bit.ly Open in urlscan Pro
67.199.248.11 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bit.ly/2ykW1Iq
Effective URL:
https://bit.ly/2ykW1Iq
Submission: On May 27 via manual (May 27th 2025, 1:12:39 pm UTC) from IN — Scanned from CA

Summary HTTP 64 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 19 IPs in 2 countries across 11 domains to perform 64 HTTP transactions. The main IP is 67.199.248.11, located in United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is bit.ly. The Cisco Umbrella rank of the primary domain is 6471.
TLS certificate: Issued by DigiCert EV RSA CA G2 on March 26th 2025. Valid for: a year.

This is the only time bit.ly was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	67.199.248.11 67.199.248.11	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
12	54.230.48.157 54.230.48.157	16509 (AMAZON-02) (AMAZON-02)
6	172.253.62.157 172.253.62.157	15169 (GOOGLE) (GOOGLE)
14	172.253.62.154 172.253.62.154	15169 (GOOGLE) (GOOGLE)
2	142.251.163.132 142.251.163.132	15169 (GOOGLE) (GOOGLE)
2	142.251.167.154 142.251.167.154	15169 (GOOGLE) (GOOGLE)
3	142.251.16.132 142.251.16.132	15169 (GOOGLE) (GOOGLE)
1	64.233.180.156 64.233.180.156	15169 (GOOGLE) (GOOGLE)
5	172.253.122.148 172.253.122.148	15169 (GOOGLE) (GOOGLE)
4	192.178.155.132 192.178.155.132	15169 (GOOGLE) (GOOGLE)
1	142.250.31.147 142.250.31.147	15169 (GOOGLE) (GOOGLE)
3 4	142.251.111.155 142.251.111.155	15169 (GOOGLE) (GOOGLE)
2 4	104.18.27.193 104.18.27.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 4	68.67.181.102 68.67.181.102	29990 (ASN-APPNEX) (ASN-APPNEX)
2	142.251.179.149 142.251.179.149	15169 (GOOGLE) (GOOGLE)
1	142.250.200.3 142.250.200.3	15169 (GOOGLE) (GOOGLE)
1	172.253.63.95 172.253.63.95	15169 (GOOGLE) (GOOGLE)
2	142.251.167.94 142.251.167.94	15169 (GOOGLE) (GOOGLE)
64	19

3 67.199.248.11 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 54.230.48.157 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-48-157.yul62.r.cloudfront.net

d1ayxb9ooonjts.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.253.62.157 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f157.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 172.253.62.154 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f154.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.163.132 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f132.1e100.net

0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.167.154 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: ww-in-f154.1e100.net

ep1.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.16.132 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f132.1e100.net

ep2.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.180.156 (United States)

ASN15169 (GOOGLE, US)
PTR: on-in-f156.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.253.122.148 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f148.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.178.155.132 (United States)

ASN15169 (GOOGLE, US)
PTR: yuiadrs-in-f132.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.31.147 (United States)

ASN15169 (GOOGLE, US)
PTR: bj-in-f147.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.111.155 (Farmingdale, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: bk-in-f155.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.27.193 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.67.181.102 (North Bergen, United States) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1040.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.179.149 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: pd-in-f149.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.200.3 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr48s29-in-f3.1e100.net

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.63.95 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f95.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.167.94 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: ww-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 151 0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 220	186 KB
13	doubleclick.net 3 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 269 googleads.g.doubleclick.net — Cisco Umbrella Rank: 71 cm.g.doubleclick.net — Cisco Umbrella Rank: 363 ad.doubleclick.net — Cisco Umbrella Rank: 229	322 KB
12	cloudfront.net d1ayxb9ooonjts.cloudfront.net	31 KB
5	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 526	122 KB
5	adtrafficquality.google ep1.adtrafficquality.google — Cisco Umbrella Rank: 473 ep2.adtrafficquality.google — Cisco Umbrella Rank: 478	26 KB
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 392	4 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 930	2 KB
3	gstatic.com csi.gstatic.com fonts.gstatic.com	32 KB
3	bit.ly bit.ly — Cisco Umbrella Rank: 6471	19 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 107	880 B
1	google.com www.google.com — Cisco Umbrella Rank: 9	569 B
64	11

	Domain	Requested by
14	pagead2.googlesyndication.com	securepubads.g.doubleclick.net bit.ly 0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com pagead2.googlesyndication.com ep2.adtrafficquality.google tpc.googlesyndication.com
12	d1ayxb9ooonjts.cloudfront.net	bit.ly
6	securepubads.g.doubleclick.net	bit.ly securepubads.g.doubleclick.net 0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com
5	s0.2mdn.net	bit.ly s0.2mdn.net
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	tpc.googlesyndication.com	bit.ly 0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com tpc.googlesyndication.com
3	ep2.adtrafficquality.google	securepubads.g.doubleclick.net ep2.adtrafficquality.google
3	bit.ly	bit.ly
2	fonts.gstatic.com	fonts.googleapis.com
2	ad.doubleclick.net	bit.ly
2	ep1.adtrafficquality.google	securepubads.g.doubleclick.net
2	0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	fonts.googleapis.com	s0.2mdn.net
1	csi.gstatic.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
1	www.google.com	ep2.adtrafficquality.google
1	googleads.g.doubleclick.net	0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com
64	18

This site contains links to these domains. Also see Links.

Domain
bitly.com
gitbub.com
x.com
www.instagram.com
www.facebook.com
www.linkedin.com
adssettings.google.com

Subject Issuer	Validity	Valid
bit.ly DigiCert EV RSA CA G2	`2025-03-26` - `2026-03-25`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh
*.g.doubleclick.net WR2	`2025-04-29` - `2025-07-22`	3 months	crt.sh
adtrafficquality.google WR2	`2025-04-29` - `2025-07-22`	3 months	crt.sh
*.doubleclick.net WR2	`2025-04-29` - `2025-07-22`	3 months	crt.sh
tpc.googlesyndication.com WR2	`2025-04-29` - `2025-07-22`	3 months	crt.sh
*.google.com WR2	`2025-04-29` - `2025-07-22`	3 months	crt.sh
*.gstatic.com WR2	`2025-04-29` - `2025-07-22`	3 months	crt.sh
upload.video.google.com WR2	`2025-04-29` - `2025-07-22`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://bit.ly/2ykW1Iq
Frame ID: 86D03FE0EC22288C403D2F17A03CF971
Requests: 25 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: 24868B06727AED40448DD27B59831F0E
Requests: 1 HTTP requests in this frame

Frame: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Frame ID: B6CEB96B9B7E4EFB34799287AD4E2652
Requests: 1 HTTP requests in this frame

Frame: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Frame ID: D6C6BFC9CEE7A5BC80BB3DDC87A66FD1
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN3z17QCEP6ToNQDGPiywtABMAE&v=APEucNW-7Zp5L0H1GSmMCvKts-390kWW35iuWLEBB89czK5hldJba8VJBhP9vzgJLOMQ2ludX8HPzqffP1R70ePoSmDwNJszTw
Frame ID: D9F2706263BE9EE66EBB4210FFC26204
Requests: 5 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Frame ID: 070AE0FA867EB4331CBD9EE8F01413B4
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4FF13095E39C596CDD07C4DB8F95A86C
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: E5EB115FBCF8F7567C6FD8C22D034646
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8317383810659443196/index.html?ev=01_253
Frame ID: C2B2E70AE448A34F566F22B9268A44BD
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bitly | bit.ly/2ykW1Iq

Page URL History Show full URLs

http://bit.ly/2ykW1Iq HTTP 307
https://bit.ly/2ykW1Iq Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Page Statistics

64
Requests

92 %
HTTPS

0 %
IPv6

11
Domains

18
Subdomains

19
IPs

2
Countries

740 kB
Transfer

1972 kB
Size

13
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: http://bitly.com/?utm_source=Bitly&utm_medium=referral&utm_campaign=preview_page

Search URL Search Domain Scan URL

URL: http://gitbub.com/
Title: gitbub.com/

Search URL Search Domain Scan URL

URL: https://bitly.com/blog/trust-safety-at-bitly/
Title: Learn how

Search URL Search Domain Scan URL

URL: https://x.com/bitly

Search URL Search Domain Scan URL

URL: https://www.instagram.com/bitly/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/bitly

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/bitly/mycompany/

Search URL Search Domain Scan URL

URL: https://adssettings.google.com/whythisad?source=display&reasons=ASp5-QDY3H8nqzuJgLUNUcTbxWYr3xJdSa8LT8r_ITPWyYtzesO_1-a3bRZ9pZiWCATIzaQZ7vcjv1tUvr5ZnJWmI32kCK5Ru1SrIRyNl-4SUs8q3xGlhJyAHs6MFzUoJehM93p7ypZi8tlVDL-VisgEoABmfzw7HKlwAcu5wsyB5N1oRCJ6DnNPHsosJzZqNqe88OyjILxOsvOyBVGhWEdR2vTiJKWXpJ5FvzIPDGwJsy5hOGLYzL_yvBXqaLWuFuVBSD5WctMCDK-HhQBbz4FUr90CRt3sTZxF1isHIA7st5TD2I2YDGZOlNO3NW0AJT4aTEm6MBQePKBNNKv_O0PvN-uJHGuJQbWE6btIfMlsb8cn8bqVI--N9sbHzMXpxsYM7WJvP2OahBXdELd22bTNkrx1G7nTXinDGJ96FmMLF319Usg6t55CznwdB9u2lqdgkT-YP6C9MYHfWnNw-b2XNJa3R72eNWCJdHlKNJgLUkUtjlNVGI7i-mbLiS2vBIL6bbAl1_6ZHQfT4QjENFKsLHbZ8aeuKSF3uoQPKbug9Q0l6xXfgwFMvuoXGLqCjPjPRcrKZctnmAHqvNUFacQlz301WlZH5DhdYNua_d074hKSNvmi-_jXjja-B2vG-QbVIltTS_OZhnrvBXiLXupVqVJN0i0ZeJqSVIHlArC5ny4I2YULfJERxgwUd_paamm8wX4Ndz4AKbHWNgIDvd9KsKls5Vqsz0dX2OILTlNkPzjZMOJeK0PT_CgZbyY4OWnWqsvgiSiIf2pDIvno_EjmvNS0mbDePQJIL7QTa86XQo9m-k6_QinjkdmbK3pIcKFr0aWMZWZi26OE1ImSqU0HSbAi1PomIyEPDT1kTdj2FkTRe8tQls4CS_GcS9LJX-CRF_hdDzlUluxQLt16EVb90dGfNVPAOnvpquqHuUwCkRoToQZFoTj0vD_Ac89sWW148QBPk6K3lDpPa3NEjeBFN-i52NeUjxJxRgwmsKYUO-adUnaKF_w1rI-Nmdi765wijbMv4YcJNJC2cyUybVICS3pFBg_a24FRsXAv7xg-9NS_g8HRemmZpKEc4DsdTgefKuxUTq-qCuD3gs_h1GyPdkuhN5INDj3xeLulLDdl06gPA82b0BEUkVlIfZ_4vwg3kn208ro8DAX4L1DL3GAm0LLDQCKuxP1JKh6vPQK1SBEBumRX5JOEQN8TNBynyajb3RofiLdjC8ZVBDD45cU7x78KzkIS922rcns1moDTdPqXWWPNe0N6w9Nk095FOkb_dZz6YO6S5IoBOgHVvrB4LSn2UDwEk7bYbBCvjdgXC_uDTlqb9QBa3qeDPYzMGVOfLgl6dtjJhcUg5mChfg6bmJ67pyZMXLI7xnkmWJBXOC7g_dB3S9BqvJP51nTKDw8CFynz_qtv6N2bA4M_YNULJkSFCxoS3EZgsEv2MtuDXrPYM5GTfoC8gR9U7k_qenSjsmkMB-eG4sPzjtjUHMtufqt7txggIESZuc3A4811XEmzEwzLoG8bR7N-ChKbGf-uhYUgmnmx49Ga3gVo_euRzmUubfKYXs1W34sCIpT4Jt8q0nV4qLNceIcwqicpQUTrPGnQXQRBbm6wxeoEvprZCWnteDWaHCo32dBLmtBFa25finEfYERNOeWu2iL_8Sno268FGcUXcAw7WgVLaI3s4howxOS45HKWeZSvsQMeW1fv9kKY_mqAp_0NdQXc8PL1PGfI8RevGbP0Em692IHjnU2PYY5rmm4I87fZGtvaKx32YA_-UwwbNgFKqkFL_bB_SHie0FK6_S1KHk7GtzAQRlJZl-fN7d4K6Ub27J5d_gUCyHIwcz8XsIuoFkj_hH8p3GZ6sqVUZ8LEvkZFmI_e60RISUx5P_nJe5R3wxl2yrOKPA3b9Y3lQq-K06QkNAi1mjxFxvgTcNK8_axqYcwJGtZn0rdI75z2qNOTpzXymZZPdWCNQnmuPYBpQMMop_7U3_NbPPX_I3EIeUhLILsjZ2t8BLx4HdOtw7JyqSfVQvJKTMdZIFqya99Nq8TLYGHlZhFLDRMKikXYoII9GsWUFSqx

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bit.ly/2ykW1Iq HTTP 307
https://bit.ly/2ykW1Iq Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELgmVEroYjZcfvOlysZpRBU&google_cver=1

Request Chain 37

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=aDW6S9HM66kACCY4ARqg1AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELgmVEroYjZcfvOlysZpRBU&google_cver=1

Request Chain 38

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEKPQr01gC1p1sfYOLq6gIwU&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKPQr01gC1p1sfYOLq6gIwU%26google_cver%3D1

Request Chain 39

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjE1NjExMjg0NzY5OTc0MDcxMg%3D%3D

64 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request 2ykW1Iq Show response
bit.ly/
Redirect Chain

http://bit.ly/2ykW1Iq
https://bit.ly/2ykW1Iq

19 KB
19 KB

579ms
130ms

Document
text/html

67.199.248.11
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://bit.ly/2ykW1Iq
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.248.11 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: bit.ly
Software: nginx /
Resource Hash: d8f9cf7d5ad950875cfd016cbecf6f5b476392d42574550241329e9669c39a30

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=90
content-length: 18992
content-type: text/html; charset=utf-8
date: Tue, 27 May 2025 13:12:40 GMT
server: nginx
via: 1.1 google

Redirect headers

Location: https://bit.ly/2ykW1Iq
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 3BC92D5AD55132EE1A8216E94D482D88E73D53A5.css
d1ayxb9ooonjts.cloudfront.net/d/ 11 KB
3 KB 249ms
79ms Stylesheet
text/css 54.230.48.157
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://d1ayxb9ooonjts.cloudfront.net/d/3BC92D5AD55132EE1A8216E94D482D88E73D53A5.css
Requested by: Host: bit.ly
URL: https://bit.ly/2ykW1Iq
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.48.157 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-48-157.yul62.r.cloudfront.net
Software: nginx /
Resource Hash: aea18751d1237bfbdc12b9980842a50a5120430672cf4e2b39ae82dd4c0da039

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

x-amz-cf-pop: YUL62-C2
content-encoding: gzip
etag: W/"5a31d31a69ba966ce77f283cc98464b1"
age: 54553
via: 1.1 ea419f8269940bd7231c70acd36c430c.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: x5xLQaFYk9Ytga3NejGL-qOtmX_Rjghl28_6AbDdqTuIPMb4GVItow==
date: Mon, 26 May 2025 22:03:27 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
server: nginx
last-modified: Thu, 15 May 2025 19:25:05 GMT
x-amz-server-side-encryption: AES256

GET
H2 200 C1479C1BB4EBAEE77A9F4B616943FFEE9DAAEA0E.svg
d1ayxb9ooonjts.cloudfront.net/d/ 3 KB
2 KB 225ms
81ms Image
image/svg+xml 54.230.48.157
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://d1ayxb9ooonjts.cloudfront.net/d/C1479C1BB4EBAEE77A9F4B616943FFEE9DAAEA0E.svg
Requested by: Host: bit.ly
URL: https://bit.ly/2ykW1Iq
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.48.157 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-48-157.yul62.r.cloudfront.net
Software: nginx /
Resource Hash: cf3a1f5bae496ea0e4aeda4108a132d8f1e48707d083d948ef629aedc33c7fa1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

x-amz-cf-pop: YUL62-C2
content-encoding: gzip
etag: W/"f8bbacdf5ce2e98b14f9fef2a8a86085"
age: 25298
via: 1.1 ea419f8269940bd7231c70acd36c430c.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: l5q4L2cC5PDxfphenbDOujUHUYyZ0tDJUSrXwcSOg_h-CjoAXNYbjw==
date: Tue, 27 May 2025 06:11:02 GMT
content-type: image/svg+xml
vary: Accept-Encoding
server: nginx
last-modified: Thu, 06 Mar 2025 12:29:31 GMT
x-amz-server-side-encryption: AES256

GET
H2 200 7998B890712079265CF48279A49C2BE33A5EA5C5.svg
d1ayxb9ooonjts.cloudfront.net/d/ 1 KB
983 B 226ms
82ms Image
image/svg+xml 54.230.48.157
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://d1ayxb9ooonjts.cloudfront.net/d/7998B890712079265CF48279A49C2BE33A5EA5C5.svg
Requested by: Host: bit.ly
URL: https://bit.ly/2ykW1Iq
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.48.157 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-48-157.yul62.r.cloudfront.net
Software: nginx /
Resource Hash: c51fd35cfbc5051824cd1a683fade7868ec80575227d1446ec833e97727f28b2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

x-amz-cf-pop: YUL62-C2
content-encoding: gzip
etag: W/"2ef45692189bc5c8584a06b7b8409342"
age: 23224
via: 1.1 ea419f8269940bd7231c70acd36c430c.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: sfbv1kHOzVQSCxRYe-LXdQk4mTKbhK7KiSZ8YnNSsJQe7cmUeUSXcg==
date: Tue, 27 May 2025 06:45:36 GMT
content-type: image/svg+xml
vary: Accept-Encoding
server: nginx
last-modified: Mon, 12 May 2025 23:58:31 GMT
x-amz-server-side-encryption: AES256

GET
H2 200 1D999C15ABD60F9C7614234E59748D6E88DA48CB.svg
d1ayxb9ooonjts.cloudfront.net/d/ 563 B
926 B 80ms
80ms Image
image/svg+xml 54.230.48.157
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://d1ayxb9ooonjts.cloudfront.net/d/1D999C15ABD60F9C7614234E59748D6E88DA48CB.svg
Requested by: Host: bit.ly
URL: https://bit.ly/2ykW1Iq
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.48.157 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-48-157.yul62.r.cloudfront.net
Software: nginx /
Resource Hash: 50372d78d348a80a73a452b595840a7e2b2def7406a291b0842c3ef097b8c14e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

vary: Accept-Encoding
etag: "a42b6b8c5ace48e0e2dbeb10abd894dd"
age: 5024
via: 1.1 ea419f8269940bd7231c70acd36c430c.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 563
x-amz-cf-id: b9ApST__ZyKElC8YheSQf4ZePf7u-aLMe6mZFzng4yFLIQkhCh2MQg==
date: Tue, 27 May 2025 11:48:56 GMT
content-type: image/svg+xml
last-modified: Mon, 12 May 2025 23:58:32 GMT
server: nginx
x-amz-cf-pop: YUL62-C2
x-amz-server-side-encryption: AES256

GET
H2 200 6C891B94781612666EDE9475CC59454B79851F4F.svg
d1ayxb9ooonjts.cloudfront.net/d/ 522 B
886 B 81ms
80ms Image
image/svg+xml 54.230.48.157
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://d1ayxb9ooonjts.cloudfront.net/d/6C891B94781612666EDE9475CC59454B79851F4F.svg
Requested by: Host: bit.ly
URL: https://bit.ly/2ykW1Iq
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.48.157 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-48-157.yul62.r.cloudfront.net
Software: nginx /
Resource Hash: 6a39349df968a2349960f419cdfff35591b3d0ff89e0e0a69831ec30c82d5cb8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

vary: Accept-Encoding
etag: "8d1edaef37d15589ffdb15fd94916f0b"
age: 22466
via: 1.1 ea419f8269940bd7231c70acd36c430c.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 522
x-amz-cf-id: 7OaEKU5e4hkEy-7FbRJ2fW8PofVmrSYaAQOs8at2WRfsBibefFHwVQ==
date: Tue, 27 May 2025 06:58:14 GMT
content-type: image/svg+xml
last-modified: Mon, 12 May 2025 23:58:32 GMT
server: nginx
x-amz-cf-pop: YUL62-C2
x-amz-server-side-encryption: AES256

GET
H2 200 8955792E2AE2972C05969B26C881AD988C9BB5BD.svg
d1ayxb9ooonjts.cloudfront.net/d/ 362 B
726 B 81ms
79ms Image
image/svg+xml 54.230.48.157
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://d1ayxb9ooonjts.cloudfront.net/d/8955792E2AE2972C05969B26C881AD988C9BB5BD.svg
Requested by: Host: bit.ly
URL: https://bit.ly/2ykW1Iq
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.48.157 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-48-157.yul62.r.cloudfront.net
Software: nginx /
Resource Hash: 56a8a4fb115b24277c898d84fe68a5a12276708dbc73311d691be21761c188d0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

vary: Accept-Encoding
etag: "636eb2721b75f46b2f61790d3b627d70"
age: 26746
via: 1.1 ea419f8269940bd7231c70acd36c430c.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 362
x-amz-cf-id: 3RBY1sf9JBf_UN_hbPy37eiTa3Cdx11ffmgVgojy6siiGzn8iS-mgw==
date: Tue, 27 May 2025 05:46:54 GMT
content-type: image/svg+xml
last-modified: Thu, 06 Mar 2025 12:29:31 GMT
server: nginx
x-amz-cf-pop: YUL62-C2
x-amz-server-side-encryption: AES256

GET
H2 200 7C75D35E20E45DF9C90AF96EB32B81BAAA55B50D.webp
d1ayxb9ooonjts.cloudfront.net/d/ 17 KB
17 KB 95ms
93ms Image
image/webp 54.230.48.157
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://d1ayxb9ooonjts.cloudfront.net/d/7C75D35E20E45DF9C90AF96EB32B81BAAA55B50D.webp
Requested by: Host: bit.ly
URL: https://bit.ly/2ykW1Iq
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.48.157 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-48-157.yul62.r.cloudfront.net
Software: nginx /
Resource Hash: 5822c1ad5bfd86aa17808a851d6f05e560c2773f61a728f23cebf493dc9a4ec6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

vary: Accept-Encoding
etag: "a6c2aae1b41d9e328c4f8e6c34e3d12c"
age: 26343
via: 1.1 ea419f8269940bd7231c70acd36c430c.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 17206
x-amz-cf-id: NGOIVPUWDwqYqh55uBmPoJetohBUWFLwaUvmXB2qnyLUG6a9K64dhg==
date: Tue, 27 May 2025 05:54:04 GMT
content-type: image/webp
last-modified: Wed, 11 Sep 2024 17:03:54 GMT
server: nginx
x-amz-cf-pop: YUL62-C2
x-amz-server-side-encryption: AES256

GET
H2 200 E8AA887989AD48F5366B7DCFAEAB4A3FF8150A1D.svg
d1ayxb9ooonjts.cloudfront.net/d/ 401 B
766 B 96ms
94ms Image
image/svg+xml 54.230.48.157
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://d1ayxb9ooonjts.cloudfront.net/d/E8AA887989AD48F5366B7DCFAEAB4A3FF8150A1D.svg
Requested by: Host: bit.ly
URL: https://bit.ly/2ykW1Iq
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.48.157 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-48-157.yul62.r.cloudfront.net
Software: nginx /
Resource Hash: eb71d9655491b198debed418404907f06d0482f519f60082d165132471c90715

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

vary: Accept-Encoding
etag: "ac532c5f7b8ff686a348d1abaa8326d4"
age: 15239
via: 1.1 ea419f8269940bd7231c70acd36c430c.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 401
x-amz-cf-id: BIOo-N1o-ClPAN1cR-HuGdb1UT5qR3m2Accaq4Gaj8OJTKB6co8l_g==
date: Tue, 27 May 2025 08:58:47 GMT
content-type: image/svg+xml
last-modified: Thu, 06 Mar 2025 12:29:32 GMT
server: nginx
x-amz-cf-pop: YUL62-C2
x-amz-server-side-encryption: AES256

GET
H2 200 12032AF2C457BB634C4039A306C2C39420BF51EB.svg
d1ayxb9ooonjts.cloudfront.net/d/ 2 KB
1 KB 98ms
96ms Image
image/svg+xml 54.230.48.157
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://d1ayxb9ooonjts.cloudfront.net/d/12032AF2C457BB634C4039A306C2C39420BF51EB.svg
Requested by: Host: bit.ly
URL: https://bit.ly/2ykW1Iq
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.48.157 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-48-157.yul62.r.cloudfront.net
Software: nginx /
Resource Hash: e25bcc9dee748831827b2a2c85b06654ca507b77a82158a452694fa41623b438

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

x-amz-cf-pop: YUL62-C2
content-encoding: gzip
etag: W/"8f18e0d46157b022c600e0e735813a91"
age: 1008
via: 1.1 ea419f8269940bd7231c70acd36c430c.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: Wv9NR4VTbkzXyCpPRC5G9-PYLTZE20OVZBtWD_l2FSS38TZ9W1vGdg==
date: Tue, 27 May 2025 12:55:52 GMT
content-type: image/svg+xml
vary: Accept-Encoding
server: nginx
last-modified: Thu, 06 Mar 2025 12:29:32 GMT
x-amz-server-side-encryption: AES256

GET
H2 200 704DBB97AC75F2A7D9571254B944F17277707059.svg
d1ayxb9ooonjts.cloudfront.net/d/ 502 B
866 B 99ms
97ms Image
image/svg+xml 54.230.48.157
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://d1ayxb9ooonjts.cloudfront.net/d/704DBB97AC75F2A7D9571254B944F17277707059.svg
Requested by: Host: bit.ly
URL: https://bit.ly/2ykW1Iq
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.48.157 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-48-157.yul62.r.cloudfront.net
Software: nginx /
Resource Hash: 3f1c4d1df1ad822b77bfad7569189f3861c51e63e9dd05fd5d37e7d395b376ad

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

vary: Accept-Encoding
etag: "a0ff281181e05ab5f10f48b00bdf362e"
age: 22280
via: 1.1 ea419f8269940bd7231c70acd36c430c.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 502
x-amz-cf-id: VsTBIjPRdI06AvQXtOBca-KPC0yKVQljTnaJPG3oeu4COo_dd8elwQ==
date: Tue, 27 May 2025 07:01:43 GMT
content-type: image/svg+xml
last-modified: Thu, 06 Mar 2025 12:29:31 GMT
server: nginx
x-amz-cf-pop: YUL62-C2
x-amz-server-side-encryption: AES256

GET
H2 200 8F9B499DDC670821F87C474721CA954C0C1AD3F5.svg
d1ayxb9ooonjts.cloudfront.net/d/ 648 B
1011 B 100ms
99ms Image
image/svg+xml 54.230.48.157
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://d1ayxb9ooonjts.cloudfront.net/d/8F9B499DDC670821F87C474721CA954C0C1AD3F5.svg
Requested by: Host: bit.ly
URL: https://bit.ly/2ykW1Iq
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.48.157 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-48-157.yul62.r.cloudfront.net
Software: nginx /
Resource Hash: e2186f8814f8290dcfce59b5d8b0463e08af5df34a624a018411b4be9dd63d5b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

vary: Accept-Encoding
etag: "01e6d41986e3aff2a481b34bbb250d3d"
age: 18931
via: 1.1 ea419f8269940bd7231c70acd36c430c.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 648
x-amz-cf-id: 872x0iH0MOaA2W7kAyaFl4A6MrSiDC6VY9i612bG1zpnrSertLeq0g==
date: Tue, 27 May 2025 07:57:30 GMT
content-type: image/svg+xml
last-modified: Thu, 06 Mar 2025 12:29:32 GMT
server: nginx
x-amz-cf-pop: YUL62-C2
x-amz-server-side-encryption: AES256

POST
H2 200 beacon
bit.ly/preview_page/ 16 B
80 B 114ms
111ms Ping
application/json 67.199.248.11
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://bit.ly/preview_page/beacon
Requested by: Host: bit.ly
URL: https://bit.ly/2ykW1Iq
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.248.11 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: bit.ly
Software: nginx /
Resource Hash: fb1bf528d8237aac3e9ead389ab246ba0068f61fe281610110937ef2b8adefce

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Referer: https://bit.ly/2ykW1Iq

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
date: Tue, 27 May 2025 13:12:40 GMT
content-type: application/json
server: nginx

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 110 KB
34 KB 313ms
115ms Script
text/javascript 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: bit.ly
URL: https://bit.ly/2ykW1Iq

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

74cca4239de7577193a606f7ac054ae52f2678bccf710339dc767065de229092

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

content-encoding: br
etag: 840 / 20235 / m202505200101 / config-hash: 4677953494289217151
x-content-type-options: nosniff
expires: Tue, 27 May 2025 13:12:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 27 May 2025 13:12:41 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 34422
x-xss-protection: 0
server: cafe

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202505200101/ 539 KB
170 KB 111ms
110ms Script
text/javascript 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202505200101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

638b32a4f2339ff4f58198fe56ffb89091e03c23d76a39821797c01f026e21ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

content-encoding: br
etag: 8367355567805738573
age: 17544
x-content-type-options: nosniff
expires: Wed, 27 May 2026 08:20:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 27 May 2025 08:20:17 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 173743
x-xss-protection: 0
server: cafe

GET
H3 200 gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202505220101/ 63 KB
23 KB 116ms
115ms Other
text/plain 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/dict/m202505220101/gpt

Requested by

Host: bit.ly
URL: https://bit.ly/2ykW1Iq

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

8c9c942cbc4b50a998e5204686305e5192f73e9a64425654ef4b8716015b8b67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 10260624382802495031
age: 17543
x-content-type-options: nosniff
expires: Tue, 03 Jun 2025 08:20:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 27 May 2025 08:20:18 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 23619
x-xss-protection: 0
server: cafe
use-as-dictionary: match="/gampad/ads", id="m202505220101"

GET
H3 200 rum.js Show response
pagead2.googlesyndication.com/pagead/js/ 68 KB
25 KB 99ms
98ms Script
text/javascript 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/rum.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202505200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

69df9520e73d741f328f7a40e279710499d1e2af1a81de60b2be855802f0745c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

content-encoding: br
etag: 69234120874071566
age: 1970
x-content-type-options: nosniff
expires: Tue, 27 May 2025 13:39:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 27 May 2025 12:39:51 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 25553
x-xss-protection: 0
server: cafe

GET
H3 200 topics_frame.html Show response
securepubads.g.doubleclick.net/static/topics/ Frame 2486 102 KB
28 KB 303ms
98ms Document
text/html 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/static/topics/topics_frame.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202505200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

sffe /

Resource Hash

56b8de493133e66949fb4e7179fc6398806e734bb30cef739674fe9254f4c4b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bit.ly/2ykW1Iq
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 2466
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000, stale-while-revalidate=3600
content-encoding: br
content-length: 29108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 May 2025 12:31:35 GMT
expires: Tue, 27 May 2025 13:21:35 GMT
last-modified: Mon, 19 May 2025 19:44:47 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 116 KB
40 KB 778ms
778ms Fetch
text/plain 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4084945365367239&correlator=504333293174676&eid=31090591%2C31092255%2C31092621%2C95353385%2C83321073%2C31065645%2C31084739%2C31087491%2C95351364%2C31061691%2C31061693&output=ldjh&gdfp_req=1&vrg=202505200101&ptt=17&impl=fifs&iu_parts=23199830770%2Cbitly_previewpage_default_responsive_side_box&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600%7C336x280%7C300x250&ifi=1&didk=3269871665&dids=div-gpt-ad-1724340542602-0&adfs=3434351373&sfv=1-0-45&sc=1&cookie_enabled=1&abxe=1&dt=1748351561633&lmt=1748351561&adxs=179&adys=352&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fbit.ly%2F2ykW1Iq&rumc=4084945365367239&rume=1&vis=1&psz=658x610&msz=300x0&fws=0&ohw=0&topics=9&tps=9&htps=10&nt=1&psd=WzMxLFtdLG51bGwsM10.&dlt=1748351560427&idt=1104&prev_scp=ac%3DPrior_to_2023%26g%3DUS%26cohort%3Dpre_9_3%26connection_type%3Dlink%26tt%3Dcore%26t%3Dg&adks=3309689787&frm=20&eoidce=1&td=1&egid=8721&tan=debd2d4b-ac0f-45b4-9340-2c1e2e73d96a&tdf=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202505200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

b0e9f60937c6eba45939c5559f7b9d7a3ee909d78146d6409568a352bc975413

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

content-encoding: dcb
google-lineitem-id: -1
observe-browsing-topics: ?1
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 27 May 2025 13:12:42 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -1
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://bit.ly
content-length: 41390
x-xss-protection: 0
server: cafe

GET
H3 200 container.html Show response
0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame B6CE 7 KB
3 KB 309ms
100ms Document
text/html 142.251.163.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202505200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.132 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f132.1e100.net

Software

sffe /

Resource Hash

f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bit.ly/2ykW1Iq
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 3121
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 May 2025 13:12:41 GMT
expires: Tue, 27 May 2025 13:12:41 GMT
last-modified: Thu, 08 May 2025 23:15:48 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
ep1.adtrafficquality.google/getconfig/ 17 KB
13 KB 222ms
116ms XHR
application/json 142.251.167.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202505200101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202505200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f154.1e100.net

Software

cafe /

Resource Hash

84b0bb852b51092663620680b18740e90e81da763d24508f008c1c0a9cdf0e80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 13202
date: Tue, 27 May 2025 13:12:42 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 108ms
108ms Image
image/gif 172.253.62.157
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_stats&su=bit.ly&doc=complete&pg_h=1452&pg_w=1600&pg_hs=1452&c=0&aa_c=0&d=0&all_d=0&ard=0&all_ard=0&dt=d

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 27 May 2025 13:12:42 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 911DC5232AD960E5CD922312AAAA1768D921C30F.png
d1ayxb9ooonjts.cloudfront.net/d/ 1 KB
1 KB 80ms
80ms Other
image/png 54.230.48.157
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://d1ayxb9ooonjts.cloudfront.net/d/911DC5232AD960E5CD922312AAAA1768D921C30F.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.48.157 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-48-157.yul62.r.cloudfront.net
Software: nginx /
Resource Hash: bef547e2ac2d3c93de149566b20050c88bfc0dc32ab84f15d288973704544a2e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

etag: "de191ceae91ff28f37bcd7fe122e3a09"
age: 50397
via: 1.1 ea419f8269940bd7231c70acd36c430c.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 1142
x-amz-cf-id: 2IQHyppJZkQFLkRbjlgEaqQGHh5WAJ4ijqyx6ZY63Qbh-guQCfZmuA==
date: Mon, 26 May 2025 23:12:45 GMT
content-type: image/png
last-modified: Thu, 06 Mar 2025 12:29:31 GMT
server: nginx
x-amz-cf-pop: YUL62-C2
x-amz-server-side-encryption: AES256

GET
H2 200 sodar2.js Show response
ep2.adtrafficquality.google/sodar/ 20 KB
7 KB 338ms
101ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202505200101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.132 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

content-encoding: gzip
etag: "1747411493688989"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Tue, 27 May 2025 13:12:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 27 May 2025 13:12:42 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 7188
x-xss-protection: 0
server: sffe

GET
H3 200 container.html Show response
0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame D6C6 7 KB
0 2ms
2ms Document
text/html 142.251.163.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202505200101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.132 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f132.1e100.net

Software

sffe /

Resource Hash

f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bit.ly/2ykW1Iq
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 3121
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 May 2025 13:12:41 GMT
expires: Tue, 27 May 2025 13:12:41 GMT
last-modified: Thu, 08 May 2025 23:15:48 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 beacon
bit.ly/preview_page/ 16 B
29 B 114ms
111ms Ping
application/json 67.199.248.11
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://bit.ly/preview_page/beacon
Requested by: Host: bit.ly
URL: https://bit.ly/2ykW1Iq
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 67.199.248.11 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: bit.ly
Software: nginx /
Resource Hash: fb1bf528d8237aac3e9ead389ab246ba0068f61fe281610110937ef2b8adefce

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Referer: https://bit.ly/2ykW1Iq

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
date: Tue, 27 May 2025 13:12:42 GMT
content-type: application/json
server: nginx

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D9F2 624 B
246 B 327ms
117ms Document
text/html 64.233.180.156
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN3z17QCEP6ToNQDGPiywtABMAE&v=APEucNW-7Zp5L0H1GSmMCvKts-390kWW35iuWLEBB89czK5hldJba8VJBhP9vzgJLOMQ2ludX8HPzqffP1R70ePoSmDwNJszTw

Requested by

Host: 0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com
URL: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.180.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

on-in-f156.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 27 May 2025 13:12:42 GMT
expires: Tue, 27 May 2025 13:12:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_281.js Show response
s0.2mdn.net/879366/ Frame D6C6 117 KB
41 KB 314ms
102ms Script
text/javascript 172.253.122.148
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_281.js

Requested by

Host: bit.ly
URL: https://bit.ly/2ykW1Iq

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f148.1e100.net

Software

sffe /

Resource Hash

d0d116b21c9ac496c162f9074c75ce227719d025422a1794a57f497718f87cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Origin: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com
Referer: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/

Response headers

content-encoding: gzip
age: 21848
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Wed, 28 May 2025 07:08:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 27 May 2025 07:08:34 GMT
last-modified: Tue, 29 Oct 2024 21:00:00 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=86400
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 41319
x-xss-protection: 0
server: sffe

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20250521/r20110914/elements/html/ Frame D6C6 8 KB
3 KB 103ms
102ms Script
text/javascript 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20250521/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: bit.ly
URL: https://bit.ly/2ykW1Iq

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

1657584221779c9f6943c52bb7fba23376c18be3e021da4168fab39d8bb7863a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/

Response headers

content-encoding: br
etag: 567199331036499589
age: 75666
x-content-type-options: nosniff
expires: Mon, 09 Jun 2025 16:11:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 26 May 2025 16:11:36 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 3211
x-xss-protection: 0
server: cafe

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20250521/r20110914/ Frame D6C6 21 KB
8 KB 104ms
103ms Script
text/javascript 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20250521/r20110914/abg_lite_fy2021.js

Requested by

Host: bit.ly
URL: https://bit.ly/2ykW1Iq

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

be507b359cc4919d2c1154e11c9d17b94ba03bc583f0d31fffc3525583bec00d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/

Response headers

content-encoding: br
etag: 5251608839672234903
age: 75666
x-content-type-options: nosniff
expires: Mon, 09 Jun 2025 16:11:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 26 May 2025 16:11:36 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 8642
x-xss-protection: 0
server: cafe

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame D6C6 41 KB
14 KB 322ms
110ms Script
text/javascript 192.178.155.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: bit.ly
URL: https://bit.ly/2ykW1Iq

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.178.155.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yuiadrs-in-f132.1e100.net

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/

Response headers

content-encoding: br
age: 995
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Tue, 27 May 2025 13:46:07 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 27 May 2025 12:56:07 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=3000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 13937
x-xss-protection: 0
server: sffe

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20250521/r20110914/client/ Frame D6C6 3 KB
1 KB 406ms
194ms Script
text/javascript 192.178.155.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20250521/r20110914/client/window_focus_fy2021.js

Requested by

Host: 0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com
URL: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.178.155.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yuiadrs-in-f132.1e100.net

Software

cafe /

Resource Hash

fec5a361dec923efe92848ca27b02b158b164380a9eaf6cc1625e08e0d9c101e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/

Response headers

content-encoding: br
etag: 6020003950853699975
age: 9160
x-content-type-options: nosniff
expires: Tue, 10 Jun 2025 10:40:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 27 May 2025 10:40:02 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 1241
x-xss-protection: 0
server: cafe

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20250521/r20110914/client/ Frame D6C6 19 KB
8 KB 310ms
98ms Script
text/javascript 192.178.155.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20250521/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com
URL: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.178.155.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yuiadrs-in-f132.1e100.net

Software

cafe /

Resource Hash

760e5d0b97d6707a3d5c2c949bd70e7668484a144f383f3a4dfa878bad15e8ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/

Response headers

content-encoding: br
etag: 3000748235154339481
age: 5847
x-content-type-options: nosniff
expires: Tue, 10 Jun 2025 11:35:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 27 May 2025 11:35:15 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 8100
x-xss-protection: 0
server: cafe

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D6C6 42 B
63 B 201ms
201ms Image
image/gif 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CKVpRaoFl6fkImFr2GuALJpS_hnR1hk-kRUAiwdfJMm7AThDmRL913PWpgZYrqXa_ZKyKbUBO38GUCHnxuhWXPrYfPgR74m_E5xI5MV0O5jIHFfFg

Requested by

Host: 0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com
URL: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 27 May 2025 13:12:42 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame D6C6 221 KB
68 KB 102ms
102ms Script
text/javascript 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: 0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com
URL: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

9fc89654aff6bca6c890b30bd0833eb2f18d63a61c0a9ece5246537ad6f73c5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/

Response headers

content-encoding: br
etag: 81102085050987160
age: 1904
x-content-type-options: nosniff
expires: Tue, 27 May 2025 13:40:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 27 May 2025 12:40:58 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 69707
x-xss-protection: 0
server: cafe

GET
H2 200 runner.html Show response
ep2.adtrafficquality.google/sodar/sodar2/237/ Frame 070A 13 KB
5 KB 296ms
98ms Document
text/html 142.251.16.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.132 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

14b660a511e14a9a481c6fe43c576f36c61b656cfd379728c54f1128e1855966

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bit.ly/2ykW1Iq
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 319
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5044
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 May 2025 13:07:23 GMT
expires: Tue, 27 May 2025 13:57:23 GMT
last-modified: Tue, 13 May 2025 23:17:50 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4FF1 829 B
569 B 319ms
114ms Document
text/html 142.250.31.147
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.31.147 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f147.1e100.net

Software

ESF /

Resource Hash

964ea76e22592a51ba0cd6ee35a529340320bf4143a442d088aba84b8466be76

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-b_A2kS35-iU99JtNWqKDpw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bit.ly/2ykW1Iq
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-b_A2kS35-iU99JtNWqKDpw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Tue, 27 May 2025 13:12:42 GMT
expires: Tue, 27 May 2025 13:12:42 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame D9F2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELgmVEroYjZcfvOlysZpRBU&google_cver=1

43 B
338 B

111ms
111ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELgmVEroYjZcfvOlysZpRBU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN3z17QCEP6ToNQDGPiywtABMAE&v=APEucNW-7Zp5L0H1GSmMCvKts-390kWW35iuWLEBB89czK5hldJba8VJBhP9vzgJLOMQ2ludX8HPzqffP1R70ePoSmDwNJszTw
Protocol: H2
Server: 104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

cache-control: no-cache
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FVXOhGKXpQBovVUy0qmNIIfB98UzT2Fud2yNzPCNIcab5BtUbTKUlJD4XPSsaXW5vtJxgfKi2OwM8PVO4I0hZyg4ThrKK4VJFQgvnl%2BAQ3orzdjT7nPzZw%2F0k2JVHl33UB4RxDkqir22Mg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 9465c3f61ce2a306-YUL
expires: 0
alt-svc: h3=":443"; ma=86400
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date: Tue, 27 May 2025 13:12:43 GMT
content-type: image/gif
vary: Accept-Encoding
server: cloudflare

Redirect headers

cache-control: no-cache, must-revalidate
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELgmVEroYjZcfvOlysZpRBU&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 313
date: Tue, 27 May 2025 13:12:43 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame D9F2
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=aDW6S9HM66kACCY4ARqg1AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELgmVEroYjZcfvOlysZpRBU&google_cver=1

43 B
806 B

125ms
124ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELgmVEroYjZcfvOlysZpRBU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN3z17QCEP6ToNQDGPiywtABMAE&v=APEucNW-7Zp5L0H1GSmMCvKts-390kWW35iuWLEBB89czK5hldJba8VJBhP9vzgJLOMQ2ludX8HPzqffP1R70ePoSmDwNJszTw
Protocol: H3
Server: 104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y%2FX6i3itGXesdp9VxsT90ZEW%2FnM4%2FRR5tV4KdVgeRLZteBkavW%2BDikxeshyuqj6%2B0GY0vmVHB%2BiHMIItl0uyxpUXRwOQJKPm9C9QWHADS8JZzI7CrSTxpjkHo63RMUmDYYv55Dw4aT%2Fwdw%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: 0
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date: Tue, 27 May 2025 13:12:43 GMT
content-type: image/gif
vary: Accept-Encoding
priority: u=2,i
cache-control: no-cache
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
cf-ray: 9465c3f74a6ba27e-YUL
content-length: 43
server: cloudflare

Redirect headers

cache-control: no-cache, must-revalidate
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELgmVEroYjZcfvOlysZpRBU&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 313
date: Tue, 27 May 2025 13:12:43 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H2

200

bounce
ib.adnxs.com/ Frame D9F2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEKPQr01gC1p1sfYOLq6gIwU&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKPQr01gC1p1sfYOLq6gIwU%26google_cver%3D1

43 B
1 KB

100ms
99ms

Image
image/gif

68.67.181.102
ASN-APPNEX

General

Check archive.org

Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKPQr01gC1p1sfYOLq6gIwU%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN3z17QCEP6ToNQDGPiywtABMAE&v=APEucNW-7Zp5L0H1GSmMCvKts-390kWW35iuWLEBB89czK5hldJba8VJBhP9vzgJLOMQ2ludX8HPzqffP1R70ePoSmDwNJszTw

Protocol

Server

68.67.181.102 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1040.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 37.120.237.174; 37.120.237.174; 1040.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; *.adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: 3c761832-62e8-4893-9a4f-0dce9100045d
content-length: 43
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 27 May 2025 13:12:43 GMT
x-xss-protection: 0
content-type: image/gif
server: nginx/1.23.4

Redirect headers

cache-control: no-store, no-cache, private
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKPQr01gC1p1sfYOLq6gIwU%26google_cver%3D1
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 37.120.237.174; 37.120.237.174; 1040.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; *.adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: 5b6b80f9-f417-4ffc-9006-f0738c65241f
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 27 May 2025 13:12:43 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
server: nginx/1.23.4

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D9F2
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjE1NjExMjg0NzY5OTc0MDcxMg%3D%3D

170 B
188 B

129ms
129ms

Image
image/png

142.251.111.155
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjE1NjExMjg0NzY5OTc0MDcxMg%3D%3D

Requested by

Protocol

Server

142.251.111.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Tue, 27 May 2025 13:12:43 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

cache-control: no-store, no-cache, private
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjE1NjExMjg0NzY5OTc0MDcxMg%3D%3D
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 37.120.237.174; 37.120.237.174; 1040.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; *.adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: 7644bf9c-c7e0-45c9-aaf1-b434620cc7e5
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 27 May 2025 13:12:43 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
server: nginx/1.23.4

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D6C6 0
0 323ms
116ms Fetch
image/gif 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fle-fetch-start2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 27 May 2025 13:12:43 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D6C6 0
0 309ms
113ms Fetch
image/gif 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 27 May 2025 13:12:43 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
DATA 200
OK truncated
/ Frame D6C6 213 B
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b04596e6ac89335e0834fb83ad0bf0eeac03ed77874b89aebaf6ef412678cf15

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D6C6 0
0 269ms
115ms Fetch
image/gif 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 27 May 2025 13:12:43 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame E5EB 38 KB
13 KB 98ms
97ms Document
text/html 192.178.155.132
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.178.155.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yuiadrs-in-f132.1e100.net

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 2077
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 May 2025 12:38:06 GMT
expires: Tue, 27 May 2025 13:28:06 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/8317383810659443196/ Frame C2B2 22 KB
5 KB 214ms
112ms Document
text/html 172.253.122.148
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8317383810659443196/index.html?ev=01_253

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_281.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f148.1e100.net

Software

sffe /

Resource Hash

7c9f883dc969d65733d8cff956e1552167aafb74df384bdd8020a97ec06c4556

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 27 May 2025 13:12:43 GMT
expires: Wed, 27 May 2026 13:12:43 GMT
last-modified: Wed, 12 Apr 2023 14:11:41 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame D6C6 0
0 233ms
123ms Fetch
image/png 142.251.179.149
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjstxYmu7boDuIj09MdxL6eTvlzkcuLuQPCtsowDq9XygQ3FVRqiJZ6qdZJ56qcxYxLDlFy1EgGlFbIWBg-9iKt0zm9jjqwfK7olmYnUzH4BvatjcimFAnX1fBSRSB-X4HMLwhdz-fcvdB-Q7PhfjrGRxkBHoWj4kWmqRBw5fWvTdckWqdgNH969sHR-O-iEWTGgdU0Ngnh9CbXZUYZBD622eEB4OU6jwZtY4WfalkOIEzuBwk0j7EGwzfjTrOAxUno43mNrPJzpqKOr3BgrZxwEMaEwhiaDMY5yHmU6FUnojgxn3KNA8eApdIgVSgepEmROg4CU1AzU_12toUedKSLPMgzgQSyax3LEki3CaJPSNlpSOq_RHOwe_Jga5pupFGwJiEYEJ3kqctlT93SrInesWzqTLUb2cfZROk6s8xjl7avgog_U6HcCJJ0elutFjQuOj2Q_WqHkROe07iG62XSmQ2Men_mwL0Laz_aSMXNSWUciXnslcxZSYHkhDZIH9gv8MNKRPMcf9ahrtyTCx7tdBZ043I2suGbfaHAj-4rEcRznu6mVekMXfPUcGPcxR9-fgjEQ6oxkXj9Oy0FORqkkXkE2AqeiHPVqBJfYisUPuqVTSPRcfBdbQsb1q7JD8MsINpzvKXmlck0m8c5g0arac96r2M3g6qCfHIjg23lWL7r2W2u280fDAikRJcfJZhyFVz3a1Sau73RBc-nAeYX0YthGkayv1AKY3dwKvjTZtbzBwoW7dNPzFxjLC6HT-iIlZw19b_6xxb_AV4oftnzxI0Tw286cKZLmGwCJ7b01lUAgCQO2-kkwsFI5SNv-myFZb3Nb9Y1QJvm4z4JObr0oJGSDgdAg7N3APidwKWCBttByLjgdHTqHoB_bbuOevAIP3ettl8H9i6qbtT5gX-BgRyZE1WYp_d4NXwnKObwE-_-wMec3m1qzHGDCYrN2Ywsdy19cZBt09HX-mAAAoppDnbKjZYcM-FZOioHprgdX-cV2Lf4AHfobXNRG-VP1SNH0kVAXnNb57kG2AsS9foiA4-7dBL0-3xwFMFKjMUCUzA3UOncDpxWT7cDSkuUHJ_bTNopTh7moXHTVZORx4tvuAoKdysAFj5-bb8DWiK4AYegWNgxToPZ4Vrf4sCakw33WGu-7lv_sq1W400pgqdi72REEIPNQB_TCCVXjMrW2hRRSmcnplaqBYNVWCUmo0Gyw0QpO8kUPHMY0m90EooqopXjqUsfLLhLhkko7sk0zkQPiA92jUllLoBDqeq_IQEEviO7krrFq0ORbGFkFGnzR3LrgDtu6Pc9JlVXjb9Aizye-5IzjdrXf1hvO0ZfBHA4J8KqLcsYJndXwCoJiPCqvqNzh5ydt8wZryWsw2jCZMnBEt3uCTh_vHnWtRbG_oAbPcZawKd1YIr9FncoG1X2ESJY0nyfXM7jhZYoGflKO3l1CLsy9jT6bqha6oUVqxVLtHTc7oEV0L6WbqnaEiAI_R4T3DdxbWJpeMgWN5_QcMcbXMDxwabODPEPFUQTyPXGSM9HkLAZpntDqU8gYEzWeztyh-4KwcKkBv5lT3EmRvBoXE9jBorYx_CWe_d00723I9iM-WTdX3wZW9dOSE1TkGQHl39wXgeVbHCB1mhrtWjU5FCjrDzVdkFHoVqK-6DW7ZNoutZK6fS1Oj2HhZCU3zlrhm689mew&sai=AMfl-YSPaSYVBZMBn0Vt02CvvQ3y3O98JtWVZQN9I8vOJTlJpQvp986BfJLBGVTDItMf5GJihgfNTYWp7SoZtzlcAsGuJIFBHRUEmIRa0sqsFTfVfCxjsxJTghjDw3plaUQk9d3uURJnobqgEuGrNOKk4SPhk2nIhZzFLSgFRe6K6VfoXWYX8ccXKdA_Gnndx1_0rQciLi_y-iHbUgS_ksGOukAI6teUekq8JZTpT5JzsG2iXhtg2WcsG32nTDGPG7aHMcBNb_Y-lkJVkgZ-uWiojDQSTDnBbv5bMISNYKgDT5A47A_cngQte8lGjxLNTWal4QHvTv4ytW_ud8B8URUd5CRq6VqerSo2l0Bja5XkAWrejUPHld_i8hl_dc6YgoaicXGyEAz7okCCqJk7xDY1irdz2eI-n-h00sl3w9y2U3VJaG6FhxuufW9U_t5lM6bDNErCt7WQSlRD0zRsZzpPYKoZbIFyerPqdKS0EC9tXUjBWl4Rzut9s03rX9XypvOScxfEUkOFTCY&sig=Cg0ArKJSzE0gqnuZ3qtsEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9vYW5kYS5jb20&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=470&cbvp=1&cstd=467&cisv=r20250521.48402&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=1&ftch=1&adurl=

Requested by

Host: bit.ly
URL: https://bit.ly/2ykW1Iq

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.179.149 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f149.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/

Response headers

x-content-type-options: nosniff
expires: Tue, 27 May 2025 13:12:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 27 May 2025 13:12:43 GMT
content-type: image/png
content-security-policy: script-src 'none'; object-src 'none'
cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
x-xss-protection: 0
attribution-reporting-register-source: {"aggregation_keys":{"649859192":"0x6e4878be23a0e1990000000000000000","649859193":"0x5e606bb9185c4a530000000000000000","649859194":"0x7672529f733616400000000000000000"},"debug_key":"7352266940177290552","debug_reporting":true,"destination":["https://oanda.com"],"event_report_windows":{"end_times":[86400,345600]},"expiry":"2592000","filter_data":{"14":["8959420","8959126","7848476","100619318"],"21":[],"23":[],"24":[],"25":[],"26":[],"27":[],"28":[],"29":[],"8":["8955451"]},"max_event_level_reports":2,"priority":"0","source_event_id":"8884213153098758819"}
server: cafe

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4FF1 0
17 B 111ms
110ms Image
image/ 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=237&li=gpt_m202505200101&jk=4084945365367239&rc=

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://www.google.com/

Response headers

timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 27 May 2025 13:12:43 GMT
x-xss-protection: 0
content-type: image/
server: cafe

GET
H3 200 Wb8bPZigRvc_GFKs9artHwCAEk0Ifr6vx8-xXlqx1qs.js Show response
pagead2.googlesyndication.com/bg/ Frame 070A 54 KB
21 KB 101ms
100ms Script
text/javascript 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Wb8bPZigRvc_GFKs9artHwCAEk0Ifr6vx8-xXlqx1qs.js

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

sffe /

Resource Hash

59bf1b3d98a046f73f1852acf5aaed1f0080124d087ebeafc7cfb15e5ab1d6ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://ep2.adtrafficquality.google/

Response headers

content-encoding: br
age: 297054
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
x-content-type-options: nosniff
expires: Sun, 24 May 2026 02:41:49 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 24 May 2025 02:41:49 GMT
last-modified: Mon, 19 May 2025 09:28:00 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
accept-ranges: bytes
content-length: 21184
x-xss-protection: 0
server: sffe

GET
H3 200 Wb8bPZigRvc_GFKs9artHwCAEk0Ifr6vx8-xXlqx1qs.js Show response
pagead2.googlesyndication.com/bg/ Frame E5EB 54 KB
21 KB 101ms
101ms Script
text/javascript 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Wb8bPZigRvc_GFKs9artHwCAEk0Ifr6vx8-xXlqx1qs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

sffe /

Resource Hash

59bf1b3d98a046f73f1852acf5aaed1f0080124d087ebeafc7cfb15e5ab1d6ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://tpc.googlesyndication.com/

Response headers

content-encoding: br
age: 297054
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
x-content-type-options: nosniff
expires: Sun, 24 May 2026 02:41:49 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 24 May 2025 02:41:49 GMT
last-modified: Mon, 19 May 2025 09:28:00 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
accept-ranges: bytes
content-length: 21184
x-xss-protection: 0
server: sffe

POST
H2 204 csi
csi.gstatic.com/ 0
534 B 507ms
172ms Ping
image/gif 142.250.200.3
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~mb6jdmuy&c=4084945365367239&e=31090591%2C31092255%2C31092621%2C95353385%2C83321073%2C31061691%2C31061693&ctx=1&met.9=1.117~2.1b4~9.0~3_1.1ec~7_1.0~4_1.20g~5_1.20p&met.10=1_1.CAAQABiAmHUgnQ4oAQ&met.3=112.1ge_3~113.1oe_2&met.7=CBsQCMABiMb8hgc~CBsQByDSBDj8AcABwsDOOQ~CBsQBiDsBDjkAcAB9trnug0~CBsQBiDsBDjlAcABjKqKXg~CBsQBiDtBDi4AsABrI_0zw0~CBsQBiDtBDi6AsABy-OYgwo~CBsQBiDtBDi-AsABssXbtQQ~CBsQBiDtBDjMAsABkoX0rwg~CBsQBiDtBDjTAsAB1_-k-Ag~CBsQBiDtBDjPAsAB3dfzlwk~CBsQBiDtBDjQAsAB6v36sw0~CBsQBiDtBDjRAsAB-oGo-QI~CDsQChgBIKAHKKAHMKcKOIcDQKAHSKEHUKEHWOYIYKEHaOcIcNkJeKKPAoAB9owCiAGX7wawAQG4AQPAAeLN6pYJ~CEMQChgBIMUKKMUKMIsNOMcCaMYKcLMLeNvPCoABr80KiAGx1yGwAQG4AQPAAaqZ74sK~CFIQBxgBIMsKKMsKMMgLOH1QywpYvgtgywpozApwvwt477oBgAHDuAGIAYb6A7ABAbgBA8ABt-D1jg0~CBkQChgBIOcNKOcNMNEOOGlo6A1wyw54_ckBgAHRxwGIAaGdBLABAbgBA8ABlN3A2AU~CBsQBRgBIJsOKJsOMNgQOL0CQJ0OSKEOUKEOWO0PYKEOaO4PcNIQeN0agAGxGIgB7DmwAQG4AQPAAbTBqNIP~CBsQCDj6EMABiMb8hgc~CCgQBRgBIPUNKPUNMPgQOIMDwAGktPXBDA~CBsggRE4UsAB6unb1A4~CBwQBhgBIIARKIARMO4ROG5ogBFw6xF4rAKwAQG4AQPAAZSE4rUO~CBsQDSD6EDj2AcAByOnstQ8~CA8QBBgBIJUOKJUOMKwUOJcGaJcOcKAUeNrFAoABrsMCiAHOnQewAQG4AQPAAb_emusG~CBsQBRgBIMEUKMEUMN4UOB1o2xRw3BSAAbEYiAHsObABAbgBAcABtMGo0g8~CBsQCiDxEjjYAsABkoq75QM~~CBsQBSDNFTj5AsABxvmU6As~CBsQBRgBINEVKNEVMMcYOPYCwAHPxtriAQ&met.1=1.mb6jdlek~6.3~7.5~8.b~9.7a~10.cl~11.a1~12.cl~13.g8~14.gx~15.gf~16.oc~17.oc~18.oc~19.1o8~20.1o8~21.1oa~22.q4~23.q4&qqid.1=CK-coI7dw40DFQai0QQdtZ0kjA
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.200.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lhr48s29-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
report-to: {"group":"ascnsrsgcc:41:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgcc:41:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgcc:41:0
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgcc:41:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 27 May 2025 13:12:43 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
server: Golfe2

GET
H2 204 generate_204
ep2.adtrafficquality.google/ Frame 070A 0
40 B 100ms
99ms Image
text/plain 142.251.16.132
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL: https://ep2.adtrafficquality.google/generate_204?P1FJ5w
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.16.132 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: bl-in-f132.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Tue, 27 May 2025 13:12:43 GMT
cross-origin-resource-policy: cross-origin

GET
H3 200 ff7781e27d40d3823b8bd59ec56be094.js Show response
s0.2mdn.net/sadbundle/8317383810659443196/ Frame C2B2 104 KB
30 KB 112ms
112ms Script
application/x-javascript 172.253.122.148
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8317383810659443196/ff7781e27d40d3823b8bd59ec56be094.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8317383810659443196/index.html?ev=01_253

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f148.1e100.net

Software

sffe /

Resource Hash

fb0bd4bab7b708fb15701678ad3a8f59823f1ac963b012074aef10dabe5abca1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://s0.2mdn.net/sadbundle/8317383810659443196/index.html?ev=01_253

Response headers

content-encoding: gzip
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Wed, 27 May 2026 13:12:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons: true
date: Tue, 27 May 2025 13:12:43 GMT
content-type: application/x-javascript
vary: Accept-Encoding
last-modified: Wed, 12 Apr 2023 14:11:41 GMT
cache-control: public, max-age=31536000
timing-allow-origin: *
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
x-xss-protection: 0
server: sffe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E5EB 0
20 B 109ms
109ms Image
image/gif 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BwY7hSbo1aO_TLobExtYPtbuS4QgAAAAAOAHgBAI&bg=!enmleTbNAAYA59AtIOc7ADQBe5WfOPd6arGipJzwuvGyeWZYwlbl-nwfBzpCSPm8OuY3Hzxm0pWR1s5ajtZtVVZ3XnZwAgAAAFlSAAAABWgBB34ANceR3RuFbeOuciFHoO98EMwp-_SJ-eIsFavA6R3znvvLZCVaWRAxdfq_RGWiXz5Q8sTrIO9AmQKVpZjCzP5sS33uMVJiZUkofmp9oQH4_Fiu6f8Pu4zI9YhlqLR1VI4gR3sNO0EFiSQblpTD4zNH8U3lsQ4xhFfE64ZkPsVg9v9iX8m6MdAnlgOqNd5CPGqocx8R-JvVER4HhX4yS0GDaDMXo5l2bcc1cK8i7KDfhcxg3QORwMr2ZeOmEqBAznmLLBH7LMbtf2RkQstw2apSvk-pp7T-N4E6JX_ouFcX-DHdhYsGiFyNj0b-CKejiG_qmtxHpDDtXWIFjEG77pC_HfoyR0LQ_-ku3cL9qaSyTKsd0gyS2ePTKshSXYZAh10uGys63XzhG8OcOiMCUUvkCtWfzNC_MeSGg-JmFclHNNMqY876LSqxufxzgPDwa0W8BtjUYLeb9vJfN3ARbsv-o6LPtHBOUOjHYu8tfNFnI3glLJKzjVXjehJ2FixYwhWNHL4d5HQc6N3txWLl9VqkpYoahcs9i-bb2Srby4041OHdkzfSogfso7KFvY_WXUMNlSQ62kScNl_cgNqRWLCJjd0sBXngRUtuATJRriaqf9L_bYkcp63E6h9lpNFqtbYkUK-sJB15E5bUacfJRQ02T2MoCwC3BotT3mqzZUTgIaV6O1jePKEbmavPL-sfrVPr8QXEy63Y9vE66yEvBpijMAo6wKV1ui-iTfLwBH4I3QtPqQMm9a7myj_NHUiYKlp2UQ5QmkM67CsOmhxFsbh-GYFP2oKsLPS1tTtIC2hLlfX-rRPrA95IQ5usJ3jGwLIYIg7jUVrKHuBkrmVNH9YPUkuPhkT497ul-i3gNs-TYqq-Qjunf8U5J71jkR2EOvPpmpGGkbPOE-PQ-1JM04oKXQZwOcIIa5RCNR3b4aVZ2o9MWLNMwIpF9wZ-vlSRrw

Requested by

Host: 0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com
URL: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://tpc.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 27 May 2025 13:12:43 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 css
fonts.googleapis.com/ Frame C2B2 2 KB
880 B 351ms
138ms Stylesheet
text/css 172.253.63.95
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oxygen:700|Oxygen:400

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8317383810659443196/ff7781e27d40d3823b8bd59ec56be094.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f95.1e100.net

Software

ESF /

Resource Hash

dcc0e38650b5666ce55080f920453b32dea8b324a69c874d94f7498bfe69c3f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://s0.2mdn.net/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 27 May 2025 13:12:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 27 May 2025 13:12:43 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Tue, 27 May 2025 13:12:43 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 99c0872c1b50043eb5cc22c7c4a5a6ce.png
s0.2mdn.net/sadbundle/8317383810659443196/media/ Frame C2B2 45 KB
45 KB 113ms
112ms Image
image/png 172.253.122.148
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8317383810659443196/media/99c0872c1b50043eb5cc22c7c4a5a6ce.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8317383810659443196/index.html?ev=01_253

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f148.1e100.net

Software

sffe /

Resource Hash

8ad3be2c025fa4e17e0cca12c7c8195b338db7d4ebbae6db0b4b6b9bd2ad2ad1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://s0.2mdn.net/sadbundle/8317383810659443196/index.html?ev=01_253

Response headers

report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Wed, 27 May 2026 13:12:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons: true
date: Tue, 27 May 2025 13:12:43 GMT
content-type: image/png
last-modified: Wed, 12 Apr 2023 14:11:41 GMT
cache-control: public, max-age=31536000
timing-allow-origin: *
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 46325
x-xss-protection: 0
server: sffe

GET
H3 200 7b0ac8114ffcbc8a547e4af4447a939b.svg
s0.2mdn.net/sadbundle/8317383810659443196/media/ Frame C2B2 4 KB
2 KB 147ms
146ms Image
image/svg+xml 172.253.122.148
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8317383810659443196/media/7b0ac8114ffcbc8a547e4af4447a939b.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8317383810659443196/index.html?ev=01_253

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f148.1e100.net

Software

sffe /

Resource Hash

f17cdb7a5befadc769803c3e8030448b04dd9e13ff9245b042d66a6d854b8594

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://s0.2mdn.net/sadbundle/8317383810659443196/index.html?ev=01_253

Response headers

content-encoding: gzip
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Wed, 27 May 2026 13:12:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons: true
date: Tue, 27 May 2025 13:12:43 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Wed, 12 Apr 2023 14:11:41 GMT
cache-control: public, max-age=31536000
timing-allow-origin: *
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 1520
x-xss-protection: 0
server: sffe

GET
H3 204 sodar
ep1.adtrafficquality.google/pagead/ 0
17 B 198ms
197ms Image
image/ 142.251.167.154
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=237&t=2&li=gpt_m202505200101&jk=4084945365367239&bg=!BAelB0jNAAYA59AtIOc7ADQBe5WfOLUBiNN4mUjPTQJBPQ4hZl8BMceY7afWWMAyKrRpxJiIA8WU_mkjKxgwajMbE6ilAgAAAFxSAAAAC2gBB34ANh-MhXFgrnV8yraxdv7S6Wj6QC8kdUO8jZw256DvK_6mzmdQLXnGOkiZOBYKxCvRQ4dey80OTAoAbOgYPboMPmF5_cvrRDX7iAU-xQ7Ojh_q76ShpyknsejYxiVSl_UIMRKvTSrIlQoaNZ4GVigIL3wMWapGvanJMeDzxmF2POGF3cFxsWFsZAi2nQ94ZRoz56hIeftcz0PKDZq4vvDiucvm9YyUaZkCRJYnIPHIkc8oO9XWo4whuDY_b8YjzjrEM2gtNt2Ju0k0Hw5dBw3tO6mBeeEvfS_z5swO0yhbaIZJ5vAVcVuaCi9LHxpkg03dWIwH6cV79qVmJ2sDIyTpZHbc8N2xjoWbZnpUk23yOYsA3i43XYIOoZp5MBb-ibG2jDw0stnS21KYX7uqv-uKUuuT4UWi2G3vI0gl-ygoVXwW5SJ40Jrl4-BP8Debz8dYnekyDY677UNK3633vP-tMzNtRZjSc9O2n_-qfg7r0-qvUWQcZsqkLHOFEPqxDDyUrg2yD27j9dHBi9IhgKIG3qU9W3IJf8J7cdKkQNdVzYU8LRyurCsAE1CoR5affXi_yDmYnK4NIObnxx9H-q5nMngqWgoZzNTUFFkL0_PwgG-G9zIKy-GKP7YF5ppXB7Rn1PNUXapBf4H5xijheakK-2RIPuBehj0bvKLnO1VMHVKxOckuRClCS9KzAgKfYeukrc50fkj_rbvPKBGOmNC56OCjGoCSEG712QK3Zyu7g8wu5FJ_Yr8li4zbm1aZQPbdXOeyKqyucMGahw9fv-lSGEkVN1peyr91yEHPEcTJZIru1242gGdwWxFb-G6ceIke3KntAJuIVhE8sqi-mnsIyfvaxeTry9VPcnIge01mAUTYrs_pBqzeB2y7CivBjTUpXvDxvr0jthOIR1xn-c2FV2MPqY-owEvXXoEjrCkpkcuGbYCc9TynjrEhxtsrd4cpLMBzntK5Iz9mD4-TKemhQhBkvrkXBGVzg6Wr9KY

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://bit.ly/2ykW1Iq

Response headers

timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 27 May 2025 13:12:43 GMT
x-xss-protection: 0
content-type: image/
server: cafe

GET
H3 200 2sDcZG1Wl4LcnbuCNWgzaGW5.woff2
fonts.gstatic.com/s/oxygen/v15/ Frame C2B2 16 KB
16 KB 211ms
105ms Font
font/woff2 142.251.167.94
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/oxygen/v15/2sDcZG1Wl4LcnbuCNWgzaGW5.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oxygen:700|Oxygen:400

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f94.1e100.net

Software

sffe /

Resource Hash

5740bce57f68562d42e8ca6f6eb70dca3bc33be11ef0361e78274d360f41adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Origin: https://s0.2mdn.net
Referer: https://fonts.googleapis.com/

Response headers

age: 341398
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 23 May 2026 14:22:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 23 May 2025 14:22:45 GMT
last-modified: Mon, 09 May 2022 18:30:51 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 16172
x-xss-protection: 0
server: sffe

GET
H3 200 2sDfZG1Wl4LcnbuKjk0m.woff2
fonts.gstatic.com/s/oxygen/v15/ Frame C2B2 16 KB
16 KB 204ms
100ms Font
font/woff2 142.251.167.94
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/oxygen/v15/2sDfZG1Wl4LcnbuKjk0m.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oxygen:700|Oxygen:400

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f94.1e100.net

Software

sffe /

Resource Hash

9e64f128d5352d04ea5c87031e4cf1ad204b72a0afb003ece52eeb997d28a570

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Origin: https://s0.2mdn.net
Referer: https://fonts.googleapis.com/

Response headers

age: 341358
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 23 May 2026 14:23:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 23 May 2025 14:23:25 GMT
last-modified: Mon, 09 May 2022 18:31:32 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 16348
x-xss-protection: 0
server: sffe

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D6C6 42 B
65 B 118ms
118ms Fetch
image/gif 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstsSKo_7QKMatcLpZPG9upgMXWVIUNkv8rMM8bdotM4dlkBXAXJ1hFeXUUQCeYVHCoK0gRcBeQdukO3H1fSP7vzTFn59XCPNumuxOX7tSaY5ph83T1dKKW0CsDHKXlXvEj_-J-nRTtY1w3sdndoCWEz0yrEq3Ev--q7SysdWYFeYFShJTp71Kx22Y0xv20CIj5sKRMDfwDQ&sai=AMfl-YTQtmJ_h1bGQbHJIyPweu--Bxw3cwyRoh8MldKdsY1_E5cBTwCfySbGAWze8P6Sv-Zda_98oPwDf3_72FCMSK8Ba0m4lrsg97qZ3n8Z4YRkOYqOPIfcAiYPBYpbJsE0PEm6eOiTn32pUShr2Tdfuw&sig=Cg0ArKJSzLaDKPOzeHl2EAE&cid=CAQSTwDZpuyztWKG3xn3A8c8x9pLbbclL4L0KqslJcMX-JhOBTkv3Gagv046rHkx5hm9eK6fFn7fyt_qoRnhyGDqvUE2fz-z2sgeBQMVrjhV_xkYAQ&id=lidar2&mcvt=1000&p=67,438,107,479&tm=1072.8999996185303&tu=73.39999961853027&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20250521&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3309689787&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=4428436200&rst=1748351562461&rpt=467&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 27 May 2025 13:12:44 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame D6C6 0
0 112ms
111ms Fetch
image/png 142.251.179.149
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjstxYmu7boDuIj09MdxL6eTvlzkcuLuQPCtsowDq9XygQ3FVRqiJZ6qdZJ56qcxYxLDlFy1EgGlFbIWBg-9iKt0zm9jjqwfK7olmYnUzH4BvatjcimFAnX1fBSRSB-X4HMLwhdz-fcvdB-Q7PhfjrGRxkBHoWj4kWmqRBw5fWvTdckWqdgNH969sHR-O-iEWTGgdU0Ngnh9CbXZUYZBD622eEB4OU6jwZtY4WfalkOIEzuBwk0j7EGwzfjTrOAxUno43mNrPJzpqKOr3BgrZxwEMaEwhiaDMY5yHmU6FUnojgxn3KNA8eApdIgVSgepEmROg4CU1AzU_12toUedKSLPMgzgQSyax3LEki3CaJPSNlpSOq_RHOwe_Jga5pupFGwJiEYEJ3kqctlT93SrInesWzqTLUb2cfZROk6s8xjl7avgog_U6HcCJJ0elutFjQuOj2Q_WqHkROe07iG62XSmQ2Men_mwL0Laz_aSMXNSWUciXnslcxZSYHkhDZIH9gv8MNKRPMcf9ahrtyTCx7tdBZ043I2suGbfaHAj-4rEcRznu6mVekMXfPUcGPcxR9-fgjEQ6oxkXj9Oy0FORqkkXkE2AqeiHPVqBJfYisUPuqVTSPRcfBdbQsb1q7JD8MsINpzvKXmlck0m8c5g0arac96r2M3g6qCfHIjg23lWL7r2W2u280fDAikRJcfJZhyFVz3a1Sau73RBc-nAeYX0YthGkayv1AKY3dwKvjTZtbzBwoW7dNPzFxjLC6HT-iIlZw19b_6xxb_AV4oftnzxI0Tw286cKZLmGwCJ7b01lUAgCQO2-kkwsFI5SNv-myFZb3Nb9Y1QJvm4z4JObr0oJGSDgdAg7N3APidwKWCBttByLjgdHTqHoB_bbuOevAIP3ettl8H9i6qbtT5gX-BgRyZE1WYp_d4NXwnKObwE-_-wMec3m1qzHGDCYrN2Ywsdy19cZBt09HX-mAAAoppDnbKjZYcM-FZOioHprgdX-cV2Lf4AHfobXNRG-VP1SNH0kVAXnNb57kG2AsS9foiA4-7dBL0-3xwFMFKjMUCUzA3UOncDpxWT7cDSkuUHJ_bTNopTh7moXHTVZORx4tvuAoKdysAFj5-bb8DWiK4AYegWNgxToPZ4Vrf4sCakw33WGu-7lv_sq1W400pgqdi72REEIPNQB_TCCVXjMrW2hRRSmcnplaqBYNVWCUmo0Gyw0QpO8kUPHMY0m90EooqopXjqUsfLLhLhkko7sk0zkQPiA92jUllLoBDqeq_IQEEviO7krrFq0ORbGFkFGnzR3LrgDtu6Pc9JlVXjb9Aizye-5IzjdrXf1hvO0ZfBHA4J8KqLcsYJndXwCoJiPCqvqNzh5ydt8wZryWsw2jCZMnBEt3uCTh_vHnWtRbG_oAbPcZawKd1YIr9FncoG1X2ESJY0nyfXM7jhZYoGflKO3l1CLsy9jT6bqha6oUVqxVLtHTc7oEV0L6WbqnaEiAI_R4T3DdxbWJpeMgWN5_QcMcbXMDxwabODPEPFUQTyPXGSM9HkLAZpntDqU8gYEzWeztyh-4KwcKkBv5lT3EmRvBoXE9jBorYx_CWe_d00723I9iM-WTdX3wZW9dOSE1TkGQHl39wXgeVbHCB1mhrtWjU5FCjrDzVdkFHoVqK-6DW7ZNoutZK6fS1Oj2HhZCU3zlrhm689mew&sai=AMfl-YSPaSYVBZMBn0Vt02CvvQ3y3O98JtWVZQN9I8vOJTlJpQvp986BfJLBGVTDItMf5GJihgfNTYWp7SoZtzlcAsGuJIFBHRUEmIRa0sqsFTfVfCxjsxJTghjDw3plaUQk9d3uURJnobqgEuGrNOKk4SPhk2nIhZzFLSgFRe6K6VfoXWYX8ccXKdA_Gnndx1_0rQciLi_y-iHbUgS_ksGOukAI6teUekq8JZTpT5JzsG2iXhtg2WcsG32nTDGPG7aHMcBNb_Y-lkJVkgZ-uWiojDQSTDnBbv5bMISNYKgDT5A47A_cngQte8lGjxLNTWal4QHvTv4ytW_ud8B8URUd5CRq6VqerSo2l0Bja5XkAWrejUPHld_i8hl_dc6YgoaicXGyEAz7okCCqJk7xDY1irdz2eI-n-h00sl3w9y2U3VJaG6FhxuufW9U_t5lM6bDNErCt7WQSlRD0zRsZzpPYKoZbIFyerPqdKS0EC9tXUjBWl4Rzut9s03rX9XypvOScxfEUkOFTCY&sig=Cg0ArKJSzE0gqnuZ3qtsEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9vYW5kYS5jb20&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1511&vt=11&dtpt=1041&dett=3&cstd=467&cisv=r20250521.48402&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=1&ftch=1&adurl=

Requested by

Host: bit.ly
URL: https://bit.ly/2ykW1Iq

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.179.149 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f149.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Tue, 27 May 2025 13:12:44 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 27 May 2025 13:12:44 GMT
x-xss-protection: 0
content-type: image/png
attribution-reporting-register-source: {"aggregation_keys":{"649859192":"0x6e4878be23a0e1990000000000000000","649859193":"0x5e606bb9185c4a530000000000000000","649859194":"0x7672529f733616400000000000000000"},"debug_key":"15186621314776609444","debug_reporting":true,"destination":["https://oanda.com"],"event_report_windows":{"end_times":[86400,345600]},"expiry":"2592000","filter_data":{"14":["8959420","8959126","7848476","100619318"],"21":[],"23":[],"24":[],"25":[],"26":[],"27":[],"28":[],"29":[],"8":["8955451"]},"max_event_level_reports":2,"priority":"0","source_event_id":"7183612464337022297"}
server: cafe

GET
DATA 200
OK truncated
/ Frame C2B2 295 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bca04e14f8463b6a4c01175c4a2439fa7cec83fef57794e5e7a2cf55fd9c93f0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml;charset=UTF-8

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame D6C6 68 KB
25 KB 99ms
99ms Script
text/javascript 172.253.62.154
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: 0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com
URL: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

69df9520e73d741f328f7a40e279710499d1e2af1a81de60b2be855802f0745c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com/

Response headers

content-encoding: br
etag: 69234120874071566
age: 1086
x-content-type-options: nosniff
expires: Tue, 27 May 2025 13:54:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 27 May 2025 12:54:38 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 25553
x-xss-protection: 0
server: cafe

POST csi
csi.gstatic.com/ Frame D6C6 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: csi.gstatic.com
URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~mb6jdorf&chm=1&c=4084945365367239&ctx=2&qqid=CK-coI7dw40DFQai0QQdtZ0kjA&met.4=fb.18~lb.b1~ol.17r~idt.7o~dt.-n0&met.3=374.ef~113.1c2_7~112.1by_b&met.1=1.mb6jdnfh~6.b~7.b~8.b~9.b~10.b~12.q~13.r~14.t~15.z~16.eb~17.eb~18.ec~19.17p~20.17q~21.17r~22.dk~23.dk&met.7=CBsQCBgBKAswHTinDGgacBuAAbEYiAHsObABAbgBAQ~CCgQBRgBIC8oLzD6AjjLAlAxWIMCYDFogwJw-AJ4igSAAd4BiAHwBLABAbgBAw~CCkQChgBIDcoNzD0Azi9A0A4SDlQOViKAmChAWiKAnDxAniTxQKAAefCAogBtqUHsAEBuAED~CBwQChgBIDcoNzCiAThraDlwnwF4txuAAYsZiAHZPrABAbgBAw~CAkQChgBID8oPzCrAThsaEBwpgF47kWAAcJDiAGBqwGwAQG4AQM~CCcQChgBIEAoQDDXAziXA2iUAnCCA3idb4AB8WyIAenJArABAbgBAw~CB4QChgBIEAoQDDZAziZA2iUAnDWA3iFDIAB2QmIAdQVsAEBuAED~CBwQChgBIEAoQDCCAzjCAkBBSEVQRViTAmCpAWiUAnD2AnjQQYABpD-IAdqYAbABAbgBAw~CBwQBhgBIEEoQTCQAjjOAWhCcIoCeNYCgAEqiAEqsAEBuAED~CBwQChgBIEIoQjCMAjjLAWhCcKgBePeiBIABy6AEiAG26Q2wAQG4AQM~CBwQBBgBIKsDKKsDMO8FOMUCaPoEcO0FeKwCsAEBuAED~CBwQBBgBILUDKLUDMOwFOLcCULYDWPoEYLYDaPoEcOsFeKwCsAEBuAED~CBwQBBgBIN8DKN8DMO4FOJACaPoEcO0FeKwCsAEBuAED~CCcQBRgBIIIEKIIEMPYEOHRohARw5QR4oWiAAfVliAH-sAKwAQG4AQM~CB8QBRgBIJIEKJIEMPIFOOABUJMEWPkEYJMEaPkEcOkFePoogAHOJogBjbEBsAEBuAED~CBsQBBgBIJQEKJQEMP4FOOsBQJUESJUEUJUEWIIFYJUEaIIFcP0FeKwCsAEBuAED~CBsQBBgBIKQMKKQMMJUNOHJopQxwkw14rAKwAQG4AQM~CCgQChgBIMEMKMEMMKoNOGpowQxwpA14_ckBgAHRxwGIAaGdBLABAbgBAw

Verdicts & Comments Add Verdict or Comment

20 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bit.ly/	1970-01-21 09:58:23	Name: _bit Value: p4rdcE-27c4f95e8c3584f20b-00D
.bit.ly/	1970-01-21 15:00:47	Name: __gads Value: ID=d73ddad08a705649:T=1748351561:RT=1748351561:S=ALNI_MYiAT5bNpk7rNkUgFKbJ7x-GiMYfw
.bit.ly/	1970-01-21 15:00:47	Name: __gpi Value: UID=00001022c5cd134f:T=1748351561:RT=1748351561:S=ALNI_MZs2HEul4oQMbHNecE3-V9RibhMDQ
.bit.ly/	1970-01-21 09:58:23	Name: __eoi Value: ID=96a42cd550f22429:T=1748351561:RT=1748351561:S=AA-Afjb13-vozSFFe2DpgUCvt2ar
.doubleclick.net/	1970-01-21 15:15:11	Name: IDE Value: AHWqTUnt0AIRNDStW1iUQCt1n1RUiGm0XPZqXFib9sPoYcHdvTK3BTTkrjLprqYC
.casalemedia.com/	1970-01-21 14:24:47	Name: CMID Value: aDW6S9HM66kACCY4ARqg1AAA
.casalemedia.com/	1970-01-21 07:48:47	Name: CMPS Value: 1327
.casalemedia.com/	1970-01-21 07:48:47	Name: CMPRO Value: 1327
.doubleclick.net/	1970-01-21 06:22:23	Name: ar_debug Value: 1
.doubleclick.net/	1970-01-21 09:58:23	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-21 07:48:47	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C''opA@U!@wnfH8K6pQK`!5=E<L5?%KD.P(w(3ayIicu$iQiglyP2H`[u@<iH<GFwR@bpRzqF1`b^^-*(s:9
.adnxs.com/	1970-01-21 07:48:47	Name: XANDR_PANID Value: Y6yfSwwH9i57eMIte9_4mVeiNm_ZW_UWaroVKrL2uueulZqdl5P25SdTMNon5bAr8Gqy_l6Bxgku_dEu0bDlwzjWnIPWAzjG1GtAvARK1qU.
.adnxs.com/	1970-01-21 07:48:47	Name: uuid2 Value: 6156112847699740712

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html Message: [GroupMarkerNotSet(crbug.com/242999)!:A0101D00243F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html Message: [GroupMarkerNotSet(crbug.com/242999)!:A050A818243F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0f49d8c4a4cdff1737d3fbcf21a3fa9d.safeframe.googlesyndication.com
ad.doubleclick.net
bit.ly
cm.g.doubleclick.net
csi.gstatic.com
d1ayxb9ooonjts.cloudfront.net
dsum-sec.casalemedia.com
ep1.adtrafficquality.google
ep2.adtrafficquality.google
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
s0.2mdn.net
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.google.com
csi.gstatic.com
104.18.27.193
142.250.200.3
142.250.31.147
142.251.111.155
142.251.16.132
142.251.163.132
142.251.167.154
142.251.167.94
142.251.179.149
172.253.122.148
172.253.62.154
172.253.62.157
172.253.63.95
192.178.155.132
54.230.48.157
64.233.180.156
67.199.248.11
68.67.181.102
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
14b660a511e14a9a481c6fe43c576f36c61b656cfd379728c54f1128e1855966
1657584221779c9f6943c52bb7fba23376c18be3e021da4168fab39d8bb7863a
3f1c4d1df1ad822b77bfad7569189f3861c51e63e9dd05fd5d37e7d395b376ad
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
50372d78d348a80a73a452b595840a7e2b2def7406a291b0842c3ef097b8c14e
56a8a4fb115b24277c898d84fe68a5a12276708dbc73311d691be21761c188d0
56b8de493133e66949fb4e7179fc6398806e734bb30cef739674fe9254f4c4b7
5740bce57f68562d42e8ca6f6eb70dca3bc33be11ef0361e78274d360f41adc9
5822c1ad5bfd86aa17808a851d6f05e560c2773f61a728f23cebf493dc9a4ec6
59bf1b3d98a046f73f1852acf5aaed1f0080124d087ebeafc7cfb15e5ab1d6ab
638b32a4f2339ff4f58198fe56ffb89091e03c23d76a39821797c01f026e21ef
69df9520e73d741f328f7a40e279710499d1e2af1a81de60b2be855802f0745c
6a39349df968a2349960f419cdfff35591b3d0ff89e0e0a69831ec30c82d5cb8
74cca4239de7577193a606f7ac054ae52f2678bccf710339dc767065de229092
760e5d0b97d6707a3d5c2c949bd70e7668484a144f383f3a4dfa878bad15e8ca
7c9f883dc969d65733d8cff956e1552167aafb74df384bdd8020a97ec06c4556
84b0bb852b51092663620680b18740e90e81da763d24508f008c1c0a9cdf0e80
8ad3be2c025fa4e17e0cca12c7c8195b338db7d4ebbae6db0b4b6b9bd2ad2ad1
8c9c942cbc4b50a998e5204686305e5192f73e9a64425654ef4b8716015b8b67
964ea76e22592a51ba0cd6ee35a529340320bf4143a442d088aba84b8466be76
9e64f128d5352d04ea5c87031e4cf1ad204b72a0afb003ece52eeb997d28a570
9fc89654aff6bca6c890b30bd0833eb2f18d63a61c0a9ece5246537ad6f73c5e
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623
aea18751d1237bfbdc12b9980842a50a5120430672cf4e2b39ae82dd4c0da039
b04596e6ac89335e0834fb83ad0bf0eeac03ed77874b89aebaf6ef412678cf15
b0e9f60937c6eba45939c5559f7b9d7a3ee909d78146d6409568a352bc975413
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bca04e14f8463b6a4c01175c4a2439fa7cec83fef57794e5e7a2cf55fd9c93f0
be507b359cc4919d2c1154e11c9d17b94ba03bc583f0d31fffc3525583bec00d
bef547e2ac2d3c93de149566b20050c88bfc0dc32ab84f15d288973704544a2e
c51fd35cfbc5051824cd1a683fade7868ec80575227d1446ec833e97727f28b2
cf3a1f5bae496ea0e4aeda4108a132d8f1e48707d083d948ef629aedc33c7fa1
d0d116b21c9ac496c162f9074c75ce227719d025422a1794a57f497718f87cee
d8f9cf7d5ad950875cfd016cbecf6f5b476392d42574550241329e9669c39a30
dcc0e38650b5666ce55080f920453b32dea8b324a69c874d94f7498bfe69c3f0
e2186f8814f8290dcfce59b5d8b0463e08af5df34a624a018411b4be9dd63d5b
e25bcc9dee748831827b2a2c85b06654ca507b77a82158a452694fa41623b438
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
eb71d9655491b198debed418404907f06d0482f519f60082d165132471c90715
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f17cdb7a5befadc769803c3e8030448b04dd9e13ff9245b042d66a6d854b8594
f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b
fb0bd4bab7b708fb15701678ad3a8f59823f1ac963b012074aef10dabe5abca1
fb1bf528d8237aac3e9ead389ab246ba0068f61fe281610110937ef2b8adefce
fec5a361dec923efe92848ca27b02b158b164380a9eaf6cc1625e08e0d9c101e

bit.ly Open in urlscan Pro 67.199.248.11 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

64 Requests

92 %HTTPS

0 %IPv6

11 Domains

18 Subdomains

19 IPs

2 Countries

740 kBTransfer

1972 kBSize

13 Cookies

8 Outgoing links

Page URL History

Redirected requests

64 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

bit.ly Open in urlscan Pro
67.199.248.11 Public Scan

Screenshot
Live screenshot

Full Image

64
Requests

92 %
HTTPS

0 %
IPv6

11
Domains

18
Subdomains

19
IPs

2
Countries

740 kB
Transfer

1972 kB
Size

13
Cookies

64 HTTP transactions
2 data transactions