www.xn--82cz3bcub1a.com Open in urlscan Pro Puny
www.ตรวจหวย.com IDN
104.21.60.7 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Submission: On October 12 via manual (October 12th 2021, 10:08:35 am UTC) from SG — Scanned from DE

Summary HTTP 87 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 23 IPs in 5 countries across 15 domains to perform 87 HTTP transactions. The main IP is 104.21.60.7, located in and belongs to CLOUDFLARENET, US. The main domain is www.xn--82cz3bcub1a.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 7th 2021. Valid for: a year.

This is the only time www.xn--82cz3bcub1a.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	104.21.60.7 104.21.60.7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
3	142.250.184.202 142.250.184.202	15169 (GOOGLE) (GOOGLE)
1	142.250.184.232 142.250.184.232	15169 (GOOGLE) (GOOGLE)
2	142.250.185.131 142.250.185.131	15169 (GOOGLE) (GOOGLE)
5	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	192.0.73.2 192.0.73.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	142.250.185.174 142.250.185.174	15169 (GOOGLE) (GOOGLE)
1	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
2	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
11	216.58.212.129 216.58.212.129	15169 (GOOGLE) (GOOGLE)
1	142.250.186.166 142.250.186.166	15169 (GOOGLE) (GOOGLE)
3 6	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
1	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
2 4	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	185.33.221.90 185.33.221.90	29990 (ASN-APPNEX) (ASN-APPNEX)
2	142.250.185.202 142.250.185.202	15169 (GOOGLE) (GOOGLE)
2	216.239.32.3 216.239.32.3	15169 (GOOGLE) (GOOGLE)
1	74.125.133.156 74.125.133.156	15169 (GOOGLE) (GOOGLE)
1	18.203.164.190 18.203.164.190	16509 (AMAZON-02) (AMAZON-02)
1	172.217.18.100 172.217.18.100	15169 (GOOGLE) (GOOGLE)
1 1	142.250.185.238 142.250.185.238	15169 (GOOGLE) (GOOGLE)
2	74.125.160.42 74.125.160.42	15169 (GOOGLE) (GOOGLE)
87	23

26 104.21.60.7 (None, )

ASN13335 (CLOUDFLARENET, US)

www.xn--82cz3bcub1a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.184.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.131 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.73.2 (United States)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.174 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 216.58.212.129 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.166 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f6.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.130 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.90 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f10.1e100.net

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.239.32.3 (United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.133.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f156.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.203.164.190 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-164-190.eu-west-1.compute.amazonaws.com

unified.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.100 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f100.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.238 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f14.1e100.net

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.125.160.42 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s13-in-f10.1e100.net

r5---sn-4g5lznes.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	345 KB
26	xn--82cz3bcub1a.com www.xn--82cz3bcub1a.com	846 KB
12	doubleclick.net 3 redirects googleads.g.doubleclick.net googleads4.g.doubleclick.net cm.g.doubleclick.net bid.g.doubleclick.net	79 KB
5	googleapis.com fonts.googleapis.com imasdk.googleapis.com	128 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com	4 KB
4	2mdn.net 1 redirects s0.2mdn.net gcdn.2mdn.net r5---sn-4g5lznes.c.2mdn.net	2 MB
4	gstatic.com fonts.gstatic.com csi.gstatic.com	33 KB
3	adnxs.com 2 redirects ib.adnxs.com	3 KB
3	google.com adservice.google.com www.google.com	2 KB
2	google-analytics.com www.google-analytics.com	20 KB
1	adsafeprotected.com unified.adsafeprotected.com	4 KB
1	googletagservices.com www.googletagservices.com	38 KB
1	googleadservices.com partner.googleadservices.com	663 B
1	gravatar.com secure.gravatar.com	16 KB
1	googletagmanager.com www.googletagmanager.com	39 KB
87	15

	Domain	Requested by
26	www.xn--82cz3bcub1a.com	www.xn--82cz3bcub1a.com
16	pagead2.googlesyndication.com	www.xn--82cz3bcub1a.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
11	tpc.googlesyndication.com	googleads.g.doubleclick.net www.xn--82cz3bcub1a.com tpc.googlesyndication.com pagead2.googlesyndication.com imasdk.googleapis.com
5	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.xn--82cz3bcub1a.com
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	fonts.googleapis.com	www.xn--82cz3bcub1a.com googleads.g.doubleclick.net
2	r5---sn-4g5lznes.c.2mdn.net
2	csi.gstatic.com	imasdk.googleapis.com
2	imasdk.googleapis.com	googleads.g.doubleclick.net
2	googleads4.g.doubleclick.net	www.xn--82cz3bcub1a.com
2	adservice.google.com	pagead2.googlesyndication.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	fonts.gstatic.com	fonts.googleapis.com
1	gcdn.2mdn.net	1 redirects
1	www.google.com	tpc.googlesyndication.com
1	unified.adsafeprotected.com	imasdk.googleapis.com
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	www.googletagservices.com	www.xn--82cz3bcub1a.com
1	s0.2mdn.net	www.xn--82cz3bcub1a.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	secure.gravatar.com	www.xn--82cz3bcub1a.com
1	www.googletagmanager.com	www.xn--82cz3bcub1a.com
87	24

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
social-plugins.line.me
lin.ee
www.lottovip.fit
www.ruay.page
www.tode69.com
lekdedonline.net
lottovipapp.com
ruay365.com
www.techsling.com
xn--82cz3bcub1a.com
haihuayonline.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-07` - `2022-07-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
wrapper-vast.adsafeprotected.com Amazon	`2020-12-18` - `2022-01-16`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2021-09-28` - `2021-12-07`	2 months	crt.sh

This page contains 12 frames:

Primary Page: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Frame ID: 99D13269D914464F17BD7146611E5ADB
Requests: 45 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211007/r20190131/zrt_lookup.html
Frame ID: D0B7F3E24449BE556833C538C685D921
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&adk=1812271804&adf=3025194257&lmt=1634030453&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2Flucky-number%2F14679.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634033309468&bpp=2&bdt=450&idt=162&shv=r20211007&mjsv=m202110050101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6254306516462&frm=20&pv=2&ga_vid=2145660158.1634033310&ga_sid=1634033310&ga_hid=2109755713&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=2&pvsid=4030711496716880&pem=157&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=173
Frame ID: 8C554CF31C046AA892C678FAF4D2C667
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211007/r20110914/zrt_lookup.html?fsb=1
Frame ID: A9461A735940DF8C8A6C4BC95EA837BE
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211007/r20110914/zrt_lookup.html?fsb=1
Frame ID: F6F63166085C2D4F733C487F45087C4A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMnRvNQCEJP9zuICGJDhzrUBMAE&v=APEucNWGTXioaFvmIrV5sVeRZIsg4vYGI1SRHzNFsqTvpi_8ikQT0RTOCmtPStKhC-tmaKeqim9zgskiyACub4VHKb8zj4SObA
Frame ID: 0C0DB76B950AFFD9362C45F0905CA3D7
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20211007/r20110914/abg_lite_fy2019.js
Frame ID: 6E1569EF0E127A5E646DB430CC41B7FC
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 29E7722ECCEAF3C0172DC7DCA7C8F197
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20211007/r20110914/abg_lite_fy2019.js
Frame ID: 19FE7B045DD69D4DB4BBCC7A65EDF9C6
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 960528782EE221120EBDB031607B73EA
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1E850D3B0D0B37BC758FEB744F6CA0FF
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 228C2AC50F40800E3D9EA8013F420AFF
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

lottovip เว็บหวยออนไลน์ แจกหนักฟรีเครดิตถูกใจนักลงทุน

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js

Gravatar (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<[^>]+gravatar\.com/avatar/

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

87
Requests

100 %
HTTPS

0 %
IPv6

15
Domains

24
Subdomains

23
IPs

5
Countries

3782 kB
Transfer

5969 kB
Size

14
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2Flucky-number%2F14679.html

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2Flucky-number%2F14679.html

Search URL Search Domain Scan URL

URL: https://social-plugins.line.me/lineit/share?url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2Flucky-number%2F14679.html

Search URL Search Domain Scan URL

URL: https://lin.ee/F5TG2X0
Title: ติดต่อ @lottoviphuay

Search URL Search Domain Scan URL

URL: https://www.lottovip.fit/
Title: lottovip

Search URL Search Domain Scan URL

URL: https://www.ruay.page/
Title: Ruay

Search URL Search Domain Scan URL

URL: https://www.lottovip.fit/%e0%b8%ab%e0%b8%a7%e0%b8%a2%e0%b8%a3%e0%b8%b1%e0%b8%90%e0%b8%9a%e0%b8%b2%e0%b8%a5/
Title: หวยรัฐบาลไทย

Search URL Search Domain Scan URL

URL: https://www.lottovip.fit/%e0%b8%ab%e0%b8%a7%e0%b8%a2%e0%b8%a5%e0%b8%b2%e0%b8%a7/
Title: หวยลาว

Search URL Search Domain Scan URL

URL: https://www.lottovip.fit/%e0%b8%ab%e0%b8%a7%e0%b8%a2%e0%b8%ae%e0%b8%b2%e0%b8%99%e0%b8%ad%e0%b8%a2/
Title: หวยฮานอย

Search URL Search Domain Scan URL

URL: https://www.lottovip.fit/%e0%b8%ab%e0%b8%a7%e0%b8%a2%e0%b8%ab%e0%b8%b8%e0%b9%89%e0%b8%99/
Title: หวยหุ้น

Search URL Search Domain Scan URL

URL: https://www.tode69.com/%E0%B9%84%E0%B8%AE%E0%B9%82%E0%B8%A5
Title: ไฮโล

Search URL Search Domain Scan URL

URL: https://www.tode69.com/%E0%B8%AB%E0%B8%B1%E0%B8%A7%E0%B8%81%E0%B9%89%E0%B8%AD%E0%B8%A2
Title: หัวก้อย

Search URL Search Domain Scan URL

URL: https://lekdedonline.net/2021/08/20/calabash-crab-fish-game/
Title: น้ำเต้าปูปลา

Search URL Search Domain Scan URL

URL: https://lottovipapp.com/center/apk.php
Title: ระบบAndroid

Search URL Search Domain Scan URL

URL: https://www.lottovip.fit/%e0%b8%a7%e0%b8%b4%e0%b8%98%e0%b8%b5%e0%b9%81%e0%b8%99%e0%b8%b0%e0%b8%99%e0%b8%b3%e0%b9%80%e0%b8%9e%e0%b8%b7%e0%b9%88%e0%b8%ad%e0%b8%99/
Title: แนะนำเพื่อน

Search URL Search Domain Scan URL

URL: https://www.lottovip.fit/%e0%b8%a7%e0%b8%b4%e0%b8%98%e0%b8%b5%e0%b8%aa%e0%b8%a1%e0%b8%b1%e0%b8%84%e0%b8%a3%e0%b8%aa%e0%b8%a1%e0%b8%b2%e0%b8%8a%e0%b8%b4%e0%b8%81/
Title: วิธีการสมัครสมาชิก

Search URL Search Domain Scan URL

URL: https://www.lottovip.fit/%e0%b8%a7%e0%b8%b4%e0%b8%98%e0%b8%b5%e0%b8%9d%e0%b8%b2%e0%b8%81%e0%b9%80%e0%b8%87%e0%b8%b4%e0%b8%99/
Title: วิธีฝากเงิน

Search URL Search Domain Scan URL

URL: https://www.tode69.com/%e0%b8%aa%e0%b8%b9%e0%b8%95%e0%b8%a3%e0%b8%ab%e0%b8%a7%e0%b8%a2/
Title: สูตรหวยAI

Search URL Search Domain Scan URL

URL: https://www.tode69.com/
Title: เว็บtode

Search URL Search Domain Scan URL

URL: https://lekdedonline.net/2021/08/18/head-and-tail/
Title: เกมหัวก้อย

Search URL Search Domain Scan URL

URL: https://lekdedonline.net/2021/10/04/game-slot-online/
Title: เกมสล็อตออนไลน์

Search URL Search Domain Scan URL

URL: https://ruay365.com/joker-gaming/
Title: Joker Gaming

Search URL Search Domain Scan URL

URL: https://www.techsling.com/
Title: techsling

Search URL Search Domain Scan URL

URL: https://xn--82cz3bcub1a.com/
Title: หน้าแรก

Search URL Search Domain Scan URL

URL: https://haihuayonline.com/
Title: หวยออนไลน์

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 58

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcsi9_CSJ8Wl3Aabknmado&google_cver=1

Request Chain 59

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YWVenhlNR7wx0U0rvfw3PQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcsi9_CSJ8Wl3Aabknmado&google_cver=1

Request Chain 60

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEARuJhVwOTJL4esGZXFII6Y&google_cver=1

Request Chain 61

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjYyNDEzOTY3Njk4MDQ5NDIxOQ%3D%3D

Request Chain 81

https://gcdn.2mdn.net/videoplayback/id/1c023ffedacbbfe3/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3777377231/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/31938BD7544B867F782883237D1FB9CE7A57AFA6.1BCC3AB72632424C9FF4E18711EACB687C01393C/key/ck2/file/file.mp4 HTTP 302
https://r5---sn-4g5lznes.c.2mdn.net/videoplayback/id/1c023ffedacbbfe3/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3777377231/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7DB5B8F09D73157A1AD09941DCADF218A10D4A84.681507B7D708E8725E00880255B7D623FA7002DE/key/cms1/cms_redirect/yes/mh/Mz/mip/216.131.114.241/mm/42/mn/sn-4g5lznes/ms/onc/mt/1634032864/mv/m/mvi/5/pl/24/file/file.mp4

87 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 14679.html Show response
www.xn--82cz3bcub1a.com/lucky-number/ 55 KB
13 KB 832ms
802ms Document
text/html 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5626ac5fc502bafcb9cf799a1806cda130d641113d82a51a8161e68d88bb0015

Request headers

:method: GET
:authority: www.xn--82cz3bcub1a.com
:scheme: https
:path: /lucky-number/14679.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
content-type: text/html; charset=UTF-8
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Tue, 12 Oct 2021 09:20:53 GMT
cache-control: max-age=0
expires: Tue, 12 Oct 2021 10:08:28 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FsrGXmljWq7kNtfV6MehoJ8VhV2sdcVyTWU3wVn0kRnwFx3X4sREE6kvZ4KIc3IfLyzewiD83fBWbV1Rk95Y1%2Bd%2FybE%2B80Lkc5k8mEeO2%2FSORJvthMJzA2APB1VDpUu5%2BTsYRnOt5PizUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 69cf86f05fed4abc-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 style.min.css
www.xn--82cz3bcub1a.com/wp/wp-includes/css/dist/block-library/ 52 KB
8 KB 27ms
27ms Stylesheet
text/css 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/wp/wp-includes/css/dist/block-library/style.min.css?ver=26932899171ff632c35b6ad8faf89f64
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d

Request headers

:path: /wp/wp-includes/css/dist/block-library/style.min.css?ver=26932899171ff632c35b6ad8faf89f64
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 07:06:39 GMT
server: cloudflare
age: 2356523
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8lFSZrI%2Bn24pumWn9Fayf5zDaeldZjXw3C%2BX1wcH7VO%2Bj10fyaI6B94UNLHIS5dl7A8tqZJ4YP45ERKcnX6hJWa%2F%2FYYityTOinMNuS06veVc%2BYW2uUyVgsJSiTrHUHWgjFk68r%2BiqAp6QA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69cf86f589604abc-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Fri, 26 Aug 2022 18:38:32 GMT

GET
H2 200 style.css
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/ 423 KB
58 KB 21ms
20ms Stylesheet
text/css 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae527135a3acdc3971662044dd3869265fcbfacaab816949604b0d37dba6a314

Request headers

:path: /app/themes/thailotto/dist/style.css?ver=202007051200
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 05:02:11 GMT
server: cloudflare
age: 2356522
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BFLrsBI4Eeu7M3wYlizxIlzyLou7qrknYRtuzS2321kKqKbL03G5Lg%2BxDoNZlrhfR85geZcBLv%2BVW9ninqz5cGNfw9NNv85Tzp10B1PzeWyDSf7%2Bn5aqnmE%2FeFsT0lEyhoOvuZlOvwINZA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69cf86f589644abc-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sat, 23 Jul 2022 04:50:56 GMT

GET
H2 200 ftoc.min.css
www.xn--82cz3bcub1a.com/app/plugins/fixed-toc/frontend/assets/css/ 33 KB
4 KB 196ms
196ms Stylesheet
text/css 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/plugins/fixed-toc/frontend/assets/css/ftoc.min.css?ver=3.1.22
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39e7c487b5b1c852e5835db98ffa3881e184890d7173a55050d9a73bfe7b3689

Request headers

:path: /app/plugins/fixed-toc/frontend/assets/css/ftoc.min.css?ver=3.1.22
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Jun 2021 06:57:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yF4fqhf5VjbUkZNHiSxSPpu5okXyZy6v85I%2B4GqRZIxdxbOdY3ml3ckKx3%2FrgTI0L5drgFGwkv66QLeHJ%2FR3n5syRknvUSxUKhWlMBoJMqGkfqAMvgmVI4sD12k65E3ahd3WrD2HEALHRw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69cf86f589654abc-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 28 Jul 2022 03:27:07 GMT

GET
H2 200 jquery.js Show response
www.xn--82cz3bcub1a.com/wp/wp-includes/js/jquery/ 95 KB
34 KB 239ms
239ms Script
application/javascript 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/wp/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

:path: /wp/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 07:05:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ulwXTE5KOCZSAupg5ACpnNX6D7cdUJ%2F0IieJZTdT120bc7wFTirMA3zJGfKdCsVZggYFQlouE%2FbhhfrJfTufl0QVFno9BbunGPXEroCZhzhzlNKSENtYJq04bToWW0%2FGDV6wovLGi2lV0A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69cf86f589664abc-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sat, 10 Sep 2022 17:49:49 GMT

GET
H3 200 jquery-migrate.min.js Show response
www.xn--82cz3bcub1a.com/wp/wp-includes/js/jquery/ 10 KB
5 KB 208ms
208ms Script
application/javascript 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/wp/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

:path: /wp/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 07:05:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=285VZiBEuOSVz9843AMt06Zg5yS02yGXBbs7zC0vvXGp6tTjmvaFuiHfOfhdspz%2F%2B46IRIIfdskf99h0iz6eD3eKXvGKqGFFjG5knOcRLDYdcRERHhZhHQFaT9f1PMt7yNDI9rh1ExftLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69cf86f6c8554e9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Fri, 26 Aug 2022 21:45:13 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
51 KB 65ms
42ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

718d66ce50013292b452c554d8277d9242ec5df30461e7dc04d605221dde224d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51367
x-xss-protection: 0
server: cafe
etag: 12095842983615464176
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 12 Oct 2021 10:08:29 GMT

GET
H3 200 bundle.js Show response
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/ 568 KB
158 KB 30ms
29ms Script
application/javascript 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/bundle.js?ver=202007051200
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16a7b7a50d09178946d64f7fb089f476e501039661dfcea0f584ceb001832b31

Request headers

:path: /app/themes/thailotto/dist/bundle.js?ver=202007051200
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 05:02:11 GMT
server: cloudflare
age: 2356522
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gI73RqDconefz5YhPm373v1%2BT8IQxeeFb9AvPuJgYS2pTdru45myqKaO6%2BQmIwG2lu7BZN584l4ZjFWlcknltf6lhZo2Hp06nsn3uPH%2F4hpzgjuV%2Bzia4AaDKjKwc%2FmoIDRUAat3kVmTSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69cf86f7290c4e9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sat, 23 Apr 2022 21:36:02 GMT

GET
H3 200 navigation.js Show response
www.xn--82cz3bcub1a.com/app/themes/thailotto/js/ 3 KB
2 KB 206ms
204ms Script
application/javascript 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/js/navigation.js?ver=20151215
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fbc199bf7f97061c41664b040e84616a0cb54441a2efc5801d5d401d3a049f3c

Request headers

:path: /app/themes/thailotto/js/navigation.js?ver=20151215
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 05:02:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b5exB2AniI%2BbaNQZQ%2F9Zg4%2F%2BuBGC%2Ft3Uy0%2BSqTitBdWmdhZKBvcWmPLUOsUQQgqhIKF6%2BqIOsSGTnAtPOmM5AIM90ZQ7l68xeRjhNye5lJgNWq42UcH%2BSYE5o1kl2fTxXCFXoxXJAkW4zA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69cf86f7390d4e9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sat, 30 Apr 2022 05:37:18 GMT

GET
H3 200 skip-link-focus-fix.js Show response
www.xn--82cz3bcub1a.com/app/themes/thailotto/js/ 685 B
1001 B 43ms
42ms Script
application/javascript 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/js/skip-link-focus-fix.js?ver=20151215
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14af47320898bd93f367026f7833c9956f14e24856976e4f9e10be31155cdcf2

Request headers

:path: /app/themes/thailotto/js/skip-link-focus-fix.js?ver=20151215
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 05:02:16 GMT
server: cloudflare
age: 3530926
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4yV4B6I5qrsRS56lm2NKocF4hzpvFi%2BIC%2BIJcFDa%2B3gLkuP%2FR6w%2FJnu5G86StDA4yqqC4FwSIoC9qbES1srfu6AFvVeHS8Vi9b4uKrTODooVawA1Nlda1RZ29OJVMqbRPqtmsIbHLsTiKw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69cf86f7390f4e9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 01 Sep 2022 11:08:50 GMT

GET
H3 200 ftoc.min.js Show response
www.xn--82cz3bcub1a.com/app/plugins/fixed-toc/frontend/assets/js/ 25 KB
7 KB 216ms
215ms Script
application/javascript 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/plugins/fixed-toc/frontend/assets/js/ftoc.min.js?ver=3.1.22
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac57b8948fa16f8d943d98c14ca1f077dfb3de90e29c11547b7b59310b77c704

Request headers

:path: /app/plugins/fixed-toc/frontend/assets/js/ftoc.min.js?ver=3.1.22
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Jun 2021 06:57:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rs%2FCm940IDWgGZK6JwrpBhBI3MnSjE1IxQvR7DNYgHStWyMljrCky5jVh94FD0bciyY%2F4hIoLndewsTxoLbJzSYwzLsaxHZol1BtVTWiffA6fv%2B3VbFtiSUqOeffXFBXExMVVYIdvub8nw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69cf86f739104e9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Fri, 07 Oct 2022 17:24:28 GMT

GET
H3 200 wp-embed.min.js Show response
www.xn--82cz3bcub1a.com/wp/wp-includes/js/ 1 KB
1 KB 15ms
14ms Script
application/javascript 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/wp/wp-includes/js/wp-embed.min.js?ver=26932899171ff632c35b6ad8faf89f64
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Request headers

:path: /wp/wp-includes/js/wp-embed.min.js?ver=26932899171ff632c35b6ad8faf89f64
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 07:05:16 GMT
server: cloudflare
age: 2356522
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZPQjTV1dfy5rFOtYwETRKgRuTK6HZ6L3PlZRgh19EMsV8H%2BZOGnP1E6WplotOnzY02uuID2UPj6JilcqSGbyRZZK2Gd%2FouFCFWYtEA%2F1332lxUy8nTDk2lqoDubUA1kv%2F8lRgMwi5jrWoA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69cf86f739114e9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Tue, 13 Sep 2022 17:43:09 GMT

GET
H3 200 lazyload.min.js Show response
www.xn--82cz3bcub1a.com/app/plugins/wp-rocket/assets/js/lazyload/12.0/ 5 KB
3 KB 14ms
13ms Script
application/javascript 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/plugins/wp-rocket/assets/js/lazyload/12.0/lazyload.min.js
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e3bbf2a6d9503811213baca9f5e309618ca968136199ca532a0a5167c0b0f1c

Request headers

:path: /app/plugins/wp-rocket/assets/js/lazyload/12.0/lazyload.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 07:12:08 GMT
server: cloudflare
age: 3530926
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HUlqFXYbygo%2FRo%2FQPtq0rkbHqcP2FLshvPYDAHg5DaAgeZ3q45ff6ACCCPIGDpGI8g0u7SvD9OJp%2B3h3arsDAOV9XaxsXtysz1Sf1Haak%2BfKaqddHroRw%2F%2BsSbN7oyt3gku2MygLCbLzMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69cf86f739124e9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Wed, 31 Aug 2022 19:42:08 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 38ms
16ms Stylesheet
text/css 142.250.184.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Kanit:400,700&display=swap&subset=thai

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f10.1e100.net

Software

ESF /

Resource Hash

b42caef1a29745971a3cb0ae39444bad3338dc56e3b08972af775eb13030ec93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 10:08:29 GMT
server: ESF
date: Tue, 12 Oct 2021 10:08:29 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Tue, 12 Oct 2021 10:08:29 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 100 KB
39 KB 77ms
39ms Script
application/javascript 142.250.184.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NG7CZJ7

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

04c8dcc84fa65cbf58766e7721efaeca4262daa76ddc3821a27ae5a785330817

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39802
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Oct 2021 10:08:29 GMT

GET
H3 200 tracker.js Show response
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/js/ 64 KB
20 KB 216ms
215ms Script
application/javascript 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/js/tracker.js
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d8ee972e445f7120c198a83a0363cc844a3e55094e4aaa0548ffa9e213b3b9b

Request headers

:path: /app/themes/thailotto/dist/js/tracker.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 05:02:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Gi13iU6LiYL1MzcfU%2F8kJNZmONqUsfH1sb0QOA96DwO4hWt1qUKK9nNXtTEajIvsAqxa3o4HW0dlL9fk5qJx%2BJT1hy40pEGLBowsnnY56zOI1uJbTrvfOIpr8qWq1lZKAFMYn%2BlrjZKxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69cf86f739144e9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sat, 23 Apr 2022 23:18:40 GMT

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 15179bcf587735652ddf7a4af0ed500881cb4b4eaf3effce1719c1d3de17f79d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6c1b2722be99e0f2c4cd70c48f342eb543a3ee0bec1b5dc6f1d72b034e013b47

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 LINE_SOCIAL_Circle.png
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/ 42 KB
43 KB 15ms
14ms Image
image/png 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/LINE_SOCIAL_Circle.png
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed48fac0897231a6a9e5702abb288242f01e636708e426bc0e8b0dc548ae5a3c

Request headers

:path: /app/themes/thailotto/dist/images/LINE_SOCIAL_Circle.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2356522
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 42931
last-modified: Thu, 07 May 2020 05:02:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nj5UgXIElD1yY9ud3T%2FZ7M%2Fqk3fkA023SGrIYgGd9H%2Bj6CnCmTDs%2Fx5Nz8LidHG7AkudNUv5qX6iNB8aYnO32VIHJJOKSN0%2FOJltNl%2BtR0oOyfl1780SAeMh0ZIQ%2B%2FAV6ZzgTRFaLD0vuA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 69cf86f739154e9e-FRA
expires: Mon, 03 Jan 2022 15:29:38 GMT

GET
H3 200 nav_menu_tree.jpg
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/ 24 KB
25 KB 26ms
26ms Image
image/jpeg 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/nav_menu_tree.jpg
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1381f68a6b37e14e40c56d40db12aadabb56dba213d5ae57b3e3921486b51b8f

Request headers

:path: /app/themes/thailotto/dist/images/nav_menu_tree.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2356515
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 24614
last-modified: Thu, 07 May 2020 05:02:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UOpZcQxEeZs0sRszSpBQMEz7tcSNypudqZvdLSIsRE69C%2FpS2Td9xkUE6XAnIqPkTPQA7zyR2Qi72JXRQdTaU1oCMUV4A6doDq3HyYTsoDwg4Y6Jsh8Zz3tx%2FY7jxG%2BUf4r2UPiMZUA%2FMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 69cf86f739184e9e-FRA
expires: Sat, 27 Nov 2021 08:57:15 GMT

GET
H2 200 nKKZ-Go6G5tXcraVGwA.woff2
fonts.gstatic.com/s/kanit/v7/ 19 KB
19 KB 32ms
9ms Font
font/woff2 142.250.185.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/kanit/v7/nKKZ-Go6G5tXcraVGwA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Kanit:400,700&display=swap&subset=thai

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f3.1e100.net

Software

sffe /

Resource Hash

d522ceba20f12d2594bca7ab06bc6cc877e8ee1c5d94c2ae3c3af0d90c38ccc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.xn--82cz3bcub1a.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 08:38:12 GMT
x-content-type-options: nosniff
age: 5417
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19040
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 05:14:17 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 12 Oct 2022 08:38:12 GMT

GET
H3 200 fa-regular-400.woff2
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/fonts/ 13 KB
14 KB 210ms
209ms Font
application/octet-stream 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/fonts/fa-regular-400.woff2
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86e496b536b26ba60cdb68df9dd9143b19a63b65e30e373b0321833aab1295d6

Request headers

:path: /app/themes/thailotto/dist/fonts/fa-regular-400.woff2
pragma: no-cache
origin: https://www.xn--82cz3bcub1a.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Origin: https://www.xn--82cz3bcub1a.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 05:02:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2Fy89hclz4xQ8lKiotT1%2F78HjYc7SOuNHX2vLbowrFzyDuLBwp6Lao%2BHHIbD17pq1Uneo4i9l3iBGhXPs5n%2FI7W6AEyHkArah4AUtDEGH2VCjxHCcbxeKt5reffMfjS%2FXU18xDDzPfxMxw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69cf86f7391c4e9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Tue, 26 Oct 2021 03:32:36 GMT

GET
H3 200 fa-solid-900.woff2
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/fonts/ 74 KB
75 KB 41ms
40ms Font
application/octet-stream 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/fonts/fa-solid-900.woff2
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 787d76ad6deab67ccf8bac1b584260205e114f508fc5542b612e3f75d49a34e4

Request headers

:path: /app/themes/thailotto/dist/fonts/fa-solid-900.woff2
pragma: no-cache
origin: https://www.xn--82cz3bcub1a.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Origin: https://www.xn--82cz3bcub1a.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 05:02:15 GMT
server: cloudflare
age: 929041
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=979Un9yvhBqWnlXnNyy7UHBjXKshI3RwUanUH90Wo4oSBxwkaWn8ubWMswj4t54iyjFgmSSqt7mcQCoh%2BvrMVri5vLQp1%2FQAlNFT32W6L29dbDBzsOlCw9b4Ad38TuxfZad7z9cEiknWvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69cf86f7391d4e9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 28 Oct 2021 03:01:23 GMT

GET
H3 200 fa-brands-400.woff2
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/fonts/ 74 KB
75 KB 208ms
207ms Font
application/octet-stream 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/fonts/fa-brands-400.woff2
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e4560c16c7970efa47680450b2cf239d4a482c056d308acea12bb9022906c8b

Request headers

:path: /app/themes/thailotto/dist/fonts/fa-brands-400.woff2
pragma: no-cache
origin: https://www.xn--82cz3bcub1a.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Origin: https://www.xn--82cz3bcub1a.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 05:02:15 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SlQDMvBtl1yt6Fo0fI8xGJP%2Fj2EjdOEwHe2B6yKidKUSiWnU9BVIJOM0GGM1yuXNXM81Ue30XCG8rnBC1JKYELIcejkqjKmsshCecYnWE3xQ9FcTaXWfV8BDHzvOj3ZNN10ClxZoPAsW3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69cf86f7391f4e9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Wed, 13 Oct 2021 22:19:43 GMT

GET
H3 200 icons.woff2
www.xn--82cz3bcub1a.com/app/plugins/fixed-toc/frontend/assets/fonts/ 4 KB
4 KB 197ms
197ms Font
application/octet-stream 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/plugins/fixed-toc/frontend/assets/fonts/icons.woff2?45335921
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/app/plugins/fixed-toc/frontend/assets/css/ftoc.min.css?ver=3.1.22
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24555680b413d9b1d6d8eea400a95ae4e064030afadd57eff2bd67f4df3740a9

Request headers

:path: /app/plugins/fixed-toc/frontend/assets/fonts/icons.woff2?45335921
pragma: no-cache
origin: https://www.xn--82cz3bcub1a.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/app/plugins/fixed-toc/frontend/assets/css/ftoc.min.css?ver=3.1.22
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/app/plugins/fixed-toc/frontend/assets/css/ftoc.min.css?ver=3.1.22
Origin: https://www.xn--82cz3bcub1a.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
cf-cache-status: HIT
last-modified: Wed, 16 Jun 2021 06:57:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4HTBj1ml4k0Fqa7f2FqJfRzpkHnaBA6Rl5hlTPruQnH0qCujynZX2pmLOGK00Rf8o0F2naxie1RxwWD6cWAcNIoWXymLZ8znIubLxSf3vVuIe2y%2FM%2BuznUA6fL%2FxEYxIEiL45eAXkEi%2F8A%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69cf86f739214e9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 24 Oct 2021 21:27:57 GMT

GET
H3 200 csprajad-webfont.woff2
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/fonts/ 11 KB
12 KB 214ms
214ms Font
application/octet-stream 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/fonts/csprajad-webfont.woff2
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09a4be40c90137d981d4518d5b5ccb527d29e369e432e9c5ee092aa638049f80

Request headers

:path: /app/themes/thailotto/dist/fonts/csprajad-webfont.woff2
pragma: no-cache
origin: https://www.xn--82cz3bcub1a.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Origin: https://www.xn--82cz3bcub1a.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 05:02:15 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8EpIK0q75YpfJZ35UhkjdSdUY6Ib6veGAFcNhrpdsyrWqgLfQpyatnKBAXQBhML6lBPtKrVVGl6e0x%2Bwrvhu44fyyOMkvMBNaZUDRZTce2phGArOEyzo8aWNzZsZCEP%2BM1eL3nBbT9K22A%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69cf86f739264e9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Tue, 09 Nov 2021 14:42:12 GMT

GET
H2 200 nKKZ-Go6G5tXcraBGwCYdA.woff2
fonts.gstatic.com/s/kanit/v7/ 13 KB
13 KB 18ms
7ms Font
font/woff2 142.250.185.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/kanit/v7/nKKZ-Go6G5tXcraBGwCYdA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Kanit:400,700&display=swap&subset=thai

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f3.1e100.net

Software

sffe /

Resource Hash

185c8f0ba5c84bb93c5ce2c23f353a9f5db8d4b7cdb4a03d816867c2a3871ed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.xn--82cz3bcub1a.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 08:46:57 GMT
x-content-type-options: nosniff
age: 4892
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13252
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 05:14:13 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Oct 2022 08:46:57 GMT

GET
H3 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110050101/ 272 KB
97 KB 53ms
38ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110050101/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

c18e2670fa7018288e2b21265dcd1973129285aa3d2e5be8c9fb8b54554d9f4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99713
x-xss-protection: 0
server: cafe
etag: 1882979344691802506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Oct 2021 10:08:29 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211007/r20190131/ Frame D0B7 10 KB
5 KB 29ms
7ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211007/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

f694b4fc5d667777e89694296218e249226ae1670bbe90a8a345f9f75298b9cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20211007/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.xn--82cz3bcub1a.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 11 Oct 2021 19:09:45 GMT
expires: Mon, 25 Oct 2021 19:09:45 GMT
content-type: text/html; charset=UTF-8
etag: 414810510046348021
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4645
x-xss-protection: 0
age: 53924
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 logo.png
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/ 15 KB
16 KB 16ms
14ms Image
image/png 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/logo.png
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b0afbdd068bd9e7ab578552a0b8fa4024a01415f0951f99771e73576acee1ee3

Request headers

:path: /app/themes/thailotto/dist/images/logo.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3530925
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 15576
last-modified: Thu, 07 May 2020 05:02:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M5XXjetgGVFvo%2BkwfK11Bixb74S5APdXOLmhS8a2qynZQqqDCZmZemNftHAir7gSt3X57ttye3Ns57sRsxKcjoZTB5Re%2F7HC9Ero1IhKMzVyjudTNcinSKdYfOa%2BjnFlginYE1RZY3Girg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 69cf86f87b264e9e-FRA
expires: Sun, 26 Dec 2021 17:01:43 GMT

GET
H2 200 1887dab895a78c56d0d0ec58dfa82807
secure.gravatar.com/avatar/ 16 KB
16 KB 27ms
6ms Image
image/png 192.0.73.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/1887dab895a78c56d0d0ec58dfa82807?s=96&d=mm&r=g
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.73.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 2daef5d6e1fd443e7e4f276687bb439f0337beede80c568164acbd4e8c07a0bc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 12 Oct 2021 10:08:29 GMT
last-modified: Thu, 19 Nov 2020 10:12:01 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="1887dab895a78c56d0d0ec58dfa82807.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/1887dab895a78c56d0d0ec58dfa82807?s=96&d=mm&r=g>; rel="canonical"
content-length: 16262
expires: Tue, 12 Oct 2021 10:13:29 GMT

GET
H3 200 lottoVIP.jpg
www.xn--82cz3bcub1a.com/app/uploads/2021/10/ 84 KB
85 KB 211ms
210ms Image
image/jpeg 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/uploads/2021/10/lottoVIP.jpg
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 380ce11f72c311feb35a6f0103e632193dddfe5b17c90ecf2086bd3e19f86b78

Request headers

:path: /app/uploads/2021/10/lottoVIP.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
cf-cache-status: HIT
last-modified: Wed, 06 Oct 2021 16:26:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0oL59L6InOLhs%2BJeer96BK6dA5CGd2pMt%2BeV%2FtNGsxpYAWdW0nUFuskhRUOJameSQuGiR3%2BaXsZUdTLklvgoOCqG8JFtZt19L0zGuDgR4R%2FJ6DNgdS1gRBxEOguI03zJtBdzPnGyYf%2FH9g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69cf86f87b2b4e9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 85936
expires: Wed, 09 Feb 2022 09:05:14 GMT

GET
H3 200 lottoVIP-1.jpg
www.xn--82cz3bcub1a.com/app/uploads/2021/10/ 50 KB
51 KB 204ms
203ms Image
image/jpeg 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/uploads/2021/10/lottoVIP-1.jpg
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f299b3703fb31e190361befee2e60121f46a7bf4313d7701e26f072a6898e00

Request headers

:path: /app/uploads/2021/10/lottoVIP-1.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
cf-cache-status: HIT
last-modified: Wed, 06 Oct 2021 16:35:35 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AbPdLPL0%2BbrBmEgVpPqLA5OgvkJE9aAK83N77rqnqn8mkGWMyErCmT3yiavnx2Rzav0ltKf7ci125pveW%2FHBCJhOkRQUaUEFt13tk%2FwSl1voG5hTbiym6yJnYyASeoDt621J5LFHfKLnAg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69cf86f87b2d4e9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 51095
expires: Wed, 09 Feb 2022 09:05:14 GMT

GET
H3 200 06.10.64-8.jpg
www.xn--82cz3bcub1a.com/app/uploads/2021/10/ 129 KB
129 KB 189ms
189ms Image
image/jpeg 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/uploads/2021/10/06.10.64-8.jpg
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d375c8dac1748463424ffa815d9adc8756fc96979ff656c35ecb769e7d16678d

Request headers

:path: /app/uploads/2021/10/06.10.64-8.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
cf-cache-status: HIT
last-modified: Wed, 06 Oct 2021 16:29:01 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rLD1diwExQwdr1bhh40xiYuWiEQRtHxiYw9d%2FGWqozDoJW2zQ9Hj0igfqlMmVZVIxGiP7d5lqGpI%2FpeQ8wc8gfWE1IoJaP6ON0i%2FFg1EpPyvH9Ks9knNZ11E1s8CSAfG%2F6%2FwkKgpqdHYKw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69cf86f87b2e4e9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 131932
expires: Sat, 05 Feb 2022 08:36:04 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 28ms
7ms Script
text/javascript 142.250.185.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NG7CZJ7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fc27aed7787a4f63d2feba50e6bc6122ac3c5479456d40c0a445899a08ad92f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 28 Sep 2021 21:34:48 GMT
server: Golfe2
age: 4892
date: Tue, 12 Oct 2021 08:46:57 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19887
expires: Tue, 12 Oct 2021 10:46:57 GMT

GET
H3 200 mCSB_buttons.png
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/ 3 KB
4 KB 196ms
195ms Image
image/png 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/mCSB_buttons.png
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e98cac48f5c13b3fbaa28458f0d8f26a78c9d944f8f4edad9abcb249b9028ca7

Request headers

:path: /app/themes/thailotto/dist/mCSB_buttons.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 05:02:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BnoaRRy%2BSMkE46UQe5dZYgnF2hpSid%2Bt7WU%2F2w5aZoG%2BR1OLJan56fHPibglQke9allnD2hu1IRLhplQa9FdBmQn986%2BcTtRuY3SBuJFIz4M3SRadpaax5D15xLwdoyQsEw64V9xC%2ByFJA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=10368000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69cf86f8ab754e9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2998
expires: Sat, 27 Nov 2021 02:37:29 GMT

GET
H3 200 tracker.php
www.xn--82cz3bcub1a.com/app/themes/thailotto/ 0
615 B 748ms
747ms Image
text/html 104.21.60.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/tracker.php?action_name=lottovip%20%E0%B9%80%E0%B8%A7%E0%B9%87%E0%B8%9A%E0%B8%AB%E0%B8%A7%E0%B8%A2%E0%B8%AD%E0%B8%AD%E0%B8%99%E0%B9%84%E0%B8%A5%E0%B8%99%E0%B9%8C%20%E0%B9%81%E0%B8%88%E0%B8%81%E0%B8%AB%E0%B8%99%E0%B8%B1%E0%B8%81%E0%B8%9F%E0%B8%A3%E0%B8%B5%E0%B9%80%E0%B8%84%E0%B8%A3%E0%B8%94%E0%B8%B4%E0%B8%95%E0%B8%96%E0%B8%B9%E0%B8%81%E0%B9%83%E0%B8%88%E0%B8%99%E0%B8%B1%E0%B8%81%E0%B8%A5%E0%B8%87%E0%B8%97%E0%B8%B8%E0%B8%99&idsite=1&rec=1&r=722784&h=10&m=8&s=29&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2Flucky-number%2F14679.html&_id=4d63f2e0905fc0bd&_idts=1634033310&_idvc=1&_idn=0&_refts=0&_viewts=1634033310&send_image=0&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&gt_ms=814
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.60.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.14
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /app/themes/thailotto/tracker.php?action_name=lottovip%20%E0%B9%80%E0%B8%A7%E0%B9%87%E0%B8%9A%E0%B8%AB%E0%B8%A7%E0%B8%A2%E0%B8%AD%E0%B8%AD%E0%B8%99%E0%B9%84%E0%B8%A5%E0%B8%99%E0%B9%8C%20%E0%B9%81%E0%B8%88%E0%B8%81%E0%B8%AB%E0%B8%99%E0%B8%B1%E0%B8%81%E0%B8%9F%E0%B8%A3%E0%B8%B5%E0%B9%80%E0%B8%84%E0%B8%A3%E0%B8%94%E0%B8%B4%E0%B8%95%E0%B8%96%E0%B8%B9%E0%B8%81%E0%B9%83%E0%B8%88%E0%B8%99%E0%B8%B1%E0%B8%81%E0%B8%A5%E0%B8%87%E0%B8%97%E0%B8%B8%E0%B8%99&idsite=1&rec=1&r=722784&h=10&m=8&s=29&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2Flucky-number%2F14679.html&_id=4d63f2e0905fc0bd&_idts=1634033310&_idvc=1&_idn=0&_refts=0&_viewts=1634033310&send_image=0&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&gt_ms=814
pragma: no-cache
cookie: _pk_id.1.1764=4d63f2e0905fc0bd.1634033310.1.1634033310.1634033310.; _pk_ses.1.1764=*
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:30 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.3.14
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=flNsait1XmlRwcIMHutY8xSOIxj%2BVuzPEleOqbWC2wzkRNZoLYKZXJ4kkpWm8a%2BqF03duZ2EK8cViLnmYVHZFHBi53XzUKSXQ7dWS7pkUZ0jKifMgaDv3g3%2F9hBAFHYL%2FBqDjo9V4GboGw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: max-age=0
cf-ray: 69cf86f91c344e9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Tue, 12 Oct 2021 10:08:29 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 28ms
14ms XHR
text/plain 142.250.185.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j94&a=2109755713&t=pageview&_s=1&dl=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2Flucky-number%2F14679.html&ul=en-us&de=UTF-8&dt=lottovip%20%E0%B9%80%E0%B8%A7%E0%B9%87%E0%B8%9A%E0%B8%AB%E0%B8%A7%E0%B8%A2%E0%B8%AD%E0%B8%AD%E0%B8%99%E0%B9%84%E0%B8%A5%E0%B8%99%E0%B9%8C%20%E0%B9%81%E0%B8%88%E0%B8%81%E0%B8%AB%E0%B8%99%E0%B8%B1%E0%B8%81%E0%B8%9F%E0%B8%A3%E0%B8%B5%E0%B9%80%E0%B8%84%E0%B8%A3%E0%B8%94%E0%B8%B4%E0%B8%95%E0%B8%96%E0%B8%B9%E0%B8%81%E0%B9%83%E0%B8%88%E0%B8%99%E0%B8%B1%E0%B8%81%E0%B8%A5%E0%B8%87%E0%B8%97%E0%B8%B8%E0%B8%99&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=143193000&gjid=1499994200&cid=2145660158.1634033310&tid=UA-153146014-2&_gid=590359839.1634033310&_r=1&gtm=2wgab0NG7CZJ7&z=72353157

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.xn--82cz3bcub1a.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 10:08:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.xn--82cz3bcub1a.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 209 B
663 B 226ms
15ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.xn--82cz3bcub1a.com&callback=_gfp_s_&client=ca-pub-1960034280122131

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110050101/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

5185ac24b649da5cca0868d19d666098a535eca4808b52089b52565b2663079d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 197
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 225ms
16ms Script
application/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.xn--82cz3bcub1a.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110050101/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 12 Oct 2021 10:08:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8C55 186 KB
50 KB 244ms
229ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&adk=1812271804&adf=3025194257&lmt=1634030453&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2Flucky-number%2F14679.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634033309468&bpp=2&bdt=450&idt=162&shv=r20211007&mjsv=m202110050101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6254306516462&frm=20&pv=2&ga_vid=2145660158.1634033310&ga_sid=1634033310&ga_hid=2109755713&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=2&pvsid=4030711496716880&pem=157&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=173

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110050101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

1f545406044a61672841ce2f37fa93ecfcf847dee9e5f4b2163b082c92f8ae7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1960034280122131&output=html&adk=1812271804&adf=3025194257&lmt=1634030453&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2Flucky-number%2F14679.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634033309468&bpp=2&bdt=450&idt=162&shv=r20211007&mjsv=m202110050101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6254306516462&frm=20&pv=2&ga_vid=2145660158.1634033310&ga_sid=1634033310&ga_hid=2109755713&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=2&pvsid=4030711496716880&pem=157&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=173
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.xn--82cz3bcub1a.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 12 Oct 2021 10:08:30 GMT
server: cafe
content-length: 51352
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 12-Oct-2021 10:23:29 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 12 Oct 2021 10:08:30 GMT
cache-control: private

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110050101/ 143 KB
51 KB 38ms
38ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110050101/reactive_library_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110050101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

445e6a7ce81a9f7e2e8cf26bac4db8baf48075bcb1a017129b6884d4849fb347

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52518
x-xss-protection: 0
server: cafe
etag: 8676918196465130328
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Oct 2021 10:08:30 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 31ms
16ms Script
application/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.xn--82cz3bcub1a.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110050101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 12 Oct 2021 10:08:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211007/r20110914/ Frame A946 10 KB
5 KB 7ms
6ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211007/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110050101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

f694b4fc5d667777e89694296218e249226ae1670bbe90a8a345f9f75298b9cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20211007/r20110914/zrt_lookup.html?fsb=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.xn--82cz3bcub1a.com/
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 11 Oct 2021 19:06:21 GMT
expires: Mon, 25 Oct 2021 19:06:21 GMT
content-type: text/html; charset=UTF-8
etag: 414810510046348021
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4645
x-xss-protection: 0
age: 54129
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211007/r20110914/ Frame F6F6 10 KB
5 KB 7ms
6ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211007/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110050101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

f694b4fc5d667777e89694296218e249226ae1670bbe90a8a345f9f75298b9cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20211007/r20110914/zrt_lookup.html?fsb=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.xn--82cz3bcub1a.com/
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 11 Oct 2021 19:06:21 GMT
expires: Mon, 25 Oct 2021 19:06:21 GMT
content-type: text/html; charset=UTF-8
etag: 414810510046348021
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4645
x-xss-protection: 0
age: 54129
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 css2
fonts.googleapis.com/ Frame A946 4 KB
635 B 50ms
26ms Stylesheet
text/css 142.250.184.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211007/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f10.1e100.net

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 09:20:57 GMT
server: ESF
date: Tue, 12 Oct 2021 10:08:30 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Tue, 12 Oct 2021 10:08:30 GMT

GET
H2 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211007/r20110914/elements/html/ Frame A946 18 KB
8 KB 40ms
13ms Script
text/javascript 216.58.212.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211007/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211007/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.129 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f1.1e100.net

Software

cafe /

Resource Hash

f685e060ea2385c8f008c5915373f506dcb4a3e5ad648a7693efca4550f2a037

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 09:45:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1409
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7704
x-xss-protection: 0
server: cafe
etag: 13905763089999689414
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Oct 2021 09:45:01 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0C0D 624 B
300 B 19ms
18ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMnRvNQCEJP9zuICGJDhzrUBMAE&v=APEucNWGTXioaFvmIrV5sVeRZIsg4vYGI1SRHzNFsqTvpi_8ikQT0RTOCmtPStKhC-tmaKeqim9zgskiyACub4VHKb8zj4SObA

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMnRvNQCEJP9zuICGJDhzrUBMAE&v=APEucNWGTXioaFvmIrV5sVeRZIsg4vYGI1SRHzNFsqTvpi_8ikQT0RTOCmtPStKhC-tmaKeqim9zgskiyACub4VHKb8zj4SObA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/html/r20211007/r20110914/zrt_lookup.html?fsb=1
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20211007/r20110914/zrt_lookup.html?fsb=1

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 12 Oct 2021 10:08:30 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUlwh3WXaMCGjRBYU9KPSPMu_ckOL6J9ZmTHFgZuoSfbNBWD3CgSU3U_Lj2R; expires=Thu, 12-Oct-2023 10:08:30 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 12 Oct 2021 10:08:30 GMT

GET
H3 200 abg_lite_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20211007/r20110914/ Frame 6E15 18 KB
8 KB 9ms
8ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211007/r20110914/abg_lite_fy2019.js

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

d19d72f9c6e5bb747a38571cf87013b5fdc205a277e307aaded38c30339bcfd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 09:49:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1148
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7688
x-xss-protection: 0
server: cafe
etag: 9086524265215974373
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Oct 2021 09:49:22 GMT

GET
H2 200 5766790462732067972
s0.2mdn.net/simgad/ Frame 6E15 36 KB
37 KB 51ms
8ms Image
image/gif 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/5766790462732067972

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

sffe /

Resource Hash

a603a5b5b17a1845503de11ada8c0a9d5a88f88ed067774be29f8fd6d3beefdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 01:59:41 GMT
x-content-type-options: nosniff
age: 29329
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37282
x-xss-protection: 0
last-modified: Tue, 27 Jul 2021 21:03:57 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Oct 2022 01:59:41 GMT

GET
H3 200 omrhp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20211007/r20110914/elements/html/ Frame 6E15 6 KB
3 KB 9ms
9ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211007/r20110914/elements/html/omrhp_fy2019.js

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

fb9268e99659f17a183de7aa0d4e27453f96c159a7ba99d6482522f8f72d1009

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 09:55:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 777
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2631
x-xss-protection: 0
server: cafe
etag: 10983085961369067521
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Oct 2021 09:55:33 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6E15 0
255 B 74ms
46ms Ping
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssdZLi2nYl_GcKLCqLx6oX3gg_QO-nSYnU3bZvLQcns__iGAxoCjAkK44KUrj3yC4ykRAn-mn9bpcVXd_yHSZ02TkaQwaDVmto5VDUBL2qk1T0pWwJuPEwKgxd4l2HZuyYbYloMjPawBY-dq40J-APj1LAv2LfDemJ-d10yaEDKFa4zUm-PyoXs1YIWYr5xt69yJChBibKeAChomXNPxlhgAEIMS9TDEKUJ7Qx1Wi8-6zbw3anOEIfStInExjbjUfAKiop1jW4u8jvh1rwRMisghkKd6W8cru3JgCHGehRM6dmUo9WXIMtlOEre_K0-qFVtIF8LTy1W08eJf2T2NqoW4m0Z2TZ-xj8z-daVD5xrsQN3Ou1qheo3WVXhtj6uOP4OhLlvVD6F7cfJvu3Hdv7OSid8lZTI1Ecv3iq3PwE8IxuFX0NzTgbXqhHzo1r4GXNJSPsNQQcyyK-GrVDlbuhAccDojEHhKif804NXKA0cxQIZKAfgcht7sMs1IQEWD7-Dr2jhdRDue6mzKtZvmIbQH5eoegidVoxgp7mL_X4Bw0vCpjxB-wLn_Z2pdcAo2PNk_eyrzpB4dNgR1ezy9K6BXp1H9NT6Q2g1_SflmzT7g3_Mvye5X6HYbQYc7eTXr5NOW40D6sKYHrqfcKjGD_vSDaq89Z5_2IwTFeakh9aEF9OawkJB5hGYbIjS0mJB4iFEek_UgDoxfhZ1cb62RuTbxt2W1vBboiTHRSy9lYgDe7szAJpDuHeV4v23tfwCd3eMeB26QdNOBWRLrCKbjW4mRB2Lb5G4WmC-amjUW8Jl8cXgTT55DtGpBHYlZTkqOHoDrP0EFHja3Tdt3DnsE1VdBOrlHGEsBNeGSvZDQ9qy42rH3wxwkxcYkrkhQvcJ_fg9afiVKGvf-N5JgyfqHQLlLu7YDUDlvD4Wbt2pYUwKVOGE0KTny4CawvUhBfMIdls8uWA4NxHB6gJL8QvwhflNW2rwh3wreO_EosGD3thUJTXXHv7kfSt_Z1udDwNDMaizSUR2FWfr67gZMZAqGgYQn0HgXr6oo3ZgRwDdkTa6oDPEU-q1N_DiTUmB9he259n3sytCOF6-uUr8LowteNw8fwjQzw&sai=AMfl-YR5kysjQt8ug7Im7ENKvz2VA9DieCUjHj3JCAxquDqfRhDlubc6ZdFToNQCeZdsSKljiHJ7i289kooGLn07IRy5SFh49sBBNhEUqRwKRtClZqcFdo93-fxIQoaSjwRZdGIDb_jXnx4wtX776HwCF9YSNABoMeatjvzoql5E1Q&sig=Cg0ArKJSzJLMX_IIaM82EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20211007.49917&adurl=

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Tue, 12 Oct 2021 10:08:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6E15 41 KB
15 KB 16ms
7ms Script
text/javascript 216.58.212.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.129 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 10:04:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86618
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Tue, 11 Oct 2022 10:04:52 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211007/r20110914/client/ Frame 6E15 3 KB
1 KB 21ms
13ms Script
text/javascript 216.58.212.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211007/r20110914/client/window_focus_fy2019.js

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.129 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f1.1e100.net

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:05:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 167
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Oct 2021 10:05:43 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6E15 123 KB
38 KB 39ms
16ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

sffe /

Resource Hash

393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37935
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952256361887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 12 Oct 2021 10:08:30 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211007/r20110914/client/ Frame 6E15 14 KB
7 KB 15ms
6ms Script
text/javascript 216.58.212.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211007/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.129 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f1.1e100.net

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:06:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Oct 2021 10:06:18 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6E15 42 B
63 B 41ms
41ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DuMgdlLYI7mLIMy2vyTwg5Lk4_IBJkmRUm73_vuCVSosGwbbHSOFSGzf5pd0ro1_Fu2s6Gg1Hix6QfEdoZrIRpYNu16729xiBAYCNHqGdJ8pdFG8g

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 10:08:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 29E7 22 KB
8 KB 42ms
16ms Document
text/html 216.58.212.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.129 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Mon, 11 Oct 2021 10:04:54 GMT
expires: Tue, 11 Oct 2022 10:04:54 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 86616
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0C0D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcsi9_CSJ8Wl3Aabknmado&google_cver=1

43 B
1014 B

28ms
19ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcsi9_CSJ8Wl3Aabknmado&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMnRvNQCEJP9zuICGJDhzrUBMAE&v=APEucNWGTXioaFvmIrV5sVeRZIsg4vYGI1SRHzNFsqTvpi_8ikQT0RTOCmtPStKhC-tmaKeqim9zgskiyACub4VHKb8zj4SObA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Oct 2021 10:08:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 12 Oct 2021 10:08:30 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Oct 2021 10:08:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcsi9_CSJ8Wl3Aabknmado&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0C0D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YWVenhlNR7wx0U0rvfw3PQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcsi9_CSJ8Wl3Aabknmado&google_cver=1

43 B
894 B

14ms
13ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcsi9_CSJ8Wl3Aabknmado&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMnRvNQCEJP9zuICGJDhzrUBMAE&v=APEucNWGTXioaFvmIrV5sVeRZIsg4vYGI1SRHzNFsqTvpi_8ikQT0RTOCmtPStKhC-tmaKeqim9zgskiyACub4VHKb8zj4SObA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Oct 2021 10:08:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 12 Oct 2021 10:08:30 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Oct 2021 10:08:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELcsi9_CSJ8Wl3Aabknmado&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 0C0D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEARuJhVwOTJL4esGZXFII6Y&google_cver=1

43 B
1008 B

23ms
13ms

Image
image/gif

185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEARuJhVwOTJL4esGZXFII6Y&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMnRvNQCEJP9zuICGJDhzrUBMAE&v=APEucNWGTXioaFvmIrV5sVeRZIsg4vYGI1SRHzNFsqTvpi_8ikQT0RTOCmtPStKhC-tmaKeqim9zgskiyACub4VHKb8zj4SObA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Oct 2021 10:08:30 GMT
X-Proxy-Origin: 216.131.114.241; 216.131.114.241; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 97c631db-89d0-494c-a735-7cbdae9863eb
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Oct 2021 10:08:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEARuJhVwOTJL4esGZXFII6Y&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0C0D
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjYyNDEzOTY3Njk4MDQ5NDIxOQ%3D%3D

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjYyNDEzOTY3Njk4MDQ5NDIxOQ%3D%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 10:08:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 12 Oct 2021 10:08:30 GMT
X-Proxy-Origin: 216.131.114.241; 216.131.114.241; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 18751918-65f9-422a-bfa1-39ce66279947
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjYyNDEzOTY3Njk4MDQ5NDIxOQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211007/r20110914/ Frame 19FE 18 KB
8 KB 29ms
19ms Script
text/javascript 216.58.212.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211007/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211007/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.129 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f1.1e100.net

Software

cafe /

Resource Hash

d19d72f9c6e5bb747a38571cf87013b5fdc205a277e307aaded38c30339bcfd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 09:56:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 712
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7688
x-xss-protection: 0
server: cafe
etag: 9086524265215974373
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Oct 2021 09:56:38 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 19FE 8 KB
715 B 27ms
26ms Stylesheet
text/css 142.250.184.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211007/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f10.1e100.net

Software

ESF /

Resource Hash

32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 09:04:24 GMT
server: ESF
date: Tue, 12 Oct 2021 10:08:30 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Tue, 12 Oct 2021 10:08:30 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211006_RC00/ Frame 19FE 14 KB
3 KB 38ms
7ms Stylesheet
text/css 142.250.185.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211006_RC00/outstream.min.css

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211007/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f10.1e100.net

Software

sffe /

Resource Hash

48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 06 Oct 2021 12:30:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 509851
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2798
x-xss-protection: 0
last-modified: Wed, 06 Oct 2021 10:47:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-instream-static"
expires: Thu, 06 Oct 2022 12:30:59 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211006_RC00/ Frame 19FE 352 KB
122 KB 38ms
7ms Script
text/javascript 142.250.185.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211006_RC00/outstream.min.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211007/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f10.1e100.net

Software

sffe /

Resource Hash

62a1871e4b6628d8e7ec4af963840978e11484ed4b96c5798697f01061a526af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 06 Oct 2021 12:30:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 509851
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124967
x-xss-protection: 0
last-modified: Wed, 06 Oct 2021 10:47:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-instream-static"
expires: Thu, 06 Oct 2022 12:30:59 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211007/r20110914/client/ Frame 19FE 14 KB
6 KB 29ms
21ms Script
text/javascript 216.58.212.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211007/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211007/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.129 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f1.1e100.net

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:04:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 232
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Oct 2021 10:04:38 GMT

GET
DATA 200
OK truncated
/ Frame 6E15 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e8abcf385e610634a9069e8b107b8c7c5859443f76b2e2ff5918225f49413d9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6E15 0
23 B 63ms
44ms Ping
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/lucky-number/14679.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Tue, 12 Oct 2021 10:08:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 164xWCSuMRCufBnFuK3WuMS10bt2HArdrnuZlqXsEzU.js Show response
pagead2.googlesyndication.com/bg/ Frame 29E7 35 KB
13 KB 8ms
8ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/164xWCSuMRCufBnFuK3WuMS10bt2HArdrnuZlqXsEzU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

d7ae315824ae3110ae7c19c5b8add6b8c4b5d1bb761c0addae7b9996a5ec1335

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 09:43:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1497
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13308
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Wed, 12 Oct 2022 09:43:33 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 19FE 0
348 B 42ms
14ms Ping
image/gif 216.239.32.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~kunx8rkb&c=338389515263&slotId=169194757631.5&qqid=COmr8rfQxPMCFbXA5god8i4BOg&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211006_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 10:08:30 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 19FE 0
20 B 41ms
40ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CnF8QnV5lYanpNbWBmwfy3YTQA_nJrr1lkvWVjfoN8C4QASC1h8N_YMkGyAEFqQIOs7ZgDbRFPqgDAcgDmwSqBPEBT9C7JoJ0kSqRidMs6hqrXXb1nToD9a1DmLGsf3fT-24i-jr4OLy7ZflT7uil0HVREvPr-ktobPumEc8PP0212_oRGr-C5Siu9ppyJ0SbZizu-uDVa1iCJX0tcb4v8zysW0y63ZDIduSoQRKtmfXtDJ49QE_4tns7WDBHSfhTsuVMAuFxs_sQBqBw1f9DHfdnHl75zpPOG2O78MYy8NabPE-Ooiwrmd80nU_wqZLHew3BYKSYVGVlDh5GNHExmQih8HSfVdisxAp1m4MohSUe3g1iz89IqMrEEaiA8_QUMcotuc7cec-x2WNP7spBDvy_I8AEmJSRht4D4AQDkAYBoAZOgAeI6PKeAagH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIBhEAEYX4AKAZgLAcgLAYAMAbAT3NXoDMgT5unA3gPQEwDYEwqIFAHYFAHQFQGAFwE&eventType=clickstring&clientTime=1634033310354&ai=CnF8QnV5lYanpNbWBmwfy3YTQA_nJrr1lkvWVjfoN8C4QASC1h8N_YMkGyAEFqQIOs7ZgDbRFPqgDAcgDmwSqBPEBT9C7JoJ0kSqRidMs6hqrXXb1nToD9a1DmLGsf3fT-24i-jr4OLy7ZflT7uil0HVREvPr-ktobPumEc8PP0212_oRGr-C5Siu9ppyJ0SbZizu-uDVa1iCJX0tcb4v8zysW0y63ZDIduSoQRKtmfXtDJ49QE_4tns7WDBHSfhTsuVMAuFxs_sQBqBw1f9DHfdnHl75zpPOG2O78MYy8NabPE-Ooiwrmd80nU_wqZLHew3BYKSYVGVlDh5GNHExmQih8HSfVdisxAp1m4MohSUe3g1iz89IqMrEEaiA8_QUMcotuc7cec-x2WNP7spBDvy_I8AEmJSRht4D4AQDkAYBoAZOgAeI6PKeAagH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIBhEAEYX4AKAZgLAcgLAYAMAbAT3NXoDMgT5unA3gPQEwDYEwqIFAHYFAHQFQGAFwE

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211007/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 10:08:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 19FE 21 KB
13 KB 69ms
40ms XHR
text/xml 74.125.133.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-Atk2MndGQIV8vs7hFPfP0v_3aNdWGwtRZHCYE5M76fI-MKRnClBpqgJNEDc1395u6q4echbtc_xCOSSa7w_Z3OQlFyiw&dbm_d=AKAmf-DTQItNT-rsTn7M9jJJA83LMbHs_tgbtiquXvb3xBltnMYaPHt3kdSKTwkTbyt8_rfo7SW-eiO4enqFObcQYWAb7YUxFxn8REpogsPgjQu35QY48pvmrORKL3LEpyB9f8l6QQDwXhmVScBd8HpvSiLqsRUq2z9WzOBRl_IAgaHemHkqRUHRmwrxBIpKmu1it_XRRHc_DRU_s2sHbcGVS5Wn-BdeiOowZEj1-T5ly4yqiVVreHY2nZ40no6TzBx3oFXihikDcSoyItLHBzKSwVeMyshhkXb5AtY6iqhjWAlA0N7nB8kOjFXbT3kN5zkAwZMzeYut1khyDfUleGgTjzBoMKXVDfAQ04wXQhGUlSeelPlr-nCRk57e5t-B4eK0Uhh5MMaelKHOjDD_ZBvq1QkgXKPJJI_hdA-O1UDjhUgWIxWbwOSdRe6VIabiiqdYg0IEOMeOWUdlcdB51Amwa6XAjmye1b54_jkCZ4uclJeGoENNwU8VE_d7y7pNctTmuJgLT4QjAiji6bJuMIJUhmKuEVGoeik4N_dUlKB8UC2PaCw0DexXMIEsvRcObsa83cnF3eUnWBi0UFjH_aVUSL0pWyRVp8Tz_6MC4XsiFaaGEIjZ7ZgQoC4FIBCn7LEOr-5XYNuvevwfzCLIrYVqzP-Lq05gesl-POhcY9gHlt6JxZhz9vRP5YLnb0XjgTBjQ55GWvceTtShD1fgSl89EsZ6PmhWAY9S_AjLidoCHQOmwJIHE02nFdtW4NxZfMJadQ6ze9X9xMyeZ37_5UPGGvaR-IzQ4lvl1vUlV4ImBXJpnqK2ucSzq5fyp9PVYbczFE8b2RYgVFvX-QefuDPl8RA53siLQcZVw7GyStHff7DbIJGz_RA9qnlcuNtp6KMD8-kujwnq5e2-W-bfPvOg680y0wleeU0GBqyaxyuLmuPeG4QjtUb7pXvhXCzO-kbM1f8LQgjWUdn8urW9Y72xFVqsb3nMtlsCVOI17194y1n03LpXoGLIrMeDkSDoiJ75U3K8jOBgWwndLXn2Ax5HW7ldjKpVKQPYPpZW15HTXeKNWr0GFqEWhEWDJhUmdHXcO0wS3Jt_QyWNEjxgzB7niHPL4bNxGB78mkVKELR8_YDVviH0Xx_l3ZAmsxXsoJxfD0PJTvQBHzOHagQmxogmn-wSaETGaIjbzd-zky4f6Dx1XKDthxak-nDT-V1S5IZAjsLfWJ4KeSg701ONduI8_uRLGvz-fV7eH-8HN2SIvCWcadHqanC79E-eqY_5XscsmkXFKcsKAS6njuaC1by-2q_h_zMiqeqQL_PJ17m16DsNO0wesdrAeZt20mVGTUYUISSSPgOlFQ1NGMGt0pmqRcf4--P8C9rk3xPbpEN_pVOXrfLD3PFw3x52ZGU_rast3N25cDFZIyvFtZkaHdaCCeobazTsG87riD-5GabNWPSe-40L0B_geJ23eX76RaxgSy35Q7HFo9GhkLeiJZI6E3rxcEshol2-tmZN6nsFrTXoGJ5h0LY6hnDAdKo7Foz66WQzZ-VLSI_wnV4lCjYpk1Yic0AV-UlD1ZfsMgebNfOCewtj4CyqG-CvTpmcafQRbY_D921uulUogvaihnMacqQAei5e0rzhQPG3ltdeIbwuh-fgxYHHbFiO870_kD07keBf2QAbqBUfWuYWSWfxttPZ92Py6vRwHy8DJZwmHcZpUZfX4g72bKbWEi3WPsSIoFCd74Ki2J50eHPR8U6Jsf1xbuecaE0ARJg1zgEVd34Gd6b_l53osTtzubPBIMhvC1P6QQBolUHD-Y2iLfc3e9uZPL-idxFhEcYSrXBX67vCpUdQeiqF8V7g2ma8jDPMLFkulomV8T-atxCItXsCq7IN6q3DetgLuGYVChCCjWYl13-MRJVd4nUbXiDGSxl5d4NNbngyX2VPnLny4CNz6QzzZSxzqy25R5VOOHU42bBTycRpRcUsDTMqVrqcqnip5L_X6SrVHXQ7yEzBWeBA56Yu5baWChdbonVkecGzUnrDrDYdmd-y9BrZ0z9j7fiT8R2NdwbXC4lrULE6gn20ZSwyuwPOaTTXUY0KkqnmpZ9ZK7yHto116Pj48fDMG_Gjlt5NBsmtJOg1n0BbyzPllrCnMOZZE8LGnxZ3mx9UKUt2-V_8EA0hXACOZLDdg7COKzgbZzC_yxiW85dzbpka9_fEedCc-pYUjFTbA8g3N3hseawwtVAkc4lG4UH78FOm3qK3cLXZzbAWXGIYtGvllwPv_QBEe0YSkm7vjB7orjSCdSWdw7WKjBg-StPAzOGXFRwchScPNEGw_o34BO5Sc4MJIXHR0LmYDr7EWtJNt4rWGTgZiT5iIkX7Ez6wJWr8k5HPguNA7YCCUWurYrx33FqD3KjBR5yZWEEBrnBKTgEyKB7pn5AK4g_3wVztQdp_yjhAThHRdpR-TvfTudYBfJnNFToSVodkoT3HpyQbL-UIG-7MwNnuc6Fpf3uTJ7RsqHj-Tm8kOGFlyLBgxcLUDim4p6ACKPsI8PlyEa5JD5eCxzC3jx7YEYRx9yDhCaIUwWpxhhFzEUYGyzZJXTJsDW5PhQIzdFnLqtR1HLH91apeH5_VUOlA97zQ942C7EGgbVosOIoRWVgk57P99DD2qf0hdL-XuWS-2Cf8Het2sOsHSgVHp_Km_VkYI2ec2PnqGQ9g-PaQ1BRZZi5ZuLShP7FHc1apbolwUwcVjBvDXnhXdJqixzEmly6dA8mGcLp6nBTmBnTsjQRU10G85qiYcdwhZA9scjEG2g9X4MaMdbMrUkMOICGw-DCQEtNDIT7FeureK6IT-XObrEib5RQ1JoTMXjFH30GQ_Ob8ieNBpUtnIobbNYP56WmgQ6kkEv7oKoblTB8-Xk9sRTdzlOYkDzNGpCGU-lWtlRK0-E0TjLnddlnT8wqn6yT-tFJRtzvTce6bsFGBJ9EC4ALs8t9LtqfTxbyXQMi9OjdxB4bCwZXU0GXRNXWhg69IZOiHKZd34Dykd7YjnzSO8jVetfHWccI7kDD7SCJZTZVAPg-miRsqzGYdvz5ibvIrJhwWe_zul8EhnGWelpvtqWzWvHv78Usp7c-0wf4mJOeSSH3kveUrX3DS7zdoi8e_BzA0Nys8U9UWjDIT2fUoozsyUeS3hIh7hNzNsCmSTyww8kgvyx9hF9J7ZoJ1I-YsB345N6oVKI5JvR_ikRxjvdrmOk58oWcy4a8mIgevwU7a_aZaAVCD1xdgqM0N0EnF2-be-moRUaYct6PKLPIXWeLHpP3ylMmVMOKa5fN6XoL4HhbzOiE4dUa6eXFamw5ieH7DPeJ2jFnGAi3D26tnchvUH8rXEO8s0eqTCNcp8bpqGTUadH9EwWlBtYsGIwxV0SRd0ISNhXFnPtjRfaeLXyiPS4Fl9QTQ0ruwCqgiWkuXei7YLqXCvT9VzMG_ia4fKQfI3wRwUyarrQ4zxwU6I3RlH1Wn673ZqgsCWWX0O-35z7mZJY5tMUr_HsDaPMDWGRVkkxFvrgd2-c__dvUJjxSXz-YK4sbPNHZSrXMU_Aj9kBi_Jc9PIJep41vzfpt9WmjK8Szr9BMCH7czcFEc14mJ4fyFgNPFlO4au3XmcPuvSpbyw-7aR2yj9FQJVogqUDrHkV6tJ-Ng_2pY-Q_4ayywIYtGBEpDHBlyVNiPicbbmSTg35SMC538jWJbzkOz-01fiDBrP9KhYozz&cid=CAASBORoM-4&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211006_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f156.1e100.net

Software

cafe /

Resource Hash

3badc3b7ce5f225ccf3a3566c66b9f98847157a34e815330419924de2b0851f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12547
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 52ms
30ms XHR
application/json 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211007&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110050101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

4f0eccc908556115e29f22b7404a11373f7a7c72752ddc73c911797b55420f51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 12 Oct 2021 10:08:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8535
x-xss-protection: 0

GET
H/1.1 200
OK 57428664 Show response
unified.adsafeprotected.com/v2/831952/ Frame 19FE 17 KB
4 KB 169ms
53ms XHR
text/xml 18.203.164.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://unified.adsafeprotected.com/v2/831952/57428664?mon=57428665&omidPartner=[OMIDPARTNER]&apiframeworks=[APIFRAMEWORKS]&bundleId=[BUNDLEID]&ias_xappb=[ctv_appid]&originalVast=https://ad.doubleclick.net/ddm/pfadx/N1053267.3077802ACCUEN_DBM/B26547109.315448326%3Bsz%3D0x0%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bdcmt%3Dtext/xml%3Bdc_sdkv%3Dh.0.0.0%3Bdc_osd%3D2%3Bdc_frm%3D2%3Bdc_sdr%3D1%3Bdc_ref%3Dhttps://www.xn--82cz3bcub1a.com/lucky-number/14679.html%3Bdc_ves%3DdGltZXN0YW1wOiAxNjM0MDMzMzEwNDIwCg%3Bdc_cid%3D158774037%3Bdc_adid%3D508104954%3Bdc_vpaid%3D0%3B
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211006_RC00/outstream.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.203.164.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-164-190.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ab284cc52cfd66499f9a23c4bd80beb61618a52e3b82dc3bf0cb7c55f3001ffd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 12 Oct 2021 10:08:30 GMT
Content-Encoding: gzip
Vary: Origin
Content-Type: text/xml; charset=UTF-8
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 3905

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 25ms
25ms Script
text/javascript 216.58.212.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110050101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.129 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 10:08:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Tue, 12 Oct 2021 10:08:30 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 29E7 0
20 B 42ms
42ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B5Rd-nV5lYarpNbWBmwfy3YTQAwAAAAA4AeAEAg&bg=!yMuly4_NAAbGFvHlxhY7ACkAdvg8Wsf0YpIzZb2KwkOz77EArXHOdNFJpaWX8lkF8gqchcPS3G94SgIAAABtUgAAAAxoAQeZAtKfj0vHhMzO56NelY0VgSoJZ8m1UW1BZoCfiAW0OYjmwx-BLtPuk9nW5C0SCNVP6-itCs5y8ZDf5E4gfuWuHlYHi49W7L6vvjRJyY_oQdM8ekmNTYocWTulwVN9iJlEWez9WvpUYmI55EBeCarMTX5xVx1T29mqeHMiS0IU8bJIfVO2NhzbsujzyYoWLDeZ0i4eMv8sjiG53x7kFdqI7BOda-1jCiPV7beOxCMZUjrJHLDY3ilLeR2SEmQboem_FCH9NE3sRTxmolweYFGwZc9bX-d9Q8UJe_EqdxmQhf38kgv9MEKL6m6r63n54-djsI3WK_BnOTzCCzFEHdBE6F0h7TMBcLjkq0OK_khNuBQcI-klih4ZrqSVVZimTLvGRyiZT3j1VbpHHHOOjQBrBP1PNRgxcN_fvs7gMwKTxFykme7IETbkdj0hx26DACleoNMnyrLCe0Wfl-3s48-ZZMrpuwB38uDC0_yeZ0QkFRWirLukfcSiKpAyESCfnAB3uGJZg-NFACK2GT4AwV_6kCPGR6yLCQvlXS2SMOfXlyW7KEYNSp2x2shu-XEAiikQIIbD5SVFh24zzFLezW1_GagaCR0hAo6ZI_ltx3-zkkeJj2gFiyg2VixlKUPfxrP5yxZPJlQdk22YFvtC8O1zJgSuzqxFPdvGmp3Fe84GBS5uJZ4hBr03VTvijFTkczABp7R-lad03sZcTdKgxNgjMo3zHWetEz7sY5iFIy0e_32WhFx-RR4CvwHPPF6uHHwSNMk4qhNRm9D1G_o29G-w_V24WRwbk-Fvp90rdwOnv6KZGRQrO6bqTsM6ZwwjU5bf-HxCQpeB_7SeVs_AHL8TlgEym5ViApwa76_bsmu_b8ft-dVsz1pFBHnwwa0elF-JqkZ4gPXcdOqUB_LAtlNiCnCvzgStPDKMOxmMKFRKn15zZyznLdHMUU5DYCXkTE0VF3h4_A

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 10:08:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 9605 12 KB
5 KB 18ms
17ms Document
text/html 216.58.212.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.129 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.xn--82cz3bcub1a.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Tue, 12 Oct 2021 09:51:46 GMT
expires: Wed, 12 Oct 2022 09:51:46 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1004
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1E85 783 B
1 KB 72ms
28ms Document
text/html 172.217.18.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f100.1e100.net

Software

GSE /

Resource Hash

b3bc2441d5da50426149127c49996ab64bec996d81daf9ee96624538f0f8b37a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-pegib2o4rpWK6uubAneV/w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.xn--82cz3bcub1a.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 12 Oct 2021 10:08:30 GMT
date: Tue, 12 Oct 2021 10:08:30 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-pegib2o4rpWK6uubAneV/w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 164xWCSuMRCufBnFuK3WuMS10bt2HArdrnuZlqXsEzU.js Show response
pagead2.googlesyndication.com/bg/ Frame 9605 35 KB
13 KB 7ms
7ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/164xWCSuMRCufBnFuK3WuMS10bt2HArdrnuZlqXsEzU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

d7ae315824ae3110ae7c19c5b8add6b8c4b5d1bb761c0addae7b9996a5ec1335

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 09:43:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1497
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13308
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Wed, 12 Oct 2022 09:43:33 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 19FE 41 KB
15 KB 16ms
16ms Script
text/javascript 216.58.212.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211006_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.129 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f1.1e100.net

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 00:47:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 292839
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sun, 09 Oct 2022 00:47:51 GMT

HEAD
H/1.1

200
OK

file.mp4
r5---sn-4g5lznes.c.2mdn.net/videoplayback/id/1c023ffedacbbfe3/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3777377231/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,m... Frame 19FE
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/1c023ffedacbbfe3/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3777377231/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/sig...
https://r5---sn-4g5lznes.c.2mdn.net/videoplayback/id/1c023ffedacbbfe3/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3777377231/sparams/acao,ctier,expire,id,ip,ipbits,i...

0
0

50ms
7ms

Fetch
video/mp4

74.125.160.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r5---sn-4g5lznes.c.2mdn.net/videoplayback/id/1c023ffedacbbfe3/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3777377231/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7DB5B8F09D73157A1AD09941DCADF218A10D4A84.681507B7D708E8725E00880255B7D623FA7002DE/key/cms1/cms_redirect/yes/mh/Mz/mip/216.131.114.241/mm/42/mn/sn-4g5lznes/ms/onc/mt/1634032864/mv/m/mvi/5/pl/24/file/file.mp4

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

74.125.160.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s13-in-f10.1e100.net

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 12 Oct 2021 10:08:30 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 2245717
Last-Modified: Wed, 29 Sep 2021 15:27:10 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Tue, 12 Oct 2021 10:08:30 GMT

Redirect headers

date: Tue, 12 Oct 2021 10:08:30 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 647
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
location: https://r5---sn-4g5lznes.c.2mdn.net/videoplayback/id/1c023ffedacbbfe3/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3777377231/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7DB5B8F09D73157A1AD09941DCADF218A10D4A84.681507B7D708E8725E00880255B7D623FA7002DE/key/cms1/cms_redirect/yes/mh/Mz/mip/216.131.114.241/mm/42/mn/sn-4g5lznes/ms/onc/mt/1634032864/mv/m/mvi/5/pl/24/file/file.mp4
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1E85 0
0 59ms
59ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211007&jk=4030711496716880&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s11-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 228C 23 KB
9 KB 16ms
16ms Document
text/html 216.58.212.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.129 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f1.1e100.net

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/H0ZEmIz7.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8727
date: Tue, 12 Oct 2021 07:40:06 GMT
expires: Wed, 12 Oct 2022 07:40:06 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 8904
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 164xWCSuMRCufBnFuK3WuMS10bt2HArdrnuZlqXsEzU.js Show response
pagead2.googlesyndication.com/bg/ Frame 228C 35 KB
13 KB 7ms
7ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/164xWCSuMRCufBnFuK3WuMS10bt2HArdrnuZlqXsEzU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

d7ae315824ae3110ae7c19c5b8add6b8c4b5d1bb761c0addae7b9996a5ec1335

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 09:43:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1497
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13308
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Wed, 12 Oct 2022 09:43:33 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 44ms
44ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211007&jk=4030711496716880&bg=!1dal1pLNAAbGFvHlxhY7ACkAdvg8WsZq5cteh2p_vjtjCLShquZr6PRvoW2auk1SrP6NRjmjieMwvAIAAABvUgAAAB5oAQcKAI4bxHem-YUbRtMQH4LcCvxzMrlzSfEPybOARUIUm0JRVxtAgrIhYSEO8o5w4Kp0BXJ6X5PFrbiFlLmHplv0cicFmuo3OddtsLAUm0OgcsX53lvmBDPrOtlKMHkebqJ89xfTJykdZ5btaH5B-7xkg27pB87aLsinjH3vG5bNHMkqBFiTbKjrLPtvCsGm37A5mQKGI9jgll0w5u9FlyzPz6U0t08e6Q5Nh3N-WaQ5Roudug2Q5wpJGd_sJT6Gk2xicUuON29DFb5O8M3h6Hi34Yr7uZ_o-9DY8dWBH0JebG738NsKgtvKpntwgcHkc62XfM7E8ZG9GJQ03zY0SyTeYFN1GJWVwOfJVxngT0dP3DWGkhQTELr7kJ0-J65GfA2AHS9KYBEG7NExCVJS0K0zGPR1LI1cXMDq7hXY4EnuUWqF1Tgt9G26fwk_6hRAfX4z1MHTQhDs0Bwq_w4qhJAVGjqU49fqnCP8tc3r8vR4JT5LyK1KE5aC-wT_VP5yVbK7iMH-NqKP_4nO09fZBFW5VlhlyUz55Eu2__wiYVtSPoIxcZU5yMDgJ2ZsEUsn8-DqJqF2WX7hxoiFq7LvkdBSzZ1i3E6PnpIoUTGFAVmOT1oE3ACs52thAe-0tJGa66cWk5BRb7EYOZVwKfcoGqyp6CemnydSBTqBS0aJLUplFtirrE8g7Wrurf-iguKtv2Mn1hHKg7xp8XrtyjbztuK2M0vD0PsIiRLFv2h3CfiCJZ4AJ2lh4bqE-V7lTAnIndM-ZO-z0DNmU_sOwJc6xXXjSKe1k8ylxi0LjzNDJnDMVOYjsFXGrwtXrvdSd_RrskClwjbdt6OtuVGRpMh_G5hEt8t1yJFKaDgkKseQ6zdIP7DvJ4W1ygCJPBqF_ZB7Vl1og_e0cJFwnXBxeS6-OZyOvxQIU134T1ylX-Xvm8rnKhukjEux9_RPQob26AvE6Opq6jPBbbRo-qM6NHcKhCH89Q8_NjL453DmqYUCqHi4dPolfS0Ryo9sOyM1yw8VwxK63tI1X0TpNibL1Qe-Tad2X1nHRJsEXzsdgQ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 10:08:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 206 file.mp4
r5---sn-4g5lznes.c.2mdn.net/videoplayback/id/1c023ffedacbbfe3/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3777377231/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,m... Frame 19FE 2 MB
2 MB 16ms
7ms Media
video/mp4 74.125.160.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.160.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s13-in-f10.1e100.net

Software

gvs 1.0 /

Resource Hash

3b7f33b4afb2747ff1bfec879cea57a35bc5dcdc0cf3ea8e0d70f7636fef15b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Tue, 12 Oct 2021 10:08:30 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-2245716/2245717
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 2245717
expires: Tue, 12 Oct 2021 10:08:30 GMT
last-modified: Wed, 29 Sep 2021 15:27:10 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 228C 0
20 B 42ms
42ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BWnR0nl5lYcToGIembMj2iMgGAAAAADgB4AQC&bg=!1tWl1ZHNAAbGFvHlxhY7ACkAdvg8WrBDde8iNIz8U7W6jDw6kTJGCRrL12K-TUYIdB3XSf55CwKO-gIAAABkUgAAAAtoAQeZAtca8NjVLZTgaPwmeUg-UwMOVz6OaTV75m8UPerbW8cBv7usEGUxAuGOG13_OcRN-iPVXmvZXxN42z95sYi89FQaOG_6xwBSZ6AhUNJ9zJPgfgXGXw6o6hjn7SndO9T_Kc8PpDW9MIddadjKjwNc9rUx-sFuRBpgvZPWZBsFahAhv7ayYArjdP2BJOgc4VdD2fO4iaAKFe7XOAhAcNnr2wH6yLWStWO-Yru8UV9AkVX0N4fQJrL8KaZW9JF3cmIKhnsRqSBfcT-ucGPORU7hieZp9ZI44f4Ci8A1vRgDlTcjIvIsggywqy2gssj7HngphdVV4c-ZH7EAepVzimlpfXSIrnW98JcAbo5Bt9s8B9U5Nq_xp4_gp17gsYjcXaI4LXN6XC59hwm7DlObNTaIlbZkdr_m-gZUIYuTI-Hy1iPNe5IGaQ0uM_69CefZg7g8peB99-70IZKPi3AZBCj925cKa9bX5LI-0SZeweCAIMnPZneGNXtJowz2al-0rAhwn7LCPu-LogTqWFG2dgEg0YDkRATl3ibFSBakwlQOk1BAz-BLUhoqu4DNc1gcl5evoCrT0A59cEVDYkwX7kd-zBQgInDBlLoqTIIZ4U5dG4LFpKJkkgOg4togBcytVjqptm_wWiNTgSeGg3mM6iPdAL_BMSGxLl8tERMds5wC69CNkGK0pqEN42ZWUEuwdiyziaNJ1yJYQW4G4EGPeoB_EH_T_3FPpo2kJw6TVXfkFgFBo24-tQLJNRgiDZyAk9zHGC4FFqhmxEr3zCtNH52WcCnofCkkW5cjL74d0EUXAY6o7gLSJfPfuZv2_wQYU818Z6Ky2ZEV08cXMS4yPhON658tVerqqsyOOVsQpDkdb7N1UyYqcLX75Vdir34D3TWqPpB-Rcoaqto__lThvNA7ARFbAvBy4k4-bJ0arnva66TDX9MTQAKYBLAX_jP51TvYJx9Nz8z6ak-S

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 10:08:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6E15 42 B
64 B 37ms
37ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv6XgcgejgzFdWF6odBTXwPBjZpKpwjfRyBT1YuaH2QyJyXnA40orjwpF1dCMnjwlGxKClNqARMhP1m9dgmijzYJzjx4rHSmleRDjT3N3G20OS5Gyw&sai=AMfl-YQ1bzaFQCWUAJEyWIwWXZHCfFmg_YeKL8nfynPDd-nVoY9q1ZkrS3_MADqMTs1vY1YAvvZM_pCWcVhl&sig=Cg0ArKJSzGxvItYZ29g5EAE&cid=CAASBORoVZ4&id=lidar2&mcvt=1000&p=0,0,94,728&mtos=0,796,1000,1082,1082&tos=0,796,204,82,0&v=20211011&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1634033310201&rpt=226&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 10:08:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 19FE 0
17 B 28ms
14ms Ping
image/gif 216.239.32.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~kunx8rkk&c=338389515263&slotId=169194757631.5&qqid=COmr8rfQxPMCFbXA5god8i4BOg&fb=outstream-lima&gpm_i=10&gpm_c=10&gpm_a=10&smb=1000&br=998&mt=video%2Fmp4&vs=640x360&ulv=1&cll=0&vmfc=15&vhc=0&msm=1&aits=17%2C36%2C18%2C59%2C342%2C343%2C344%2C345%2C346%2C347%2C692%2C43%2C44%2C0&webm=2&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fwebm%2Cvideo%2Fwebm&hvmf=false&vms=1&bit=343&vsrc=doubleclick_dmm&ape=1&ple=1&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211006_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.32.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 10:08:31 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

70 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.xn--82cz3bcub1a.com/	1970-01-20 07:19:48	Name: _pk_id.1.1764 Value: 4d63f2e0905fc0bd.1634033310.1.1634033310.1634033310.
www.xn--82cz3bcub1a.com/	1970-01-19 21:53:55	Name: _pk_ses.1.1764 Value: *
.xn--82cz3bcub1a.com/	1970-01-20 15:25:05	Name: _ga Value: GA1.2.2145660158.1634033310
.xn--82cz3bcub1a.com/	1970-01-19 21:55:19	Name: _gid Value: GA1.2.590359839.1634033310
.xn--82cz3bcub1a.com/	1970-01-19 21:53:53	Name: _gat_UA-153146014-2 Value: 1
.xn--82cz3bcub1a.com/	1970-01-20 07:15:29	Name: __gads Value: ID=049ede2365321d8f-2211331bf3ca0037:T=1634033309:RT=1634033309:S=ALNI_MaVKLTZcddrfzutQfvYxHGVGXL3zg
.doubleclick.net/	1970-01-20 15:25:05	Name: IDE Value: AHWqTUlwh3WXaMCGjRBYU9KPSPMu_ckOL6J9ZmTHFgZuoSfbNBWD3CgSU3U_Lj2R
.casalemedia.com/	1970-01-20 06:39:29	Name: CMID Value: YWVenhlNR7wx0U0rvfw3PQAA
.casalemedia.com/	1970-01-20 00:03:29	Name: CMPS Value: 3202
.adnxs.com/	1970-01-20 00:03:29	Name: uuid2 Value: 2624139676980494219
.adnxs.com/	1970-01-20 00:03:29	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVNk?eSM!]tbPl1M>e)ZlrFUfJ+tGXxoP>tVQhAPnu?UbJcU_%XL)W$@2jYvo]Z?sPc1bpRzqF1`*b_YK)xVeA
.casalemedia.com/	1970-01-20 00:03:29	Name: CMPRO Value: 1164
.casalemedia.com/	1970-01-19 21:55:19	Name: CMST Value: YWVenmFlXp4A
.casalemedia.com/	1970-01-20 06:39:29	Name: CMRUM3 Value: 2d61655e9e2760CAESELcsi9_CSJ8Wl3Aabknmado

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211006_RC00/outstream.min.js(Line 344) Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
bid.g.doubleclick.net
cm.g.doubleclick.net
csi.gstatic.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
imasdk.googleapis.com
pagead2.googlesyndication.com
partner.googleadservices.com
r5---sn-4g5lznes.c.2mdn.net
s0.2mdn.net
secure.gravatar.com
tpc.googlesyndication.com
unified.adsafeprotected.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.xn--82cz3bcub1a.com
104.21.60.7
142.250.184.194
142.250.184.202
142.250.184.226
142.250.184.232
142.250.185.131
142.250.185.174
142.250.185.202
142.250.185.238
142.250.185.98
142.250.186.130
142.250.186.166
142.250.186.98
172.217.16.130
172.217.18.100
18.203.164.190
185.33.221.90
192.0.73.2
2.18.234.21
216.239.32.3
216.58.212.129
74.125.133.156
74.125.160.42
04c8dcc84fa65cbf58766e7721efaeca4262daa76ddc3821a27ae5a785330817
09a4be40c90137d981d4518d5b5ccb527d29e369e432e9c5ee092aa638049f80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1381f68a6b37e14e40c56d40db12aadabb56dba213d5ae57b3e3921486b51b8f
14af47320898bd93f367026f7833c9956f14e24856976e4f9e10be31155cdcf2
15179bcf587735652ddf7a4af0ed500881cb4b4eaf3effce1719c1d3de17f79d
16a7b7a50d09178946d64f7fb089f476e501039661dfcea0f584ceb001832b31
185c8f0ba5c84bb93c5ce2c23f353a9f5db8d4b7cdb4a03d816867c2a3871ed0
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1e3bbf2a6d9503811213baca9f5e309618ca968136199ca532a0a5167c0b0f1c
1e8abcf385e610634a9069e8b107b8c7c5859443f76b2e2ff5918225f49413d9
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
1f545406044a61672841ce2f37fa93ecfcf847dee9e5f4b2163b082c92f8ae7b
24555680b413d9b1d6d8eea400a95ae4e064030afadd57eff2bd67f4df3740a9
2daef5d6e1fd443e7e4f276687bb439f0337beede80c568164acbd4e8c07a0bc
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
380ce11f72c311feb35a6f0103e632193dddfe5b17c90ecf2086bd3e19f86b78
393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7
39e7c487b5b1c852e5835db98ffa3881e184890d7173a55050d9a73bfe7b3689
3b7f33b4afb2747ff1bfec879cea57a35bc5dcdc0cf3ea8e0d70f7636fef15b5
3badc3b7ce5f225ccf3a3566c66b9f98847157a34e815330419924de2b0851f9
3f299b3703fb31e190361befee2e60121f46a7bf4313d7701e26f072a6898e00
445e6a7ce81a9f7e2e8cf26bac4db8baf48075bcb1a017129b6884d4849fb347
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4f0eccc908556115e29f22b7404a11373f7a7c72752ddc73c911797b55420f51
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5185ac24b649da5cca0868d19d666098a535eca4808b52089b52565b2663079d
5626ac5fc502bafcb9cf799a1806cda130d641113d82a51a8161e68d88bb0015
5d8ee972e445f7120c198a83a0363cc844a3e55094e4aaa0548ffa9e213b3b9b
62a1871e4b6628d8e7ec4af963840978e11484ed4b96c5798697f01061a526af
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c1b2722be99e0f2c4cd70c48f342eb543a3ee0bec1b5dc6f1d72b034e013b47
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
718d66ce50013292b452c554d8277d9242ec5df30461e7dc04d605221dde224d
787d76ad6deab67ccf8bac1b584260205e114f508fc5542b612e3f75d49a34e4
86e496b536b26ba60cdb68df9dd9143b19a63b65e30e373b0321833aab1295d6
8e4560c16c7970efa47680450b2cf239d4a482c056d308acea12bb9022906c8b
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a603a5b5b17a1845503de11ada8c0a9d5a88f88ed067774be29f8fd6d3beefdb
ab284cc52cfd66499f9a23c4bd80beb61618a52e3b82dc3bf0cb7c55f3001ffd
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ac57b8948fa16f8d943d98c14ca1f077dfb3de90e29c11547b7b59310b77c704
ae527135a3acdc3971662044dd3869265fcbfacaab816949604b0d37dba6a314
b0afbdd068bd9e7ab578552a0b8fa4024a01415f0951f99771e73576acee1ee3
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3bc2441d5da50426149127c49996ab64bec996d81daf9ee96624538f0f8b37a
b42caef1a29745971a3cb0ae39444bad3338dc56e3b08972af775eb13030ec93
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a
bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d
c18e2670fa7018288e2b21265dcd1973129285aa3d2e5be8c9fb8b54554d9f4d
d19d72f9c6e5bb747a38571cf87013b5fdc205a277e307aaded38c30339bcfd9
d375c8dac1748463424ffa815d9adc8756fc96979ff656c35ecb769e7d16678d
d522ceba20f12d2594bca7ab06bc6cc877e8ee1c5d94c2ae3c3af0d90c38ccc6
d7ae315824ae3110ae7c19c5b8add6b8c4b5d1bb761c0addae7b9996a5ec1335
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e98cac48f5c13b3fbaa28458f0d8f26a78c9d944f8f4edad9abcb249b9028ca7
ed48fac0897231a6a9e5702abb288242f01e636708e426bc0e8b0dc548ae5a3c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909
f685e060ea2385c8f008c5915373f506dcb4a3e5ad648a7693efca4550f2a037
f694b4fc5d667777e89694296218e249226ae1670bbe90a8a345f9f75298b9cd
fb9268e99659f17a183de7aa0d4e27453f96c159a7ba99d6482522f8f72d1009
fbc199bf7f97061c41664b040e84616a0cb54441a2efc5801d5d401d3a049f3c
fc27aed7787a4f63d2feba50e6bc6122ac3c5479456d40c0a445899a08ad92f3

www.xn--82cz3bcub1a.com Open in urlscan Pro Puny www.ตรวจหวย.com IDN 104.21.60.7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

87 Requests

100 %HTTPS

0 %IPv6

15 Domains

24 Subdomains

23 IPs

5 Countries

3782 kBTransfer

5969 kBSize

14 Cookies

25 Outgoing links

Redirected requests

87 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.xn--82cz3bcub1a.com Open in urlscan Pro Puny
www.ตรวจหวย.com IDN
104.21.60.7 Public Scan

Screenshot
Live screenshot

Full Image

87
Requests

100 %
HTTPS

0 %
IPv6

15
Domains

24
Subdomains

23
IPs

5
Countries

3782 kB
Transfer

5969 kB
Size

14
Cookies

87 HTTP transactions
4 data transactions