urlscan.io logo urlscan.io
SecurityTrails logo

www.itinforok.com Open in urlscan Pro
2606:4700::6812:1964  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.itinforok.com/
Effective URL: https://www.itinforok.com/
Submission: On January 29 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 1 countries across 7 domains to perform 60 HTTP transactions. The main IP is 2606:4700::6812:1964, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.itinforok.com.
TLS certificate: Issued by GTS CA 1P5 on January 10th 2024. Valid for: 3 months.
This is the only time www.itinforok.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    2606:4700::6812:1864 (United States)

ASN13335 (CLOUDFLARENET, US)
www.itinforok.com
13    2606:4700::6812:1964 (United States)

ASN13335 (CLOUDFLARENET, US)
www.itinforok.com
2    2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
4    2607:f8b0:4006:808::2002 (Colchester, United States)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
13    2606:4700:3036::ac43:aee0 (United States)

ASN13335 (CLOUDFLARENET, US)
gamein.heiheigame.com
10    2607:f8b0:4006:80a::200e (Colchester, United States)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
1    2607:f8b0:4006:824::2001 (Colchester, United States)

ASN15169 (GOOGLE, US)
5ad862368d4c2c0f58d9db21d30d3069.safeframe.googlesyndication.com
5    2607:f8b0:4006:817::2001 (Colchester, United States)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
6    2607:f8b0:4006:821::2001 (Colchester, United States)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
5    2607:f8b0:4006:820::2002 (Colchester, United States)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    2607:f8b0:4006:806::2004 (Colchester, United States)

ASN15169 (GOOGLE, US)
www.google.com
Apex Domain
Subdomains		 Transfer
14 itinforok.com
www.itinforok.com
111 KB
13 heiheigame.com
gamein.heiheigame.com
924 KB
12 googlesyndication.com
5ad862368d4c2c0f58d9db21d30d3069.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 157
pagead2.googlesyndication.com — Cisco Umbrella Rank: 110
54 KB
11 google.com
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1143
www.google.com — Cisco Umbrella Rank: 2
71 KB
5 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 410
104 KB
4 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 209
178 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 324
9 KB
60 7
Domain Requested by
14 www.itinforok.com 1 redirects www.itinforok.com
13 gamein.heiheigame.com www.itinforok.com
10 fundingchoicesmessages.google.com securepubads.g.doubleclick.net
6 tpc.googlesyndication.com www.itinforok.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
5 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
5 cdn.ampproject.org securepubads.g.doubleclick.net
4 securepubads.g.doubleclick.net www.itinforok.com
securepubads.g.doubleclick.net
2 cdn.jsdelivr.net www.itinforok.com
1 www.google.com tpc.googlesyndication.com
1 5ad862368d4c2c0f58d9db21d30d3069.safeframe.googlesyndication.com securepubads.g.doubleclick.net
60 10

This site contains no links.

Subject Issuer Validity Valid
itinforok.com
GTS CA 1P5		 2024-01-10 -
2024-04-09		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-09-27 -
2024-10-28		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh
heiheigame.com
E1		 2023-12-13 -
2024-03-12		 3 months crt.sh
*.google.com
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh
misc-sni.google.com
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh
www.google.com
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh

This page contains 5 frames:

Primary Page: https://www.itinforok.com/
Frame ID: 3168800565A1EED65EF93EC7B9717E49
Requests: 45 HTTP requests in this frame

Frame: https://5ad862368d4c2c0f58d9db21d30d3069.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E4D726843885BCA0BF0F6539781F8AAF
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012401091919000/amp4ads-v0.mjs
Frame ID: 54D73BEEAB3421E92A9A309652A0673E
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: AEFB8A0DDD919DC80B99959D6373E4AB
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F80B63018CDAB7127D7C7294E3D44057
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Html5 Games - Free to play!

Page URL History Show full URLs

  1. http://www.itinforok.com/ HTTP 301
    https://www.itinforok.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • clipboard(?:-([\d.]+))?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • cookieconsent\.min\.js
Overall confidence: 100%
Detected patterns
  • swiper(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

60
Requests

100 %
HTTPS

100 %
IPv6

7
Domains

10
Subdomains

11
IPs

1
Countries

1451 kB
Transfer

2532 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.itinforok.com/ HTTP 301
    https://www.itinforok.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

60 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.itinforok.com/
Redirect Chain
  • http://www.itinforok.com/
  • https://www.itinforok.com/
39 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1964 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ffed483bf863ea5d8278e9f0084d1a55c823d9aab83c8fd42a8663d2048afee7

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=86400
cf-cache-status
HIT
cf-ray
84d4db728e73728d-EWR
content-encoding
br
content-type
text/html; charset=utf-8
date
Mon, 29 Jan 2024 22:19:31 GMT
expires
Tue, 30 Jan 2024 22:19:31 GMT
last-modified
Mon, 29 Jan 2024 12:24:11 GMT
server
cloudflare
vary
Accept-Encoding

Redirect headers

CF-RAY
84d4db724e5e1839-EWR
Cache-Control
max-age=3600
Connection
keep-alive
Date
Mon, 29 Jan 2024 22:19:31 GMT
Expires
Mon, 29 Jan 2024 23:19:31 GMT
Location
https://www.itinforok.com/
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400
public.css
www.itinforok.com/static/themes/gametemp-q7/assets/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/css/public.css
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1964 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dbafe77fe4ba49d10b50e2d35e37673260f6ef054512edf9ea9013532afa289a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
cf-bgj
minify
last-modified
Wed, 01 Jun 2022 10:30:44 GMT
server
cloudflare
cf-polished
origSize=4154
etag
W/"62973fd4-103a"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=86400
cf-ray
84d4db745910728d-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 30 Jan 2024 22:19:31 GMT
swiper.min.css
www.itinforok.com/static/themes/gametemp-q7/assets/css/ 		19 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/css/swiper.min.css
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1964 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c207e653a1b44030d371cae76dbc884cfa7d6936525798d06be58b4cf45a9a5a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:31 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 03 Aug 2020 06:20:52 GMT
server
cloudflare
etag
W/"5f27acc4-4d4d"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=86400
cf-ray
84d4db745911728d-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 30 Jan 2024 22:19:31 GMT
iconfont.js
www.itinforok.com/static/themes/gametemp-q7/assets/font/ 		52 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/font/iconfont.js
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1964 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10bb72b14e202fffb0eb6dfb7fae8a91fc9c9c4f52429f2a3a281503454ad566

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:31 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Thu, 14 Nov 2019 09:41:52 GMT
server
cloudflare
etag
W/"5dcd2160-ce10"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
cf-ray
84d4db745912728d-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 30 Jan 2024 22:19:31 GMT
swiper.min.js
www.itinforok.com/static/themes/gametemp-q7/assets/js/ 		125 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/js/swiper.min.js
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1964 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ebd5d7878133be396f3f8338dafd4dd18e9147c49281573d431bda4a41600e5e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Mon, 03 Aug 2020 06:20:52 GMT
server
cloudflare
etag
W/"5f27acc4-1f3cb"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
cf-ray
84d4db745913728d-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 30 Jan 2024 22:19:31 GMT
lazyload.min.js
www.itinforok.com/static/themes/gametemp-q7/assets/js/ 		2 KB
1017 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/js/lazyload.min.js
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1964 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b3baa10ac55f4eece0c7e666eaddd51872b8ce9273671626bcccec8f86ead78

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:31 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
cloudflare
etag
W/"1dc09d84-8a2"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
cf-ray
84d4db745914728d-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 30 Jan 2024 22:19:31 GMT
clipboard.js
www.itinforok.com/static/themes/gametemp-q7/assets/js/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/js/clipboard.js
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1964 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7a10a5cf1574ff5efbe38630ff3bd4fbf6fbc4a587393ff7cf3f7bbb985dc03

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
cf-bgj
minify
last-modified
Thu, 26 Sep 2019 07:58:28 GMT
server
cloudflare
cf-polished
origSize=10759
etag
W/"5d8c6fa4-2a07"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
cf-ray
84d4db745916728d-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 30 Jan 2024 22:19:31 GMT
fastclick.js
www.itinforok.com/static/themes/gametemp-q7/assets/js/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/js/fastclick.js
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1964 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fe6546296a0a64c38f102a952b0e3d2cef6f8b99dc4f162dbb2b8baad21b190

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:31 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 26 Jan 2015 21:18:30 GMT
server
cloudflare
cf-polished
origSize=25965
etag
W/"54c6af26-656d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
cf-ray
84d4db74591b728d-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 30 Jan 2024 22:19:31 GMT
jquery.min.js
www.itinforok.com/static/themes/gametemp-q7/assets/js/ 		82 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/js/jquery.min.js
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1964 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
333c29e8bc3e1ab7b66e03bec3f64469da990700b9ace77b36c0f37f2f3b30b5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 12 Mar 2021 02:48:12 GMT
server
cloudflare
etag
W/"604ad66c-14988"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
cf-ray
84d4db74591c728d-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 30 Jan 2024 22:19:31 GMT
cookieconsent.min.css
cdn.jsdelivr.net/npm/cookieconsent@3/build/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.css
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cd0d0b6e50ff01ff2f3a9a70d7cfb66a7c6cb9acf7a566325568be6d3bd31fc4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 29 Jan 2024 22:19:31 GMT
x-content-type-options
nosniff
content-encoding
br
age
41416
x-jsd-version
3.1.1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
1363
x-served-by
cache-fra-eddf8230078-FRA, cache-lga21937-LGA
x-jsd-version-type
version
etag
W/"135e-3nthfC1sCV/yhiNebPZMMo2hpL8"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
index.css
www.itinforok.com/static/themes/gametemp-q7/assets/css/ 		3 KB
968 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/css/index.css
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1964 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b45289fafe755039a91702e5b778a01706b26fc86e76f67c27104ad7fa1a725

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
cf-bgj
minify
last-modified
Fri, 12 Nov 2021 08:43:44 GMT
server
cloudflare
cf-polished
origSize=3857
etag
W/"618e2940-f11"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=86400
cf-ray
84d4db745918728d-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 30 Jan 2024 22:19:31 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		97 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7972c54a9a813562328e53a9cad28a7b4e39a7c6ee3944f4ffab9d49b72f5db4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29430
x-xss-protection
0
server
cafe
etag
42 / 19751 / m202401230101 / config-hash: 16575015937149874381
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 29 Jan 2024 22:19:32 GMT
loading.png
www.itinforok.com/static/themes/gametemp-q7/assets/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/img/loading.png
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1964 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
35c5b437bbb77b2079765d66890409ae170a4c817c65f7434835e07836bac217

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:31 GMT
cf-cache-status
REVALIDATED
cf-polished
origFmt=png, origSize=4568
content-disposition
inline; filename="loading.webp"
alt-svc
h3=":443"; ma=86400
content-length
1090
cf-bgj
imgq:85,h2pri
last-modified
Fri, 08 Nov 2019 02:31:08 GMT
server
cloudflare
etag
"5dc4d36c-11d8"
vary
Accept
content-type
image/webp
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
84d4db74591e728d-EWR
expires
Wed, 28 Feb 2024 22:19:31 GMT
logo-mini.png
www.itinforok.com/static/themes/gametemp-q7/assets/img/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/img/logo-mini.png
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:1964 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed32928001b662f8b75a5bd243d7d47f302cc1aebad177e4f8864b200e552e2c

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
cf-cache-status
REVALIDATED
cf-polished
origFmt=png, origSize=5653
content-disposition
inline; filename="logo-mini.webp"
alt-svc
h3=":443"; ma=86400
content-length
2260
cf-bgj
imgq:85,h2pri
last-modified
Sat, 10 Aug 2019 13:25:36 GMT
server
cloudflare
etag
"5d4ec5d0-1615"
vary
Accept
content-type
image/webp
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
84d4db74db337287-EWR
expires
Wed, 28 Feb 2024 22:19:32 GMT
cookieconsent.min.js
cdn.jsdelivr.net/npm/cookieconsent@3/build/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e55842a856a6d829feca3c3ad736c136b6c7549e9247274f78aa296259e06e24
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 29 Jan 2024 22:19:31 GMT
x-content-type-options
nosniff
content-encoding
br
age
39382
x-jsd-version
3.1.1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
7125
x-served-by
cache-fra-eddf8230120-FRA, cache-lga21937-LGA
x-jsd-version-type
version
etag
W/"50d5-nLraS9YXyGxjjPLr3exyStWWkHs"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
iconfont.woff2
www.itinforok.com/static/themes/gametemp-q7/assets/font/ 		6 KB
6 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.itinforok.com/static/themes/gametemp-q7/assets/font/iconfont.woff2
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/static/themes/gametemp-q7/assets/css/public.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:1964 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78200390d6155fc70fa4469c1d49ed2a56375d426471f78c4ce6e1c629e7e84a

Request headers

Referer
https://www.itinforok.com/static/themes/gametemp-q7/assets/css/public.css
Origin
https://www.itinforok.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
cf-cache-status
REVALIDATED
last-modified
Thu, 14 Nov 2019 09:41:52 GMT
server
cloudflare
etag
"5dcd2160-17a8"
vary
Accept-Encoding
content-type
font/woff2
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
84d4db74fb6b7287-EWR
alt-svc
h3=":443"; ma=86400
content-length
6056
expires
Tue, 30 Jan 2024 22:19:32 GMT
251cd622605b0259d9ec688f4ad4cfd9.jpg
gamein.heiheigame.com/uploads/gamepic/20231204/ 		83 KB
83 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20231204/251cd622605b0259d9ec688f4ad4cfd9.jpg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aee0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc1a4ecd05aa651ae718615ecaddc38988cfa43e8b2712f0e660d2bb62128243

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1404
alt-svc
h3=":443"; ma=86400
content-length
84794
last-modified
Mon, 04 Dec 2023 08:13:32 GMT
server
cloudflare
etag
"656d8a2c-14b3a"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pnte9NDyF%2BF1O6J%2BWpaQds9nAr7xXGhVICsDP5Y%2Fy83IAIPUZmbQEMUrEppUsC%2BqePrN8xcnoNao94yR7MWlKEfJY5izhTZdO%2B7ct3rsSZ5gSJF85oPhM775pi%2BV3My4CI0BaxxUzKKiEnEcY1CxdsJwuWY%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
84d4db758c7a5e71-EWR
access-control-allow-headers
X-Requested-With
expires
Wed, 28 Feb 2024 11:50:58 GMT
336ccc1edc73bad0ac21d22bb25f2c2c.jpg
gamein.heiheigame.com/uploads/gamepic/20231121/ 		105 KB
106 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20231121/336ccc1edc73bad0ac21d22bb25f2c2c.jpg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aee0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89b695479f2337d290259c05d13f361110786bb7b305bebb4db50951b93f17c4

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1404
alt-svc
h3=":443"; ma=86400
content-length
107992
last-modified
Tue, 21 Nov 2023 07:47:44 GMT
server
cloudflare
etag
"655c60a0-1a5d8"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=24FTqkFKlJDBFmYZd3352HFIswwrKwogsInACHcspYjlfIy6zKSq2bIcpLwAnC16gl8F7c1DsaMFZQhB0mxLFGlMvVTstxhYYRsger0MjebQ8GSeKLaXJ4DX8NU6CiZWyj67pbwChhz9Muh%2BextGVHm0Aug%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
84d4db758c7c5e71-EWR
access-control-allow-headers
X-Requested-With
expires
Wed, 28 Feb 2024 10:45:06 GMT
4618a9e40faf615995b910b0254bd981.jpg
gamein.heiheigame.com/uploads/gamepic/20231123/ 		22 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20231123/4618a9e40faf615995b910b0254bd981.jpg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aee0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41f5a4aa2cb4b68e0474f73e2cdb4e3a4fed23757d79f1e45accaf038d5d2936

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1404
alt-svc
h3=":443"; ma=86400
content-length
22924
last-modified
Thu, 23 Nov 2023 08:57:17 GMT
server
cloudflare
etag
"655f13ed-598c"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mikeLeUUqSQ3yVbLpSVkm3o0%2FFpDJ4H3syA1n0Qdcy3DyswkRc3FQibS90HGL5SFxIWtV%2FkflgyFkziWtg8DhIdvATVr73QKzULMLEvLP67ds%2F1%2BEMd8tQEYPtWdRzELT0fxSm1ql6hjUZU%2B7513b4JY9Vc%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
84d4db758c7d5e71-EWR
access-control-allow-headers
X-Requested-With
expires
Wed, 28 Feb 2024 11:50:58 GMT
9b22cc8dc38302299729ec23765a2a1f.jpg
gamein.heiheigame.com/uploads/gamepic/20231120/ 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20231120/9b22cc8dc38302299729ec23765a2a1f.jpg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aee0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a2738fb1a0b3aef0a80f22b339b55c1018fffcba8b46d240907021b9ae056e9

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1404
alt-svc
h3=":443"; ma=86400
content-length
35934
last-modified
Mon, 20 Nov 2023 05:59:44 GMT
server
cloudflare
etag
"655af5d0-8c5e"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1norwTrjV61WodDkreg0s1EqlIR%2FUjMGsyk1xTLLp6MAD5k3GV4PkpycqDU9DSsTk%2Fz9dSOMgjT0UQSTSbkxfi7q83hrHBcc%2BnRvevpDF40OA1JB%2Fe6P1obF01hwI%2BS4A%2FuEf4OzrdIPuJCAc0JMmMkkizc%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
84d4db758c7e5e71-EWR
access-control-allow-headers
X-Requested-With
expires
Wed, 28 Feb 2024 01:56:36 GMT
4eb2eaddfbcbfcf85832bc093956a28a.jpg
gamein.heiheigame.com/uploads/gamepic/20231114/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20231114/4eb2eaddfbcbfcf85832bc093956a28a.jpg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aee0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1dcc3e9c58353396b5837348d0ff2c592d34245b7b7aa7df575f56c1a1e3672

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1404
alt-svc
h3=":443"; ma=86400
content-length
34859
last-modified
Tue, 14 Nov 2023 06:39:33 GMT
server
cloudflare
etag
"65531625-882b"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jUOz1VYucyd7ErK9hz6Vms1TB%2BXjgutBSyv2zqlDjGHaDQoe5GMVDuiDaUVEWsKHdQdLfvUok8mwzG6TtWdBXsRISpmiSE99rzP%2BiVMXjYWQhmKPXcLVDWkabfJqaPuXgNXD3Jamr97OlK%2FhPFpq4BAvr10%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
84d4db758c7f5e71-EWR
access-control-allow-headers
X-Requested-With
expires
Wed, 28 Feb 2024 10:45:06 GMT
193e134a206507e5052aa824d2aa31d5.jpg
gamein.heiheigame.com/uploads/gamepic/20231106/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20231106/193e134a206507e5052aa824d2aa31d5.jpg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aee0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dea9e33c8cdd8a6ac537c139b4eab9c9907d203a3b3d7d9e324c733ace13a9fa

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1404
alt-svc
h3=":443"; ma=86400
content-length
14418
last-modified
Mon, 06 Nov 2023 07:49:43 GMT
server
cloudflare
etag
"65489a97-3852"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DjsuHyVUo22TXutWzYAR%2BcL8xeQ0bhaj8glwKH6cLRlgM%2F2mJ4qgByEAkBi22y6SE1DtNoPKNYXnaRrE1LmPu00RoTLkAOL62rRGkBiPGp5OrGVsPQNCZb5c7Ab6%2BiwXFKISuzsxLQY9YMoF2Xw6eyWfXZA%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
84d4db758c805e71-EWR
access-control-allow-headers
X-Requested-With
expires
Wed, 28 Feb 2024 11:50:58 GMT
38d6ea8053217ca6cc00df669d2be378.jpeg
gamein.heiheigame.com/uploads/gamepic/20231010/ 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20231010/38d6ea8053217ca6cc00df669d2be378.jpeg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aee0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
923b9fdf5e2d0012e7c783dea7a5a91ebc46b0eb5c46cb7de415ada937eb63cd

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1404
alt-svc
h3=":443"; ma=86400
content-length
40509
last-modified
Tue, 10 Oct 2023 10:18:43 GMT
server
cloudflare
etag
"65252503-9e3d"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cnpp8ECA2hVTnah%2FmzQoTsH%2B1jO49OZfSuFrrmfvrEZmGsWcQy4Ha99Uw%2FfWBbpQQTMyUpxPO4xNOyfALO5H0ckOgzHxPFwmnWRU4reY2PXE3Fm09BaWqxzVUrorVBYAF9qV8RHM1Y0LHU%2FhlkgCd34ZDbc%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
84d4db75ac9c5e71-EWR
access-control-allow-headers
X-Requested-With
expires
Wed, 28 Feb 2024 01:56:36 GMT
fa1ce81fa732e12aeda803f1d9c1f58a.jpg
gamein.heiheigame.com/uploads/gamepic/20231207/ 		296 KB
296 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20231207/fa1ce81fa732e12aeda803f1d9c1f58a.jpg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aee0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
00238c9318ec92f80fbf629fe4f3c37fce79d3c5558fd004db8b7a3b2c8bd684

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1404
alt-svc
h3=":443"; ma=86400
content-length
302915
last-modified
Thu, 07 Dec 2023 03:35:10 GMT
server
cloudflare
etag
"65713d6e-49f43"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K%2B7WfBB6yCQXUpoUmtOAj3IEAiErKOjl56vOCqW7Cj7Qlmb2YO46lGuFEYWtb18tyQIqzFA46e9U8n8z8WKFK06JHcsd2GY8VeNKRFpnegSYWiQ%2Bbvg%2FcbNHhkWuew1fwlhyju18sokIDlHQgUMK5sEcTOw%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
84d4db75ac9d5e71-EWR
access-control-allow-headers
X-Requested-With
expires
Wed, 28 Feb 2024 10:45:06 GMT
2a945cd1786f6f3642cad4cd06c0fcce.jpg
gamein.heiheigame.com/uploads/gamepic/20231109/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20231109/2a945cd1786f6f3642cad4cd06c0fcce.jpg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aee0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f9027e9e96d7901aa1dc1863bfffaa17a3458120fea0c5a9065489c16bc06c5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1404
alt-svc
h3=":443"; ma=86400
content-length
33530
last-modified
Thu, 09 Nov 2023 07:18:59 GMT
server
cloudflare
etag
"654c87e3-82fa"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zL%2F8s9%2Fg0W3WzYQXtVNNRZv4U3rLhvSOG%2Bl6j8CdTeriiyacU1YqjNOoq0H6WfehikJsDPkyNrT3iGglHcqt3cZi6gnH2da4P3OPGoG91anpaFJ6%2Bet7S7oaAJO8Wcut%2FZSyBd7yKtDYPiKW1qVCBZpzZtg%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
84d4db75ac9e5e71-EWR
access-control-allow-headers
X-Requested-With
expires
Tue, 27 Feb 2024 23:35:46 GMT
05ed50926410e2c737e6ba26bd2fa4e5.jpg
gamein.heiheigame.com/uploads/gamepic/20231207/ 		87 KB
87 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20231207/05ed50926410e2c737e6ba26bd2fa4e5.jpg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aee0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f49ad2465be0d60e5ca21854bab732fe58c9b9241a0d9b4523d61a5ca95b7de7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1404
alt-svc
h3=":443"; ma=86400
content-length
88621
last-modified
Thu, 07 Dec 2023 06:23:19 GMT
server
cloudflare
etag
"657164d7-15a2d"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OfNqFts1%2B2lnuWt4gv5GulHBL%2FhaLT7QrFqkKnH4PmaGW%2BstIc61ik3sDxxSu5k6Asah%2FM3V3s7sbAdGQLeqWkVsE25MiA8xlVxh2Ro%2B2HXLKFt3oPiZ0FiXSO%2BBC7ex%2BaF4oqxNoPofJAdtfOdKUdSuh3g%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
84d4db75ac9f5e71-EWR
access-control-allow-headers
X-Requested-With
expires
Wed, 28 Feb 2024 11:50:58 GMT
574c9321c6629f32613f36820199c0eb.jpg
gamein.heiheigame.com/uploads/gamepic/20231129/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20231129/574c9321c6629f32613f36820199c0eb.jpg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aee0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddf41c228260b6c62a3ec30120f84a2f81391bd1847dc55789f3b13c89c8755e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1404
alt-svc
h3=":443"; ma=86400
content-length
21247
last-modified
Wed, 29 Nov 2023 06:23:40 GMT
server
cloudflare
etag
"6566d8ec-52ff"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jfKSzpZR6btUE9NnN0af6HFxdvPVxM6z4TU25keSkZTFlx4wEoeSAN%2Foq2Uq%2FzPdxP7mZzT0kL8mKUuO92viR6pY7mj1fA6sElJCSIhsoMNmxMGVcGBf4s8%2F6fJJ5ji8eNUh7YangEQgCHrJLBgia0Wf6tk%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
84d4db75aca05e71-EWR
access-control-allow-headers
X-Requested-With
expires
Wed, 28 Feb 2024 08:37:49 GMT
b64a3e6011f8da6d1daf80169dc37eec.jpg
gamein.heiheigame.com/uploads/gamepic/20231128/ 		57 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20231128/b64a3e6011f8da6d1daf80169dc37eec.jpg
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aee0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71bdfe742ea702d39baf9285108f365d1fd0019ce9121f09ce4c45bfd2d0fc0f

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
57898
last-modified
Tue, 28 Nov 2023 09:32:11 GMT
server
cloudflare
etag
"6565b39b-e22a"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A%2FvOrVkFGHVHxpjrEpcFIlQBKL0zb0%2Be%2FW%2F%2Fes3xl7TB3%2BQhI9iNDTlDsskKYBBK8e%2F3xt9X3tmuK810gfc8ntNxGu15c4IvjkAQm8h6yPikpgRKkR%2FZwHtkf%2Bxf8gcDawJ8klPaLUt2ZhYu%2BhJLPT4t7HM%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
84d4db75aca25e71-EWR
access-control-allow-headers
X-Requested-With
expires
Wed, 28 Feb 2024 01:56:36 GMT
fab496bd57cad5ae4f904e3eb08344cf.PNG
gamein.heiheigame.com/uploads/gamepic/20231123/ 		92 KB
93 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gamein.heiheigame.com/uploads/gamepic/20231123/fab496bd57cad5ae4f904e3eb08344cf.PNG
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aee0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42d2d395f6628b551f3ec0396fcecaa8d1375029140fbbb690ef30356a0eee01

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
cf-cache-status
HIT
last-modified
Thu, 23 Nov 2023 08:39:49 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"655f0fd5-171c3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aoESSR7FdhoC%2BvQW9KYRiITwWvSi3%2FrREJRbmlXH8ZyftTIizXchs2sIUUZ3PNcbKs3VGHUjelGPervFP2Tx2EH%2FdYXDfEz%2BtklWFc9greHCZHHHqnakzS79%2BmfFDCIgzQOjc1dBXRQ2gMgGKQt7W1OpxvY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=86400
accept-ranges
bytes
cf-ray
84d4db75aca35e71-EWR
alt-svc
h3=":443"; ma=86400
content-length
94659
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/ 		431 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
56ab6b29646315f6b094297b45752ae23fe18430c8eb531edaa6297d917eb5f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 21:26:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
3187
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
138344
x-xss-protection
0
server
cafe
etag
11931332024773231753
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Tue, 28 Jan 2025 21:26:25 GMT
22847393195
fundingchoicesmessages.google.com/i/ 		183 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/22847393195?ers=3
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0fd6fef31312a103ce014ffe87a851106db78843ee4ee7807065a08f1285f6e2
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-sEF1vzAwICLNQLIUSyTN-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
content-security-policy
script-src 'report-sample' 'nonce-sEF1vzAwICLNQLIUSyTN-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjOsOoxSXF4KchxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyAuyH7OVAHEjH9eMHECcU__S6YpQPzuy0smnq8vmSSAWAOI30m-YvoGxDt8PFjehE9n5YqYznq6YDrrZSBmq5jOygfEcXXTWfOAmG_ddFbd9dNZt5yZzroHiGOeT2dNAeLFrDNYVwPxlMAZrHOAuCUayAZip_QZrEFA_DlzButvIC67fY61DoiFeDi-nHiwlk2gY1rbG0YAsh9ctg"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxW9eX1S5Z6_ppAd1Nur1gK-B8UNlgcNYkdf04fQz7U36mQHAZKG3EFqs-gM7ytaDXrxNIRah-c1jMHQG3TCh1_injCXGs1bq5XwQPeEbF0VpgUmggcbRyEWyOLf_TZsoj8bpTxoBA==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxW9eX1S5Z6_ppAd1Nur1gK-B8UNlgcNYkdf04fQz7U36mQHAZKG3EFqs-gM7ytaDXrxNIRah-c1jMHQG3TCh1_injCXGs1bq5XwQPeEbF0VpgUmggcbRyEWyOLf_TZsoj8bpTxoBA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA2NTY2NzcyLDU2MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cuaXRpbmZvcm9rLmNvbS8iLG51bGwsW1s4LCJsTUl6ZEFLS0RFWSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.lMIzdAKKDEY.es5.O/am=wA/d=1/rs=AJlcJMzmB6bdT_BMgeeZSzvNF8-3Z93uig/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
68683f91fa535c3f57a511b29652907a93a42c88b913f3fc009f4f1f262a4c8e
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-orjwz1Etgy_8Vvw4B6pdNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
content-security-policy
script-src 'report-sample' 'nonce-orjwz1Etgy_8Vvw4B6pdNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjOsOoxSXF4KAhxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyAuyH7OVAHEjH9eMHECcU__S6YpQPzuy0smnq8vmSSAWAOI30m-YvoGxDt8PFjehE9n5YqYznq6YDrrZSBmq5jOygfEcXXTWfOAmG_ddFbd9dNZt5yZzroHiGOeT2dNAeLFrDNYVwPxlMAZrHOAuCUayAZip_QZrEFA_DlzButvIC67fY61DoiFeDi-nHiwlk3gxvkXs5gAqWJdQg"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		53 KB
14 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=33493622268504&correlator=563028387867750&output=ldjh&gdfp_req=1&vrg=202401230101&ptt=17&impl=fif&gdpr=0&iu_parts=22847393195%2Citinforok-401h3%2Citinforok401h3-sy01&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1706566772590&lmt=1706531051&adxs=650&adys=1305&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.itinforok.com%2F&vis=1&psz=1200x266&msz=300x250&fws=4&ohw=1200&ga_vid=1486515982.1706566773&ga_sid=1706566773&ga_hid=814758573&ga_fc=false&dlt=1706566771883&idt=525&adks=606777621&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7be29f66426b47926bf5b9c19c0ae7af3611650acc9665a29c6db4e06fde27eb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:33 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14046
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.itinforok.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
5ad862368d4c2c0f58d9db21d30d3069.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E4D7 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://5ad862368d4c2c0f58d9db21d30d3069.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2001 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 29 Jan 2024 22:19:33 GMT
expires
Tue, 28 Jan 2025 22:19:33 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
AGSKWxXxqW54bWa5Q-KC7kSSzz0ihuz51TRF0xID9lnLIlRn0cBGzGwMwbNbtzfw8NQNCTCaWfX2HbfQH5DIBWwkQe9ikGo8GrgobT9kSRaTM_dAdCRL15YRfWn2i6MNXtq8J-KEGGq1yw==
fundingchoicesmessages.google.com/f/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXxqW54bWa5Q-KC7kSSzz0ihuz51TRF0xID9lnLIlRn0cBGzGwMwbNbtzfw8NQNCTCaWfX2HbfQH5DIBWwkQe9ikGo8GrgobT9kSRaTM_dAdCRL15YRfWn2i6MNXtq8J-KEGGq1yw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA2NTY2NzcyLDYyODAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vd3d3Lml0aW5mb3Jvay5jb20vIixudWxsLFtbOCwibE1JemRBS0tERVkiXSxbOSwiZW4tVVMiXSxbMTksIjIiXSxbMTcsIlswXSJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.lMIzdAKKDEY.es5.O/am=wA/d=1/rs=AJlcJMzmB6bdT_BMgeeZSzvNF8-3Z93uig/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4790304c0d85f05266b98e45dc8239aee85dc0cb9ea5adbcb4d8f5754ad4bc00
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-NtzZxZ6R34bfP8rnWvBmsw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:32 GMT
content-security-policy
script-src 'report-sample' 'nonce-NtzZxZ6R34bfP8rnWvBmsw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjOsOoxSXF4K4hxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyAuyH7OVAHEjH9eMHECcU__S6YpQPzuy0smnq8vmSSAWAOI30m-YvoGxDt8PFjehE9n5YqYznq6YDrrZSBmq5jOygfEcXXTWfOAmG_ddFbd9dNZt5yZzroHiGOeT2dNAeLFrDNYVwPxlMAZrHOAuCUayAZip_QZrEFA_DlzButvIC67fY61DoiFeDi-nHiwlk1gRsuGPUwArGxcqA"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012401091919000/ Frame 54D7 		196 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012401091919000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2001 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6e874111442f36d488f5e4a7f742391a8c02b70c60b333454fe4f85a3b26e3d5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 26 Jan 2024 06:13:08 GMT
age
317185
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56104
x-xss-protection
0
server
sffe
etag
"cf7caf439f3410f8"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 25 Jan 2025 06:13:08 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012401091919000/v0/ Frame 54D7 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012401091919000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2001 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d79a688e4e23466eeee3ab0d7d3a99a0588b1aa1c7ae0f4fedfbd498c9022eb4
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 26 Jan 2024 06:06:13 GMT
age
317600
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5212
x-xss-protection
0
server
sffe
etag
"d5f0e0ea1e5219b8"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 25 Jan 2025 06:06:13 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012401091919000/v0/ Frame 54D7 		95 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012401091919000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2001 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
36726fd194e9e08908bb49a382c3fe0b70ee41d480b09869b5aa70c81fcabe7f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 26 Jan 2024 06:09:30 GMT
age
317403
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29119
x-xss-protection
0
server
sffe
etag
"7ed328db9ca95286"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 25 Jan 2025 06:09:30 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012401091919000/v0/ Frame 54D7 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012401091919000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2001 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
643fe707091c6e32630daf29adabf146aea6096d30af0367bcddbe54c19bcad0
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 26 Jan 2024 05:58:26 GMT
age
318067
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1910
x-xss-protection
0
server
sffe
etag
"b1b3f9c71858a21a"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 25 Jan 2025 05:58:26 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012401091919000/v0/ Frame 54D7 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012401091919000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2001 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
062e7c29b1c3e36f8684e7e298346efe23cd760daf282103361b0645d843c686
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 26 Jan 2024 05:53:46 GMT
age
318347
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12971
x-xss-protection
0
server
sffe
etag
"0e9793e292f94cd9"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 25 Jan 2025 05:53:46 GMT
3106997199308850617
tpc.googlesyndication.com/daca_images/simgad/ Frame 54D7 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/3106997199308850617?w=300&h=250&tw=1&q=75
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a75a92b551b7cf8e5b2acf4bb5b859ec83ccfc4c90d016c2e66c4c02e084063b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires
Fri, 02 Feb 2024 18:48:19 GMT
date
Fri, 26 Jan 2024 18:48:19 GMT
x-content-type-options
nosniff
age
271874
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8831
x-xss-protection
0
last-modified
Wed, 24 Jan 2024 05:32:33 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons
true
truncated
/ Frame 54D7 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
126ac32364088d00180f028778e1c190377768977c0ab11e743b0797ec91c150

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/png
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 54D7 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 07:56:08 GMT
x-content-type-options
nosniff
server
cafe
age
51805
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2502
x-xss-protection
0
expires
Tue, 30 Jan 2024 07:56:08 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 54D7 		295 B
664 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: www.itinforok.com
URL: https://www.itinforok.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 06:04:48 GMT
x-content-type-options
nosniff
server
cafe
age
58485
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Tue, 30 Jan 2024 06:04:48 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		16 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202401230101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2002 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4b7c28a171b53dd4255691d7dc31e6941c0777137fbde9d3c03f3525fbbfb7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:33 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12161
x-xss-protection
0
adview
securepubads.g.doubleclick.net/pagead/ Frame 54D7 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CptcxdCS4Zd7KJ6e26toPzMmX0AfBk_C7defax8n1EerWqIiSDhABIM7nypcBYMnGqYvApNgPoAHhpo_cKMgBAeACAKgDAcgDCKoEkgJP0MbiXpN1Wu9U1khGzkRtrtblZ3A-g9sgiD1Us8baz-8841JHvxZv7eWxtKcbnuOVaL0N7iCRjRixTJn0aD_8KVsDutoJagT5z1tmYNLBe6qgSMirnSfw9V9rpYifL0reG-VbZ91nriPAWx7BKMzy_dn265FvOAHKvJl1gtT0AQxDd0YEnaQij46ekOIrx6oAIGc2RjhUSGSSdd4jN72y-tafQvyRoF9J6EJD94oRL1kdTf2Cf4_XCmQ5PcOI-Fk9uQY0HvnJ3RglTeDJKl_bM3iXzoRmPBvZCMTmxdPmp13pVNBTq66anX6rjV6Oxk5bgSCFV4yefbhorzY37I_7pLsPPhQfm559yojH1mBM4AkOwAT7wPjUugTgBAGIBY7F38dMkgUECAQYAZIFBAgFGASgBgKAB-KvgrgEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ6o800ggfCIBhEAEYHTICigI6BIBAgEBIvf3BOljErJLS0IOEA5oJ_AJodHRwczovL2ltcHJvdmVkZXhwZXJpZW5jZXMuY29tL3dvcmstbGlmZS9jbG91ZC1ob3N0aW5nLXlvdXItZ2F0ZXdheS10by1hLXNlYW1sZXNzLW9ubGluZS1leHBlcmllbmNlP2Ffc3ViaWQ9Y2NfMDA2JmFfY2lkPTU0NDQmYV9mZWVkPXJzb2MmYV92Yz0zMSZocD0xJm1hdGNodHlwZT0ma2V5d29yZD0mbmV0d29yaz1kJmRldmljZT1jJmFkcG9zaXRpb249JnNvdXJjZT1nb29nbGUmY2FtcGFpZ25pZD0yMDU1MTU1Nzc3NCZhZGdyb3VwaWQ9MTUzMTg2MzQ1MDgzJmFkaWQ9Njc0MTAyNjE0MDUzJnBsYWNlbWVudD13d3cuaXRpbmZvcm9rLmNvbSZ0YXJnZXQ9c2VnbWVudF9iZV9hXzIxOTMyMDgxNDk0MDI5OTA2MjcmbG9jX3BoeXNfbXM9OTA2NzYwOSZsb2NfaW50X21zPYAKA8gLAdoMEQoLEJCwn4OvuayexgESAgED4g0TCPzaktLQg4QDFSebWgUdzOQFetgTDIgUAdAVAYAXAbIXHwodCAASFHB1Yi0xOTEyMTYxNTM3MTQ2ODQyGIDxjAE&sigh=i3XONBfxR0Q&uach_m=%5B%5D&ase=2&nis=5&cid=CAQSTgAvHhf_0T6R4m3crK2t9MItoq0VMfKRdWo_0KoktX9Le_19r2gTZi59Gijc01Aie-VhI-pHntmKWOTXjFe13BxhtDw7rrr04GcpGzs4RRgB&cbvp=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 29 Jan 2024 22:19:33 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame AEFB 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
age
7622
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 29 Jan 2024 20:12:31 GMT
expires
Tue, 28 Jan 2025 20:12:31 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame F80B 		829 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::2004 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a44efe3fb8e6007e86cdafeff3f3d16ab622bad2bfc810513748ead2995a04c1
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-mN19LoO3iv85swG9794Oqw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itinforok.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-mN19LoO3iv85swG9794Oqw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 29 Jan 2024 22:19:33 GMT
expires
Mon, 29 Jan 2024 22:19:33 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
pagead2.googlesyndication.com/bg/ Frame AEFB 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2002 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 20:17:07 GMT
content-encoding
br
x-content-type-options
nosniff
age
7346
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15219
x-xss-protection
0
last-modified
Mon, 15 Jan 2024 09:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 28 Jan 2025 20:17:07 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame F80B 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202401230101&jk=33493622268504&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2002 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame AEFB 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?lfBxLQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:33 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
imp
fundingchoicesmessages.google.com/f/AGSKWxWkSYTz-S1FGrQCRflUifwQlzHzk_34CM1w987V61m8LRBjIYjlJRXg6b_X3v89nM7yKwzIrz4d2Bu6kcKs-4Ys1lfJAxIF6AhBFGeorIc9zFXJexMTorRukT7zkwPzBUzhhF0lRQWeKj-0ufBI_39h8L_q_... 		54 B
110 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxWkSYTz-S1FGrQCRflUifwQlzHzk_34CM1w987V61m8LRBjIYjlJRXg6b_X3v89nM7yKwzIrz4d2Bu6kcKs-4Ys1lfJAxIF6AhBFGeorIc9zFXJexMTorRukT7zkwPzBUzhhF0lRQWeKj-0ufBI_39h8L_q_v0YEQI4_XegpWeDUSnY_wVJ_ei9DMxg/_/imp?slot=/admax./flexads?/adplayer._720_90.
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.lMIzdAKKDEY.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMwUwk8S3lvqCRjdd4FHf7_IJcArdw/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
22096694f3165a07dade0191f34d432c876d7c7e8acb0636d8a012f08a82e624
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-wsusJditeyOwIwhs6RvLtA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:33 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-wsusJditeyOwIwhs6RvLtA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjOsOoxSXF4KwhxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyAuyH7OVAHEjH9eMHECcU__S6YpQPzuy0smnq8vmSSAWAOI30m-YvoGxDt8PFjehE9n5YqYznq6YDrrZSBmq5jOygfEcXXTWfOAmG_ddFbd9dNZt5yZzroHiGOeT2dNAeLFrDNYVwPxlMAZrHOAuCUayAZip_QZrEFA_DlzButvIC67fY61DoiFeDi-nniwlk3gwqstC5kBq6ZdLQ"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
osd.js
pagead2.googlesyndication.com/pagead/ 		61 B
76 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/osd.js?fcd=true
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.lMIzdAKKDEY.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMwUwk8S3lvqCRjdd4FHf7_IJcArdw/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2002 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c45c8b81ccfcbc08127b74787d1b5974078756233de947986c357e28ed8f13ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 21:49:59 GMT
content-encoding
br
x-content-type-options
nosniff
age
1774
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51
x-xss-protection
0
server
cafe
etag
16023549773543154165
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Mon, 29 Jan 2024 22:49:59 GMT
AGSKWxVcy8Be6t7G-o1-W9IUVSmtQc7I0ac9GjH0aqtn0T43PUTu03hGzd1axNASiU69BELuinkTiWtAgvibEZzHwVCrOOphRpSt3WUawQaZayun1zWyGR6vJk6nDsYi280QVQ19BgoV6A==
fundingchoicesmessages.google.com/el/ 		0
29 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVcy8Be6t7G-o1-W9IUVSmtQc7I0ac9GjH0aqtn0T43PUTu03hGzd1axNASiU69BELuinkTiWtAgvibEZzHwVCrOOphRpSt3WUawQaZayun1zWyGR6vJk6nDsYi280QVQ19BgoV6A==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.lMIzdAKKDEY.es5.O/am=wA/d=1/rs=AJlcJMzmB6bdT_BMgeeZSzvNF8-3Z93uig/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-LtEW9Oa9emzg2BzzI5khYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 29 Jan 2024 22:19:33 GMT
content-security-policy
script-src 'report-sample' 'nonce-LtEW9Oa9emzg2BzzI5khYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjctHikmLw1JBiqGV4xtQKxAXZz5kqgJjxzwsmTiB-J_mK6RsQ7_DxYJkSOIN1DhA7pc9gDQHistvnWOuAWIiH4-uJB2vZBA7MX76UGQDwhyDM"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://www.itinforok.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxVcy8Be6t7G-o1-W9IUVSmtQc7I0ac9GjH0aqtn0T43PUTu03hGzd1axNASiU69BELuinkTiWtAgvibEZzHwVCrOOphRpSt3WUawQaZayun1zWyGR6vJk6nDsYi280QVQ19BgoV6A==
fundingchoicesmessages.google.com/el/ 		0
29 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVcy8Be6t7G-o1-W9IUVSmtQc7I0ac9GjH0aqtn0T43PUTu03hGzd1axNASiU69BELuinkTiWtAgvibEZzHwVCrOOphRpSt3WUawQaZayun1zWyGR6vJk6nDsYi280QVQ19BgoV6A==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.lMIzdAKKDEY.es5.O/am=wA/d=1/rs=AJlcJMzmB6bdT_BMgeeZSzvNF8-3Z93uig/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-1UDXjqsHEDRPMe-IsGUG2w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 29 Jan 2024 22:19:33 GMT
content-security-policy
script-src 'report-sample' 'nonce-1UDXjqsHEDRPMe-IsGUG2w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjctHikmLw0pBiqGV4xtQKxAXZz5kqgJjxzwsmTiB-J_mK6RsQ7_DxYJkSOIN1DhA7pc9gDQHistvnWOuAWIiH4-uJB2vZBCYsfXGCGQDxBiEH"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://www.itinforok.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxVcy8Be6t7G-o1-W9IUVSmtQc7I0ac9GjH0aqtn0T43PUTu03hGzd1axNASiU69BELuinkTiWtAgvibEZzHwVCrOOphRpSt3WUawQaZayun1zWyGR6vJk6nDsYi280QVQ19BgoV6A==
fundingchoicesmessages.google.com/el/ 		0
29 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVcy8Be6t7G-o1-W9IUVSmtQc7I0ac9GjH0aqtn0T43PUTu03hGzd1axNASiU69BELuinkTiWtAgvibEZzHwVCrOOphRpSt3WUawQaZayun1zWyGR6vJk6nDsYi280QVQ19BgoV6A==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.lMIzdAKKDEY.es5.O/am=wA/d=1/rs=AJlcJMzmB6bdT_BMgeeZSzvNF8-3Z93uig/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-RmS6_hplD9OAhBhOyvVUzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 29 Jan 2024 22:19:33 GMT
content-security-policy
script-src 'report-sample' 'nonce-RmS6_hplD9OAhBhOyvVUzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjctHikmII0pBiqGV4xtQKxAXZz5kqgJjxzwsmTiB-J_mK6RsQ7_DxYJkSOIN1DhA7pc9gDQHistvnWOuAWIiH4-uJB2vZBF48XXOWGQD1hCFw"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://www.itinforok.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxVcy8Be6t7G-o1-W9IUVSmtQc7I0ac9GjH0aqtn0T43PUTu03hGzd1axNASiU69BELuinkTiWtAgvibEZzHwVCrOOphRpSt3WUawQaZayun1zWyGR6vJk6nDsYi280QVQ19BgoV6A==
fundingchoicesmessages.google.com/el/ 		0
29 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVcy8Be6t7G-o1-W9IUVSmtQc7I0ac9GjH0aqtn0T43PUTu03hGzd1axNASiU69BELuinkTiWtAgvibEZzHwVCrOOphRpSt3WUawQaZayun1zWyGR6vJk6nDsYi280QVQ19BgoV6A==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.lMIzdAKKDEY.es5.O/am=wA/d=1/rs=AJlcJMzmB6bdT_BMgeeZSzvNF8-3Z93uig/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-hnzsXz_kRPKOVaI1HpgA4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 29 Jan 2024 22:19:33 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-hnzsXz_kRPKOVaI1HpgA4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjctHikmII0pBiqGV4xtQKxAXZz5kqgJjxzwsmTiB-J_mK6RsQ7_DxYJkSOIN1DhA7pc9gDQHistvnWOuAWIiH4-uJB2vZBH5cPnOWGQD17CGO"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.itinforok.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWh4KmKBp8qEUnZOk2hbKj8CMCtlGCCD2365BTXAdYDaa1WgU8oBtGsrfDcnkcsIiDeWe1MPDHqVSilNBwj1Ocblt4Qu2lNlJH1tWESMxzofzkG8fj_ttUjtWR37WnFD_cHjtTZ4Q==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxWh4KmKBp8qEUnZOk2hbKj8CMCtlGCCD2365BTXAdYDaa1WgU8oBtGsrfDcnkcsIiDeWe1MPDHqVSilNBwj1Ocblt4Qu2lNlJH1tWESMxzofzkG8fj_ttUjtWR37WnFD_cHjtTZ4Q==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA2NTY2NzczLDk0OTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cuaXRpbmZvcm9rLmNvbS8iLG51bGwsW1s4LCJsTUl6ZEFLS0RFWSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.lMIzdAKKDEY.es5.O/am=wA/d=1/rs=AJlcJMzmB6bdT_BMgeeZSzvNF8-3Z93uig/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e88f73aec1291e0e265ea8818298f763029ad3931e79adf3546df4b95bcc35be
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-SjqBbVTKyqGxc16kUO8nGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 22:19:33 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-SjqBbVTKyqGxc16kUO8nGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjusKoxSXF4KkhxXDy1m2mi0B83ukO03UgvqjylOkmENcyPGNqBeIH4c-YXgCxgcZzJgsgLsh-zlQBxIx_XjBxAnFP_0umKUD87stLJp6vL5kkgFgDiN9JvmL6BsQ7fDxY3oRPZ-WKmM56umA662UgZquYzsoHxHF101nzgJhv3XRW3fXTWbecmc66B4hjnk9nTQHixawzWFcD8ZTAGaxzgLglGsgGYqf0GaxBQPw5cwbrbyAuu32OtQ6IhXg4vp54sJZNoKPr2CVmAPzCYd4"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxVbzny-4cho-OzPY4wBylRuRrnzgy0oYTJjR4VNJT2Jcl14mBdyUDcVxMH5j9jP9O7ibvrX-A0VGkpj7hyYPkhbfbQmemhkDYj0Y44zDLe5Bqn8ZG8Ra8uQlUJ5Mk7gb7ltAmD1gA==
fundingchoicesmessages.google.com/el/ 		0
29 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVbzny-4cho-OzPY4wBylRuRrnzgy0oYTJjR4VNJT2Jcl14mBdyUDcVxMH5j9jP9O7ibvrX-A0VGkpj7hyYPkhbfbQmemhkDYj0Y44zDLe5Bqn8ZG8Ra8uQlUJ5Mk7gb7ltAmD1gA==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.lMIzdAKKDEY.es5.O/am=wA/d=1/rs=AJlcJMzmB6bdT_BMgeeZSzvNF8-3Z93uig/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200e Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-PigRGYV6w-VLJTNwT6aAQg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.itinforok.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 29 Jan 2024 22:19:34 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-PigRGYV6w-VLJTNwT6aAQg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjctHikmLw1pBiqGV4xtQKxAXZz5kqgJjxzwsmTiB-J_mK6RsQ7_DxYJkSOIN1DhA7pc9gDQHistvnWOuAWIib49uJB2vZBCacOcQGAM-xIEQ"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.itinforok.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202401230101&jk=33493622268504&bg=!Hh2lHVLNAAa8BdJLnAU7ADQBe5WfOOLYo6lcA7hmrV12VOLkqUZf04cL06FyvnMIZECjAsMmFKWHUYjt34HUGcZzV_bPAgAAAKxSAAAABGgBBwoADPpnmVqq9heApNC4v5kCves1hH9tYzPCxl1r5wDl5fHgWfOWf3zx5X84lOUtvkp_irw68VZLBcUOulM9kFF14Ipz-OZ8IfgaowHAd-SsIkdUso-mYmCnEknDl_xkS0dhZbNKwC-0jaR1VDEUB61ajsYf553DXbstwaWUv_zz6iCsmd-I7k0aqGf7oFxEeUK68s0OOQjoba01O7yo-eNIaVpTiitMtwJv7_7vbOfwfHqfoZzAlRz50PprUph-rOZfoZwzJNMHCoA9A9NizgziqXxJZCGZUvFvrDLJkxrHCMJhHIracqPRY8lzgcO3LuQ7jehpEKNDveY0luEKzFK2vwtkIP9mW4LpKVWpaljK92KoSERxUa5pdLwXcebb2_4HZvhzuDWNAlD4iRyw0MPWjQdjVt-9D5g_E-j0arEhDSp4YxGdxFTFYOzoki0UxqOMewPvW3nEa_D3FbXaLTa7Y98t7S1BTwAiy57K5RpCcKmXeWKdgwfBrer_lmYNHqYjeJKPheD1kscl9vXDM8HdSaFJX1xUfYsay21o7tZcEI6vQIAduWqsI5nZAlWxkqRMIoWpq-yPGSc7-0b24cxoIB7CxV_Hbnfso6okL4PvWr9Gn5p7ybQq9IF2J55RnPjAi7DSUgfwaXsjWVfXBfM3X37F_GD3dZhAKWtRn09Q0A_-qrSIiNEcBJrx9auAT0p5aJO3B_V69v1cRMvgVcfP2hT_mI35keqkV0ATA0ISoR_DsByASX7xkH5_MxZIzbBBY_c4rEm2Trg1zgYNEXU9ZaIEnLwJNIEQjMpG8Z68iYBc1fP6NcJmqu9HTd8n9MlgczJLB8hO81RaGR5ocusT23KcNO6-OsCDjhycIWSRlYWScd0Q2ssSWVMkWpsc7x-0sdHZH89OurMv6wk9sS2U0rm4W3NFIn4aWNUcsxnh_EfAk6bThIu2SMwtdIcN
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2002 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.itinforok.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 function| Swiper function| lazyload function| LazyLoad function| ClipboardJS function| FastClick function| $ function| jQuery object| googletag object| cookieconsent object| copyTip boolean| isClick string| copyText object| clipboard object| lazyLoadImg number| box number| detailImgHeight object| detailImg object| games object| faceBook object| twitter object| menuBtn object| menuMask object| menuClose object| shareBtn object| shareMask object| shareClose function| hide object| ggeac object| google_tag_data object| google_js_reporting_queue undefined| google_measure_js_timing object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef string| OGRkMzNjZGI4NjZhYzNjMmxvYWRlcl9qcw== string| OGRkMzNjZGI4NjZhYzNjMmNhY2hlZF9qcw== object| googlefc object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady number| google_unique_id object| gaGlobal object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| GoogleGcLKhOms boolean| bcc0ec89-ea01-47c1-8365-c5e6e4327eaf object| google_image_requests

4 Cookies

Domain/Path Name / Value
.itinforok.com/ Name: __gads
Value: ID=573dcdf9fdd01255:T=1706566772:RT=1706566772:S=ALNI_MbvcCleTBjXRO9KUmLnp7qiDGdxYg
.itinforok.com/ Name: __gpi
Value: UID=00000a09fa4a10a6:T=1706566772:RT=1706566772:S=ALNI_MathTw8JHnRYEBjaVG45_-ynZ5nYw
.doubleclick.net/ Name: IDE
Value: AHWqTUlmIyZ5UZQucMzB6XfMWw4NCigBBQCDi_R5aLOEa_zkdpaykLEfYxC1wDDDmXg
.itinforok.com/ Name: FCNEC
Value: %5B%5B%22AKsRol_DTSsMVtshDD0wLSUI4vgVkNr3jSUWqCRsAwadKB-oFy8GwRA3gkSv4U2K-Y7hILRbUKyRWyHYtOn65gkWHbtGNKktfNF-bkDtXFCZw7Q14xyynfEm3u5BlT10Lyqbuf3S6P1R1n0zRNnGc18a5es06YpFTQ%3D%3D%22%5D%5D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5ad862368d4c2c0f58d9db21d30d3069.safeframe.googlesyndication.com
cdn.ampproject.org
cdn.jsdelivr.net
fundingchoicesmessages.google.com
gamein.heiheigame.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.google.com
www.itinforok.com
2606:4700:3036::ac43:aee0
2606:4700::6812:1864
2606:4700::6812:1964
2607:f8b0:4006:806::2004
2607:f8b0:4006:808::2002
2607:f8b0:4006:80a::200e
2607:f8b0:4006:817::2001
2607:f8b0:4006:820::2002
2607:f8b0:4006:821::2001
2607:f8b0:4006:824::2001
2a04:4e42:600::485
00238c9318ec92f80fbf629fe4f3c37fce79d3c5558fd004db8b7a3b2c8bd684
062e7c29b1c3e36f8684e7e298346efe23cd760daf282103361b0645d843c686
0b45289fafe755039a91702e5b778a01706b26fc86e76f67c27104ad7fa1a725
0f9027e9e96d7901aa1dc1863bfffaa17a3458120fea0c5a9065489c16bc06c5
0fd6fef31312a103ce014ffe87a851106db78843ee4ee7807065a08f1285f6e2
10bb72b14e202fffb0eb6dfb7fae8a91fc9c9c4f52429f2a3a281503454ad566
126ac32364088d00180f028778e1c190377768977c0ab11e743b0797ec91c150
1a2738fb1a0b3aef0a80f22b339b55c1018fffcba8b46d240907021b9ae056e9
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
22096694f3165a07dade0191f34d432c876d7c7e8acb0636d8a012f08a82e624
333c29e8bc3e1ab7b66e03bec3f64469da990700b9ace77b36c0f37f2f3b30b5
35c5b437bbb77b2079765d66890409ae170a4c817c65f7434835e07836bac217
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36726fd194e9e08908bb49a382c3fe0b70ee41d480b09869b5aa70c81fcabe7f
3fe6546296a0a64c38f102a952b0e3d2cef6f8b99dc4f162dbb2b8baad21b190
41f5a4aa2cb4b68e0474f73e2cdb4e3a4fed23757d79f1e45accaf038d5d2936
42d2d395f6628b551f3ec0396fcecaa8d1375029140fbbb690ef30356a0eee01
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4790304c0d85f05266b98e45dc8239aee85dc0cb9ea5adbcb4d8f5754ad4bc00
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56ab6b29646315f6b094297b45752ae23fe18430c8eb531edaa6297d917eb5f7
5b3baa10ac55f4eece0c7e666eaddd51872b8ce9273671626bcccec8f86ead78
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
643fe707091c6e32630daf29adabf146aea6096d30af0367bcddbe54c19bcad0
68683f91fa535c3f57a511b29652907a93a42c88b913f3fc009f4f1f262a4c8e
6e874111442f36d488f5e4a7f742391a8c02b70c60b333454fe4f85a3b26e3d5
71bdfe742ea702d39baf9285108f365d1fd0019ce9121f09ce4c45bfd2d0fc0f
78200390d6155fc70fa4469c1d49ed2a56375d426471f78c4ce6e1c629e7e84a
7972c54a9a813562328e53a9cad28a7b4e39a7c6ee3944f4ffab9d49b72f5db4
7be29f66426b47926bf5b9c19c0ae7af3611650acc9665a29c6db4e06fde27eb
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
89b695479f2337d290259c05d13f361110786bb7b305bebb4db50951b93f17c4
923b9fdf5e2d0012e7c783dea7a5a91ebc46b0eb5c46cb7de415ada937eb63cd
a44efe3fb8e6007e86cdafeff3f3d16ab622bad2bfc810513748ead2995a04c1
a75a92b551b7cf8e5b2acf4bb5b859ec83ccfc4c90d016c2e66c4c02e084063b
b4b7c28a171b53dd4255691d7dc31e6941c0777137fbde9d3c03f3525fbbfb7e
c207e653a1b44030d371cae76dbc884cfa7d6936525798d06be58b4cf45a9a5a
c45c8b81ccfcbc08127b74787d1b5974078756233de947986c357e28ed8f13ac
c7a10a5cf1574ff5efbe38630ff3bd4fbf6fbc4a587393ff7cf3f7bbb985dc03
cd0d0b6e50ff01ff2f3a9a70d7cfb66a7c6cb9acf7a566325568be6d3bd31fc4
d79a688e4e23466eeee3ab0d7d3a99a0588b1aa1c7ae0f4fedfbd498c9022eb4
dbafe77fe4ba49d10b50e2d35e37673260f6ef054512edf9ea9013532afa289a
dc1a4ecd05aa651ae718615ecaddc38988cfa43e8b2712f0e660d2bb62128243
ddf41c228260b6c62a3ec30120f84a2f81391bd1847dc55789f3b13c89c8755e
dea9e33c8cdd8a6ac537c139b4eab9c9907d203a3b3d7d9e324c733ace13a9fa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e55842a856a6d829feca3c3ad736c136b6c7549e9247274f78aa296259e06e24
e88f73aec1291e0e265ea8818298f763029ad3931e79adf3546df4b95bcc35be
ebd5d7878133be396f3f8338dafd4dd18e9147c49281573d431bda4a41600e5e
ed32928001b662f8b75a5bd243d7d47f302cc1aebad177e4f8864b200e552e2c
f1dcc3e9c58353396b5837348d0ff2c592d34245b7b7aa7df575f56c1a1e3672
f49ad2465be0d60e5ca21854bab732fe58c9b9241a0d9b4523d61a5ca95b7de7
ffed483bf863ea5d8278e9f0084d1a55c823d9aab83c8fd42a8663d2048afee7