fwrnh=100&lmt=1602515122&rafmt=1&to=qs&pwprc=6800568531&psa=1&format=1040x280&url=https%3A%2F%2Fonion.kingoapp.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1611162100893&bpp=2&bdt=904&idt=-M&shv=r20210113&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D312a3965232aab0f-224a76d097b9009f%3AT%3D1611162100%3ART%3D1611162100%3AS%3DALNI_MbO-wUY1-fJDk_GCBBbtuTQESr6zw&prev_fmts=0x0%2C468x60&nras=1&correlator=305480312286&frm=20&pv=1&ga_vid=1008574314.1611162100&ga_sid=1611162100&ga_hid=1019066848&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=280&ady=1589&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C21066435%2C21067981%2C21068084%2C21068769%2C21069109&oid=3&pvsid=2459052153061784&pem=652&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Grom59ELax&p=https%3A//onion.kingoapp.com&dtd=8
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210113/r20190131/show_ads_impl_fy2019.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9329193614793962&output=html&h=280&adk=3523991940&adf=669096100&pi=t.aa~a.3005450789~rp.4&w=1040&fwrn=4&fwrnh=100&lmt=1602515122&rafmt=1&to=qs&pwprc=6800568531&psa=1&format=1040x280&url=https%3A%2F%2Fonion.kingoapp.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1611162100893&bpp=2&bdt=904&idt=-M&shv=r20210113&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D312a3965232aab0f-224a76d097b9009f%3AT%3D1611162100%3ART%3D1611162100%3AS%3DALNI_MbO-wUY1-fJDk_GCBBbtuTQESr6zw&prev_fmts=0x0%2C468x60&nras=1&correlator=305480312286&frm=20&pv=1&ga_vid=1008574314.1611162100&ga_sid=1611162100&ga_hid=1019066848&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=280&ady=1589&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C21066435%2C21067981%2C21068084%2C21068769%2C21069109&oid=3&pvsid=2459052153061784&pem=652&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Grom59ELax&p=https%3A//onion.kingoapp.com&dtd=8
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://onion.kingoapp.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://onion.kingoapp.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 20 Jan 2021 17:01:41 GMT
server
cafe
content-length
26851
x-xss-protection
0
set-cookie
IDE=AHWqTUktkFyECKDgBx9hzWm6I0spjmZgMKkWMIX1FdkuTezskT2SIgF087AuzANQ; expires=Mon, 14-Feb-2022 17:01:40 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires
Wed, 20 Jan 2021 17:01:41 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame A76D
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9329193614793962&output=html&h=280&adk=1867657217&adf=358975529&pi=t.aa~a.772858473~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1602515122&rafmt=1&to=qs&pwprc=6800568531&psa=1&format=1200x280&url=https%3A%2F%2Fonion.kingoapp.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1611162100893&bpp=1&bdt=904&idt=0&shv=r20210113&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D312a3965232aab0f-224a76d097b9009f%3AT%3D1611162100%3ART%3D1611162100%3AS%3DALNI_MbO-wUY1-fJDk_GCBBbtuTQESr6zw&prev_fmts=0x0%2C468x60%2C1040x280&nras=1&correlator=305480312286&frm=20&pv=1&ga_vid=1008574314.1611162100&ga_sid=1611162100&ga_hid=1019066848&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2409&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C21066435%2C21067981%2C21068084%2C21068769%2C21069109&oid=3&pvsid=2459052153061784&pem=652&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=WUdSC1OAna&p=https%3A//onion.kingoapp.com&dtd=14
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210113/r20190131/show_ads_impl_fy2019.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9329193614793962&output=html&h=280&adk=1867657217&adf=358975529&pi=t.aa~a.772858473~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1602515122&rafmt=1&to=qs&pwprc=6800568531&psa=1&format=1200x280&url=https%3A%2F%2Fonion.kingoapp.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1611162100893&bpp=1&bdt=904&idt=0&shv=r20210113&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D312a3965232aab0f-224a76d097b9009f%3AT%3D1611162100%3ART%3D1611162100%3AS%3DALNI_MbO-wUY1-fJDk_GCBBbtuTQESr6zw&prev_fmts=0x0%2C468x60%2C1040x280&nras=1&correlator=305480312286&frm=20&pv=1&ga_vid=1008574314.1611162100&ga_sid=1611162100&ga_hid=1019066848&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2409&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C21066435%2C21067981%2C21068084%2C21068769%2C21069109&oid=3&pvsid=2459052153061784&pem=652&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=WUdSC1OAna&p=https%3A//onion.kingoapp.com&dtd=14
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://onion.kingoapp.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://onion.kingoapp.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 20 Jan 2021 17:01:41 GMT
server
cafe
content-length
27451
x-xss-protection
0
set-cookie
IDE=AHWqTUnjSnSF7h9UsSHEriQRPrLbPHiTH21ctZmuD_tWSk0NAtUTA5hny9RS4n2A; expires=Mon, 14-Feb-2022 17:01:40 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires
Wed, 20 Jan 2021 17:01:41 GMT
cache-control
private
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210113/r20190131/ Frame 356E
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20210113/r20190131/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210113/r20190131/show_ads_impl_fy2019.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20210113/r20190131/zrt_lookup.html?fsb=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://onion.kingoapp.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://onion.kingoapp.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Wed, 20 Jan 2021 05:00:25 GMT
expires
Wed, 03 Feb 2021 05:00:25 GMT
content-type
text/html; charset=UTF-8
etag
12197657918578843409
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4751
x-xss-protection
0
age
43275
cache-control
public, max-age=1209600
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
preload.f8bcdce5adebc1f98d39.js
static.zdassets.com/web_widget/latest/ Frame 7342
62 KB
19 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/latest/preload.f8bcdce5adebc1f98d39.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=1e11f77c-acad-4fb9-b34f-93444c955a7f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
833c37424abaa782bb2c1c8c1e2ec282872cdb37c2bf06fcdc1bd09c86f567cf
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
46584
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
F8F83A9C3C370DEB
x-amz-id-2
6YtvkrqI7SkhAJM9b3fl72C4Z09qVcyZfKPhkPRhXQaFh3MtEQG7KB/G2A1z+y5+qv60kGHzweE=
last-modified
Tue, 19 Jan 2021 23:41:13 GMT
server
cloudflare
etag
W/"a01a57b4df2320c609927e7d30db2a32"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
i_RgnqWsn_2XIKVHppPIiiSzFIqQfde2
cf-request-id
07c257bce10000ee2f171f7000000001
cf-ray
614a5bdb0900ee2f-CDG
expires
Wed, 19 Jan 2022 23:41:12 GMT
web_widget.b43d605c8bd3c2da5f21.chunk.js
static.zdassets.com/web_widget/latest/vendors~lazy/ Frame 7342
501 KB
121 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/latest/vendors~lazy/web_widget.b43d605c8bd3c2da5f21.chunk.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=1e11f77c-acad-4fb9-b34f-93444c955a7f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba74f960460fcf2f051cb8c0f210cca1e16047c56e1dd9891649880ee7910999
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
5590
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
8AA07F7CC2F695CE
x-amz-id-2
pDYoXfe3Dsb1BlaVMxHxeGsHWilTSq5g9DZVozwKjWHnprcW9XkxVkGpfB4OWKwZU7zeCSkI8PI=
last-modified
Tue, 19 Jan 2021 23:41:14 GMT
server
cloudflare
etag
W/"69eb9ecd7b4785b9a75c65b0c0e472bb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
7xRrYBPAAvcPYIzTYvqG95fxH_SFu.y1
cf-request-id
07c257bce10000ee2ffa3f1000000001
cf-ray
614a5bdb0903ee2f-CDG
expires
Wed, 19 Jan 2022 23:41:13 GMT
web_widget.e6cd199f196ed4ee1a13.chunk.js
static.zdassets.com/web_widget/latest/lazy/ Frame 7342
498 KB
95 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/latest/lazy/web_widget.e6cd199f196ed4ee1a13.chunk.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=1e11f77c-acad-4fb9-b34f-93444c955a7f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32c02d90f0bd6c3626cdcbbcc9bb81276f77f43315ab84a25a34c86797188d45
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
7294
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
2606356C428E6710
x-amz-id-2
7td0GoHTDn0Z+K1fWVFVs6qr8XKtdRtTMoErsoIhYqsOCkNKm/Aduko86VWOAnTeR2RsvjfLsLI=
last-modified
Sun, 17 Jan 2021 22:56:43 GMT
server
cloudflare
etag
W/"2c3f41b0907c5ef3e822da47110c2cf6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
6.o4JiJiA6qz3N7ogI7_kHvXgfxSe7OF
cf-request-id
07c257bce20000ee2fbeaa1000000001
cf-ray
614a5bdb0906ee2f-CDG
expires
Mon, 17 Jan 2022 22:56:42 GMT
web_widget.ae2053754808b5c074d2.chunk.js
static.zdassets.com/web_widget/latest/ Frame 7342
335 KB
67 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/latest/web_widget.ae2053754808b5c074d2.chunk.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=1e11f77c-acad-4fb9-b34f-93444c955a7f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f45bb5825c55da0ee1b341fbdb9e70d60153f3c118474a868785442f9aa1d454
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
7319
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
DEBD825CB853EADC
x-amz-id-2
ZX2I1rXYwnDOU0GBIXyKtyRkTqpCo6FDp1O6+72/QH5NmSo6qSCVhr3b5+DZuDbFg/OQZNUSi2g=
last-modified
Tue, 19 Jan 2021 23:41:15 GMT
server
cloudflare
etag
W/"9d2ebfe99cf91e45c5a4249db6bf26b0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
VUWCmTc1M7zupmBtDciHk6vIn3c6gJHY
cf-request-id
07c257bce20000ee2fce34f000000001
cf-ray
614a5bdb090cee2f-CDG
expires
Wed, 19 Jan 2022 23:41:14 GMT
vendors~web_widget.ab97379118a5b2805f2a.chunk.js
static.zdassets.com/web_widget/latest/ Frame 7342
516 KB
157 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/latest/vendors~web_widget.ab97379118a5b2805f2a.chunk.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=1e11f77c-acad-4fb9-b34f-93444c955a7f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f0bab48477b1e533842741729feed41f5081d598371e25d58d5ee01b3bf01f5
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
15643
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
34FB2A823137CA2F
x-amz-id-2
Wbee1rFExwVy707SJh0AFdT9RVY5Zy6ehQ9g8oEr8NmM5OvBslLV8ySIDkAOBlsrXWx5HPsGSRw=
last-modified
Mon, 04 Jan 2021 00:38:50 GMT
server
cloudflare
etag
W/"d8b36c871889a179bfc603bc480db2d4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
MQoH2PhH1gQXAgAyxB2Xf6doAtoit68t
cf-request-id
07c257bce20000ee2fd631c000000001
cf-ray
614a5bdb090dee2f-CDG
expires
Tue, 04 Jan 2022 00:38:49 GMT
web_widget~messenger.2ef813a806a3fb817c2a.chunk.js
static.zdassets.com/web_widget/latest/vendors~lazy/ Frame 7342
75 KB
20 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/latest/vendors~lazy/web_widget~messenger.2ef813a806a3fb817c2a.chunk.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=1e11f77c-acad-4fb9-b34f-93444c955a7f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
73d7df22c22d6715274fb23587b4016c1f39538cb3fe5b77daf8e92af9fb5a0b
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:40 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
46584
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
14FC646008F4D17A
x-amz-id-2
m824+Fyb+vkD8hgdgiZYqwi7K31Ee8fcmk7Ira8UaWGwBUp2Eb//6VeoEbqySvmRMgQ3EMkqD1g=
last-modified
Tue, 19 Jan 2021 23:41:14 GMT
server
cloudflare
etag
W/"772e4f1ca6313200071ee61fbcaf7dc0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
0c5A63QLlcuaeqSDRPbXzm921Lct0pGO
cf-request-id
07c257bce20000ee2fb1153000000001
cf-ray
614a5bdb090fee2f-CDG
expires
Wed, 19 Jan 2022 23:41:13 GMT
chat-sdk.ef57fe179f7fdba70997.chunk.js
static.zdassets.com/web_widget/latest/ Frame 7342
257 KB
50 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/latest/chat-sdk.ef57fe179f7fdba70997.chunk.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=1e11f77c-acad-4fb9-b34f-93444c955a7f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6cd2c4f7c32d76dfddf8850d4d93209e41914394cd46184978e5c4cec5986f3d
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:41 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
3676047
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
88D273850E1315F2
x-amz-id-2
AeMA8QRzT+W/q/3aG7kYuT04uU1qtsQID3ibfLQobvI2k6/W4imEfMq0tLtBtYp7jXzBWhk+OIA=
last-modified
Wed, 09 Dec 2020 03:44:55 GMT
server
cloudflare
etag
W/"471486ebf305f761724c4a3d88d24c68"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
tUzJzxwRIGBtH2yGLDY0ifhL7s6uFqT5
cf-request-id
07c257bce60000ee2ff0b28000000001
cf-ray
614a5bdb0913ee2f-CDG
expires
Thu, 09 Dec 2021 03:44:53 GMT
config
kingosupport.zendesk.com/embeddable/
561 B
1 KB
XHR
General
Full URL
https://kingosupport.zendesk.com/embeddable/config
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=1e11f77c-acad-4fb9-b34f-93444c955a7f
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.51.111 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b32856ee47a14a3b9254725d6fada90e840ce46c29ee7d2811c21b4f4207100
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server
embeddable-app-server-866bddbccf-tqtq9
access-control-allow-methods
GET
vary
Origin, Accept-Encoding
cf-request-id
07c257bda00000ee1f671be000000001
x-request-id
614a5bdc3900ee1f-IAD
x-runtime
0.001778
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
1728000
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=U8S3lc33YbUt6AvYZ%2BOu8Tpn1s61jBt92bW14AjJGiHH8Wsk9txRF%2F0gXELXsksW2R2%2FFO%2BjkOGmZ%2F2D5rV3jrWvB0pfwlmvgTsxYPyYcwYru6NxQtoWaqA%3D"}],"max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
cache-control
public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
cf-ray
614a5bdc3900ee1f-CDG
en-us-json.b86525d45e06dbb8ca72.chunk.js
static.zdassets.com/web_widget/latest/locales/ Frame 7342
29 KB
6 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/latest/locales/en-us-json.b86525d45e06dbb8ca72.chunk.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/preload.f8bcdce5adebc1f98d39.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
008718d2cc8432a37ec7aec571034363243867f09b26cbdc7e86980a887959ac
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:41 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
46584
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
6C153C9268193656
x-amz-id-2
xftDK4QD+HEGlHAyDYB72adJTTahfUirLrqgt8Uqw8r57VheeuHSujKFyqMYqPQl5lWIVyK4QGM=
last-modified
Tue, 19 Jan 2021 23:40:40 GMT
server
cloudflare
etag
W/"0fb7156736704ca929edd8b559d4e3f8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
gtVJUy.jnVSff3aHBvgFiLAWqriZAn65
cf-request-id
07c257bea20000ee2f11370000000001
cf-ray
614a5bddcfaeee2f-CDG
expires
Wed, 19 Jan 2022 23:40:38 GMT
embeddable_blip
kingosupport.zendesk.com/ Frame 7342
0
478 B
XHR
General
Full URL
https://kingosupport.zendesk.com/embeddable_blip?type=pageView&data=eyJjaGFubmVsIjoid2ViX3dpZGdldCIsInBhZ2VWaWV3Ijp7InJlZmVycmVyIjoiaHR0cHM6Ly93d3cua2luZ29hcHAuY29tLyIsInRpbWUiOjAsImxvYWRUaW1lIjoxMTYuMjk5OTk5OTk0MjI1OCwibmF2aWdhdG9yTGFuZ3VhZ2UiOiJlbi1VUyIsInBhZ2VUaXRsZSI6IkJlc3QgUGhvbmUgQnJvd3NlciBBUFAgZm9yIEFuZHJvaWQiLCJ1c2VyQWdlbnQiOiJNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xNF81KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvODMuMC40MTAzLjYxIFNhZmFyaS81MzcuMzYiLCJpc01vYmlsZSI6ZmFsc2UsImlzUmVzcG9uc2l2ZSI6dHJ1ZSwidmlld3BvcnRNZXRhIjoid2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEiLCJoZWxwQ2VudGVyRGVkdXAiOmZhbHNlfSwiYnVpZCI6IjQ1MTBkMWJkZmE5YzYxM2E4YTk4NzI0MmZkNmExZTliIiwic3VpZCI6IjYxMTZjYjQ2OTU1ZTA1MjA5YWZmMzcyZDZhYmQxOGRlIiwidmVyc2lvbiI6ImUwZDNmMTg4NCIsInRpbWVzdGFtcCI6IjIwMjEtMDEtMjBUMTc6MDE6NDEuNTMyWiIsInVybCI6Imh0dHBzOi8vb25pb24ua2luZ29hcHAuY29tLyJ9
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/vendors~web_widget.ab97379118a5b2805f2a.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.51.111 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:41 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1LgFxmTOx4opHhf75rOtW5SxaU6e%2FiCZPmxFLY4lMjIllui1An%2BxhxlV39BQ1P%2BHT52Xoizl7JSrqkiyF1nc6FQ3c54d3xRj0sXQYbDPHhb3LRlST8SQzQA%3D"}],"max_age":604800}
content-type
text/html; charset=utf-8
access-control-allow-origin
https://onion.kingoapp.com
cache-control
no-store, no-cache, must-revalidate
cf-ray
614a5bde9e23ee1f-CDG
cf-request-id
07c257bf240000ee1f1589e000000001
sodar
pagead2.googlesyndication.com/getconfig/
9 KB
7 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210113&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210113/r20190131/show_ads_impl_fy2019.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4d42956198c7661c63740ffe8668c35b433862678300c9376117f47e8586be35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Jan 2021 17:01:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
6800
x-xss-protection
0
chat-incoming-message-notification.mp3
static.zdassets.com/web_widget/static/ Frame 7342
19 KB
20 KB
Media
General
Full URL
https://static.zdassets.com/web_widget/static/chat-incoming-message-notification.mp3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
97e5b0b6cfc2ba9815028429c069631ba12b294aa7419d1ea130accd0adc2d46
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range
bytes=0-

Response headers

date
Wed, 20 Jan 2021 17:01:42 GMT
cf-cache-status
DYNAMIC
x-amz-request-id
65454EE7CA7E0718
x-amz-server-side-encryption
AES256
cf-ray
614a5be16fa0ee2f-CDG
Content-Range
bytes 0-19697/19698
x-amz-replication-status
COMPLETED
Content-Length
19698
x-amz-id-2
VkuWlOhIxbGSDOdNdtP6yUmCrM1Mg3JzTwTYjFTf+JrdOmd+3ayQ7oTWx6TGmb6IbrYQZ8bbXU4=
last-modified
Tue, 12 Feb 2019 01:07:53 GMT
server
cloudflare
etag
"f11ce9e8f40a392830217253fe75d6de"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
x-amz-version-id
7QfN44DQ.h7tzqx9G_4CeAsccdu5t2pF
cache-control
public, max-age=31536000
cf-request-id
07c257c0e00000ee2fd28fd000000001
accept-ranges
bytes
content-type
audio/mpeg; charset=utf-8
expires
Wed, 12 Feb 2020 01:07:52 GMT
sodar2.js
tpc.googlesyndication.com/sodar/
16 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210113/r20190131/show_ads_impl_fy2019.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
baf04ff369a96d4bb7228e99a65163de20845bf23826295dd3471afd3cee9ee5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 17:01:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1607463675096825"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6146
x-xss-protection
0
expires
Wed, 20 Jan 2021 17:01:42 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/220/ Frame F709
0
0
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/220/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/220/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://onion.kingoapp.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://onion.kingoapp.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
4868
date
Wed, 20 Jan 2021 10:23:25 GMT
expires
Thu, 20 Jan 2022 10:23:25 GMT
last-modified
Tue, 27 Oct 2020 18:37:37 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
23897
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
gen_204
pagead2.googlesyndication.com/pagead/
0
141 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=220&t=2&li=gda_r20210113&jk=2459052153061784&bg=!PT6lPn3NAAWtJAQVrTsAKQB2-DxauDcIilxejSJbBxhMAmPnQ0xo0avCSZZnvTPRtIcXkBRQjnADAgAAAGFSAAAAEWgBBwoAdZ_4TE6JP-cUxvXPG7odXpE-RIGES_6NsVHY5ZQ5ygVpd0FVVLFFtDhCE5jbD0S4PuwerkjWH2CIb4YObWdRTmxjIv2e1jH7fD-8vGprgp5k9lQunWobAyJ0WPoo6bZuXl-NgOkRNXQk1BDa-_ENLY9kfS_IZpkB18oFWe30K4PgUYd0En6PY8JsArAewkwfEZB8KjE7a0cddGdnDowAMNBoRkFRLMJNE-V_162KHRU0GMBRmACDJDu1eABPDxtXRPn2k70A-MvuYkx2dRr0g8tFnjl_loMO7KQjOpF8xr09e1LraMUE5eYfgezHeOFmhfUlcJgAEoymrpumOMLi9Zfq20FR9lBQk5mQiS4N6HjsrAu3XKVQ-Uv7fLiV5VcRm7SzGs5UXOZDR4N30Oq7hEZyZQGLlFT_iBVuzvo9STPk3c7JAQnWjusfTuzc29o2qFrjNJ7s9Vk5sa4HTFRJBp3XeArX48rCWWFdQnuWxvSh2qx6Wp4uHYyoIbE8-ETcZII_1iSxn6wmHcAoUO_e__cpIR0LzPaQsiCvxa78QtpV4k5_Z1RSXeLwSE-mWr3OlOFlFU35lSiQ6ioEygckTrgmQKxcXWp9QZn3CsggjeowXhGIz6OrpVN0eMCbdqg-yEyVQLlGJTprlua7QJgiOpBVGqcf0oNZmoZaKGAtZ3O-aEHbJROlwUUyAa1EY7ADQWhtjZ1A4DQDYxNMj562BkKFRHNj765BnjmB9mREl3sjrRSxEwsidQ86aqbQ-KSkG53EMJFojMJMzlk8P-_OJQ
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://onion.kingoapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Jan 2021 17:01:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

81 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| zEWebpackACJsonp function| setImmediate function| clearImmediate function| zE function| zEmbed object| adsbygoogle function| $ function| jQuery function| gtag object| dataLayer object| google_js_reporting_queue number| google_srt object| google_ad_modifications object| google_logging_queue object| ggeac boolean| google_measure_js_timing object| google_trust_token_operation_status object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots function| google_spfd object| google_sv_map object| google_tag_manager object| $dropdown function| show_menu object| navbar_toggle object| navbar_collapse number| google_lpabyc number| google_unique_id object| google_tag_data string| GoogleAnalyticsObject function| ga function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| google_persistent_state_async object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| googleToken object| googleIMState boolean| _gfp_p_ object| google_image_requests function| processGoogleToken object| google_prev_clients object| gaGlobal object| google_jobrunner object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired object| gaplugins object| gaData function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| google_llp boolean| zEACLoaded function| $zopim object| GoogleGcLKhOms

9 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: IDE
Value: AHWqTUktkFyECKDgBx9hzWm6I0spjmZgMKkWMIX1FdkuTezskT2SIgF087AuzANQ
.kingoapp.com/ Name: __zlcmid
Value: 12FjkXYUYYReqhU
.doubleclick.net/ Name: DSID
Value: NO_DATA
.kingoapp.com/ Name: __gads
Value: ID=312a3965232aab0f-224a76d097b9009f:T=1611162100:RT=1611162100:S=ALNI_MbO-wUY1-fJDk_GCBBbtuTQESr6zw
.kingoapp.com/ Name: __cf_bm
Value: a8b91c01ce42dc1cd87a2e3c3763c42d1f000f1d-1611162099-1800-ARwiw9OmwIt0rh5DEz+NdwbSWWsXtDe+BkD/fSJpcaE19A2PZTPabhsvDuzL2f0oL39peRA9d3J7cIMNA7eH1Pw=
.kingoapp.com/ Name: _gid
Value: GA1.2.976126436.1611162100
.kingoapp.com/ Name: _gat_gtag_UA_44056125_1
Value: 1
.kingoapp.com/ Name: _ga
Value: GA1.2.1008574314.1611162100
.kingoapp.com/ Name: __cfduid
Value: d8f106ba6d8fbbd7b7fa7faf7b848a1361611162099

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
ekr.zdassets.com
googleads.g.doubleclick.net
kingosupport.zendesk.com
onion.kingoapp.com
pagead2.googlesyndication.com
partner.googleadservices.com
static.zdassets.com
stats.g.doubleclick.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.kingoapp.com
104.16.51.111
104.18.72.113
216.58.210.2
2606:4700:3031::ac43:c3df
2607:f8b0:4001:c03::65
2a00:1450:4001:808::2004
2a00:1450:4001:815::200e
2a00:1450:4001:816::2002
2a00:1450:4001:816::2008
2a00:1450:4001:81c::2002
2a00:1450:4001:81d::2001
2a00:1450:4001:820::2002
2a00:1450:4001:821::2003
2a00:1450:400c:c08::9d
008718d2cc8432a37ec7aec571034363243867f09b26cbdc7e86980a887959ac
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
080da30aa445e67edb9fa3673bf91badd76a12ec0457d3d4d098bf48f62dc7cf
106af77380c0d4b3b09fcc1e378e644143fc2bc686be1129477995a1e91507aa
1b32856ee47a14a3b9254725d6fada90e840ce46c29ee7d2811c21b4f4207100
212ec18aaef0eddb381b124114799910d9920c8bf704e7350681b858695b29ab
32c02d90f0bd6c3626cdcbbcc9bb81276f77f43315ab84a25a34c86797188d45
371ee6d05aae5b293157e55bbe0ff5517fb17a5153bf1db4e5ec4238a1c15358
3751d6519eb244034ca0c32f0e46ecf9cd7855eadcfa42067a5e62d0ba3e2ff1
429c5eb262a3ef2648d2b23ee91d1e6cca21931816efb5124234e3b261a1a1bc
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
4d42956198c7661c63740ffe8668c35b433862678300c9376117f47e8586be35
4f0bab48477b1e533842741729feed41f5081d598371e25d58d5ee01b3bf01f5
505716f5173d2a1e7e1b6f15d8f131460d3c96703d6bd945782c00482220e391
5b6a10a419cf274cd9ce4d3edb6571b63c1cdda9e473d5ed95cd41b9cba68860
605d12ce84891d371d71b1c35e373d3314962d93ee9860bb11d386248ef5d191
61bef528f51b67951802ce74eedb99dda7b476671a1cacef80c4a8fe0a5633ec
6cd2c4f7c32d76dfddf8850d4d93209e41914394cd46184978e5c4cec5986f3d
73d7df22c22d6715274fb23587b4016c1f39538cb3fe5b77daf8e92af9fb5a0b
833c37424abaa782bb2c1c8c1e2ec282872cdb37c2bf06fcdc1bd09c86f567cf
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8802889f282a082070b5d39bac5c9278c706fba4cbea307b105a3c53e3800469
8d9f02574d29020397a315f347a12ee931612e55d412ab8f20faf4260371155f
97e5b0b6cfc2ba9815028429c069631ba12b294aa7419d1ea130accd0adc2d46
9bc57a563d0e9a1f576105a0850772105c11aa9fe49527a367f7a5868301670d
a09834393782751fe244c5450f531cbc5c20621f471eae7e748e340f9e429a7b
b2e5d5d439573bfe383c40ee15e63bb85805771b673bf454d81246e093eb8585
b5fd723750763ebb731f9221e413e7d64d58d5192dc040e42292ed3dcccca732
ba74f960460fcf2f051cb8c0f210cca1e16047c56e1dd9891649880ee7910999
baf04ff369a96d4bb7228e99a65163de20845bf23826295dd3471afd3cee9ee5
c2de647153b7a6797b5b82ff8c3707100de97eff0f2f944a079d535068bb8b31
c685db1a28aa02aa1b43f51d4a85e823a140760be641d58559ee796a3739ff2b
c7e4d278e690a18a0289ce6e60f1b47d8790a5b5d25bfee54e00759111579b1b
ce25f63921277f7da3c747533314af89b748830c9e8e9b598a4962838b5b7b93
d2c909d2a470a99f4fb0e5b60f5d5ae14a1878ad6a3c89efcaf431c3404a600f
d3149f9c51622b561c5dbcc32c8b3dd72e5905b339b016c068b1687c81e911e3
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e8436fddfc43a48a65e4daddf38498d3fa9f5298e197bbe1629c4cba7567ffa7
eb4b7a1be5f80c37ac74daa6f20b193b24414f23da856ad2560a0053e65a2cb7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f45bb5825c55da0ee1b341fbdb9e70d60153f3c118474a868785442f9aa1d454