xn--m9jp9mi8fra1016gid0b.net Open in urlscan Pro Puny
アジサイの育て方.net IDN
183.90.238.38 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://xn--m9jp9mi8fra1016gid0b.net/
Effective URL:
https://xn--m9jp9mi8fra1016gid0b.net/
Submission: On May 27 via manual (May 27th 2021, 1:11:25 pm UTC) from US

Summary HTTP 227 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 46 IPs in 8 countries across 30 domains to perform 227 HTTP transactions. The main IP is 183.90.238.38, located in Japan and belongs to XSERVER Xserver Inc., JP. The main domain is xn--m9jp9mi8fra1016gid0b.net.
TLS certificate: Issued by R3 on May 23rd 2021. Valid for: 3 months.

This is the only time xn--m9jp9mi8fra1016gid0b.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 29	183.90.238.38 183.90.238.38	131965 (XSERVER X...) (XSERVER Xserver Inc.)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
10	192.0.77.2 192.0.77.2	() ()
11	13.226.159.91 13.226.159.91	() ()
8	2a00:1450:400... 2a00:1450:4001:812::200e	() ()
1 1	54.238.149.14 54.238.149.14	16509 (AMAZON-02) (AMAZON-02)
1	13.224.195.17 13.224.195.17	() ()
1	153.120.49.76 153.120.49.76	7684 (SAKURA-A ...) (SAKURA-A SAKURA Internet Inc.)
1	192.0.77.32 192.0.77.32	() ()
2	192.0.76.3 192.0.76.3	() ()
2	2a03:2880:f03... 2a03:2880:f030:13:face:b00c:0:3	() ()
7	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	() ()
10	2a00:1450:400... 2a00:1450:4001:809::2002	() ()
1	2a00:1450:400... 2a00:1450:4001:82f::2002	() ()
3	13.226.159.42 13.226.159.42	() ()
1	2a00:1450:400... 2a00:1450:400c:c00::9a	() ()
1	2a00:1450:400... 2a00:1450:4001:82f::200d	() ()
2 8	2a00:1450:400... 2a00:1450:4001:809::2004	() ()
1	2a00:1450:400... 2a00:1450:4001:80f::2003	() ()
1	142.250.181.226 142.250.181.226	() ()
1	2a00:1450:400... 2a00:1450:4001:808::2002	() ()
1	2a00:1450:400... 2a00:1450:4001:830::2002	() ()
25	2a00:1450:400... 2a00:1450:4001:811::2002	() ()
2	2a00:1450:400... 2a00:1450:4001:809::2003	() ()
1	2a00:1450:400... 2a00:1450:4001:810::2002	() ()
1 2	104.244.42.136 104.244.42.136	() ()
3	185.29.133.199 185.29.133.199	() ()
1 43	2a00:1450:400... 2a00:1450:4001:813::2001	() ()
4	2a00:1450:400... 2a00:1450:4001:827::2002	() ()
2	2a00:1450:400... 2a00:1450:4001:831::200a	() ()
3	2a00:1450:400... 2a00:1450:4001:831::2003	() ()
1	2a00:1450:400... 2a00:1450:4001:827::200e	() ()
1	2a00:1450:400... 2a00:1450:4001:80e::200e	() ()
2	2a00:1450:400... 2a00:1450:4001:800::200e	() ()
1	136.243.149.243 136.243.149.243	() ()
1	2.18.233.201 2.18.233.201	() ()
1 4	138.201.63.149 138.201.63.149	() ()
1	2a00:1450:400... 2a00:1450:4001:829::2003	() ()
2	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	() ()
2 2	99.80.199.35 99.80.199.35	() ()
12	172.217.23.98 172.217.23.98	() ()
3 3	35.227.252.103 35.227.252.103	() ()
3 3	185.64.190.78 185.64.190.78	() ()
2 2	69.173.144.139 69.173.144.139	() ()
1 1	79.137.69.120 79.137.69.120	() ()
1 2	104.111.239.217 104.111.239.217	() ()
1 1	18.195.172.136 18.195.172.136	() ()
2	54.36.108.3 54.36.108.3	() ()
12	2a03:2880:f13... 2a03:2880:f130:83:face:b00c:0:25de	() ()
227	46

29 183.90.238.38 (Japan) 1 redirects

ASN131965 (XSERVER Xserver Inc., JP)
PTR: sv2337.xserver.jp

xn--m9jp9mi8fra1016gid0b.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 192.0.77.2 (United States)

ASN- ()
PTR: i2.wp.com

i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 13.226.159.91 (United States)

ASN- ()
PTR: server-13-226-159-91.dus51.r.cloudfront.net

b.st-hatena.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN- ()

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.238.149.14 (Tokyo, Japan) 1 redirects

ASN16509 (AMAZON-02, US)

flower.blogmura.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.195.17 (United States)

ASN- ()
PTR: server-13-224-195-17.fra2.r.cloudfront.net

b.blogmura.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 153.120.49.76 (Japan)

ASN7684 (SAKURA-A SAKURA Internet Inc., JP)
PTR: www28.with2.net

blog.with2.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.32 (United States)

ASN- ()
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (United States)

ASN- ()

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f030:13:face:b00c:0:3 (France)

ASN- ()

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:2800:234:59:254c:406:2366:268c (United States)

ASN- ()

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN- ()

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN- ()

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.226.159.42 (United States)

ASN- ()
PTR: server-13-226-159-42.dus51.r.cloudfront.net

b.hatena.ne.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN- ()

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200d (Frankfurt am Main, Germany)

ASN- ()

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany) 2 redirects

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN- ()

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.226 (United States)

ASN- ()
PTR: fra16s56-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN- ()

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN- ()

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN- ()

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN- ()

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN- ()

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.136 (United States) 1 redirects

ASN- ()

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.133.199 (United Kingdom)

ASN- ()

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany) 1 redirects

ASN- ()

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN- ()

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN- ()

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN- ()

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN- ()

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN- ()

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN- ()

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 136.243.149.243 (Germany)

ASN- ()
PTR: static.243.149.243.136.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.201 (Frankfurt am Main, Germany)

ASN- ()
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.149 (Lingenfeld, Germany) 1 redirects

ASN- ()
PTR: static.149.63.201.138.clients.your-server.de

hal90009.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN- ()

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States)

ASN- ()

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.80.199.35 (Dublin, Ireland) 2 redirects

ASN- ()

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 172.217.23.98 (United States)

ASN- ()
PTR: fra16s45-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.252.103 (Kansas City, United States) 3 redirects

ASN- ()

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.78 (United Kingdom) 3 redirects

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.139 (Frankfurt am Main, Germany) 2 redirects

ASN- ()

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 79.137.69.120 (France) 1 redirects

ASN- ()
PTR: gcm10.host.hit.gemius.pl

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.239.217 (Frankfurt am Main, Germany) 1 redirects

ASN- ()
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.172.136 (Frankfurt am Main, Germany) 1 redirects

ASN- ()

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.36.108.3 (France)

ASN- ()
PTR: ns3112796.ip-54-36-108.eu

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a03:2880:f130:83:face:b00c:0:25de (France)

ASN- ()

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
55	googlesyndication.com 1 redirects pagead2.googlesyndication.com tpc.googlesyndication.com	661 KB
36	doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	138 KB
29	xn--m9jp9mi8fra1016gid0b.net 1 redirects xn--m9jp9mi8fra1016gid0b.net	351 KB
19	google.com 2 redirects apis.google.com accounts.google.com www.google.com adservice.google.com	137 KB
13	wp.com i1.wp.com i2.wp.com i0.wp.com s0.wp.com stats.wp.com pixel.wp.com	108 KB
12	facebook.com www.facebook.com	443 KB
11	st-hatena.com b.st-hatena.com	25 KB
10	gstatic.com ssl.gstatic.com www.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com encrypted-tbn1.gstatic.com fonts.gstatic.com	157 KB
9	twitter.com 1 redirects platform.twitter.com syndication.twitter.com	175 KB
6	googletagservices.com www.googletagservices.com	212 KB
5	redintelligence.net 1 redirects hal9000.redintelligence.net hal90009.redintelligence.net	10 KB
4	mathtag.com tags.mathtag.com pixel.mathtag.com	3 KB
3	pubmatic.com 3 redirects image6.pubmatic.com	1 KB
3	openx.net 3 redirects rtb.openx.net	989 B
3	google.de www.google.de adservice.google.de	394 B
3	hatena.ne.jp b.hatena.ne.jp	3 KB
3	googleapis.com ajax.googleapis.com fonts.googleapis.com	34 KB
2	contentspread.net cdn.contentspread.net	38 KB
2	awin1.com 1 redirects www.awin1.com	1 KB
2	rubiconproject.com 2 redirects pixel.rubiconproject.com	917 B
2	everesttech.net 2 redirects pixel.everesttech.net	752 B
2	quantserve.com cms.quantserve.com	672 B
2	facebook.net connect.facebook.net	66 KB
2	blogmura.com 1 redirects flower.blogmura.com b.blogmura.com	3 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	agkn.com 1 redirects d.agkn.com	767 B
1	gemius.pl 1 redirects googlecm.hit.gemius.pl	339 B
1	googleadservices.com partner.googleadservices.com	273 B
1	with2.net blog.with2.net	3 KB
1	jquery.com code.jquery.com	33 KB
227	30

	Domain	Requested by
43	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net xn--m9jp9mi8fra1016gid0b.net tpc.googlesyndication.com pagead2.googlesyndication.com
29	xn--m9jp9mi8fra1016gid0b.net	1 redirects xn--m9jp9mi8fra1016gid0b.net
23	googleads.g.doubleclick.net	pagead2.googlesyndication.com xn--m9jp9mi8fra1016gid0b.net googleads.g.doubleclick.net
12	www.facebook.com	connect.facebook.net www.facebook.com
12	cm.g.doubleclick.net	xn--m9jp9mi8fra1016gid0b.net googleads.g.doubleclick.net
12	pagead2.googlesyndication.com	xn--m9jp9mi8fra1016gid0b.net pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
11	b.st-hatena.com	xn--m9jp9mi8fra1016gid0b.net b.hatena.ne.jp b.st-hatena.com
8	www.google.com	2 redirects xn--m9jp9mi8fra1016gid0b.net apis.google.com googleads.g.doubleclick.net tpc.googlesyndication.com
8	apis.google.com	xn--m9jp9mi8fra1016gid0b.net apis.google.com accounts.google.com
7	platform.twitter.com	xn--m9jp9mi8fra1016gid0b.net platform.twitter.com
6	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
5	i2.wp.com	xn--m9jp9mi8fra1016gid0b.net
4	hal90009.redintelligence.net	1 redirects googleads.g.doubleclick.net hal90009.redintelligence.net
4	i1.wp.com	xn--m9jp9mi8fra1016gid0b.net
3	image6.pubmatic.com	3 redirects
3	rtb.openx.net	3 redirects
3	www.gstatic.com	googleads.g.doubleclick.net
3	tags.mathtag.com	googleads.g.doubleclick.net tags.mathtag.com
3	b.hatena.ne.jp	b.st-hatena.com
2	cdn.contentspread.net	hal90009.redintelligence.net
2	www.awin1.com	1 redirects googleads.g.doubleclick.net
2	pixel.rubiconproject.com	2 redirects
2	pixel.everesttech.net	2 redirects
2	cms.quantserve.com	googleads.g.doubleclick.net
2	fonts.gstatic.com	fonts.googleapis.com
2	encrypted-tbn1.gstatic.com	googleads.g.doubleclick.net
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	syndication.twitter.com	1 redirects platform.twitter.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	connect.facebook.net	xn--m9jp9mi8fra1016gid0b.net connect.facebook.net
2	www.google-analytics.com	xn--m9jp9mi8fra1016gid0b.net www.google-analytics.com
1	d.agkn.com	1 redirects
1	googlecm.hit.gemius.pl	1 redirects
1	pixel.mathtag.com	tags.mathtag.com
1	hal9000.redintelligence.net	xn--m9jp9mi8fra1016gid0b.net
1	encrypted-tbn3.gstatic.com	googleads.g.doubleclick.net
1	encrypted-tbn2.gstatic.com	googleads.g.doubleclick.net
1	ssl.gstatic.com	accounts.google.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	pixel.wp.com	xn--m9jp9mi8fra1016gid0b.net
1	www.google.de	xn--m9jp9mi8fra1016gid0b.net
1	accounts.google.com	apis.google.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	stats.wp.com	xn--m9jp9mi8fra1016gid0b.net
1	s0.wp.com	xn--m9jp9mi8fra1016gid0b.net
1	blog.with2.net	xn--m9jp9mi8fra1016gid0b.net
1	b.blogmura.com	xn--m9jp9mi8fra1016gid0b.net
1	flower.blogmura.com	1 redirects
1	i0.wp.com	xn--m9jp9mi8fra1016gid0b.net
1	ajax.googleapis.com	xn--m9jp9mi8fra1016gid0b.net
1	code.jquery.com	xn--m9jp9mi8fra1016gid0b.net
227	52

This site contains links to these domains. Also see Links.

Domain
i2.wp.com
i1.wp.com
form1.fc2.com
flower777.mimoza.jp
xn--m9jp9m6aj7c2644did0b.net
xn--m9jp8q5a9qub3d2711dsz4b.net
xn--m9jp5n2a9d8536b7pvb.com
xn--m9jp3ya3i5308a7pvb.com
jagaimo-saibai.com
flower.blogmura.com
blog.with2.net
keyword.blogmura.com

Subject Issuer	Validity	Valid
www.xn--m9jp9mi8fra1016gid0b.net R3	`2021-05-23` - `2021-08-21`	3 months	crt.sh
jquery.org Sectigo RSA Domain Validation Secure Server CA	`2020-10-06` - `2021-10-16`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.b.st-hatena.com Amazon	`2020-10-25` - `2021-11-24`	a year	crt.sh
*.apis.google.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.blogmura.com Amazon	`2021-03-03` - `2022-04-01`	a year	crt.sh
blog.with2.net JPRS Domain Validation Authority - G4	`2020-12-11` - `2021-12-31`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
*.b.hatena.ne.jp Amazon	`2020-10-20` - `2021-11-19`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2022-04-22`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
redintelligence.net R3	`2021-04-21` - `2021-07-20`	3 months	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2021-07-15`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
www.awin1.com DigiCert Secure Site ECC CA-1	`2020-04-21` - `2021-07-21`	a year	crt.sh
contentspread.net R3	`2021-04-05` - `2021-07-04`	3 months	crt.sh

This page contains 37 frames:

Primary Page: https://xn--m9jp9mi8fra1016gid0b.net/
Frame ID: 8B46688119D022A922E20033785C9208
Requests: 70 HTTP requests in this frame

Frame: https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=ja&origin=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.p7L79FLXQCw.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g%2Fm%3D__features__
Frame ID: 3AC2ED44BAB088312F827F6FE4569166
Requests: 1 HTTP requests in this frame

Frame: https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=ja&origin=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.p7L79FLXQCw.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g%2Fm%3D__features__
Frame ID: EAD470849EFEF150C6B7B89B782E1682
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210524/r20190131/zrt_lookup.html
Frame ID: 4D9E67DE2D5F189CE171F4FEB89166A8
Requests: 1 HTTP requests in this frame

Frame: https://b.hatena.ne.jp/entry/button/?url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e3%2583%2581%25e3%2583%25a7%25e3%2582%25b3%25e3%2583%2581%25e3%2583%2583%25e3%2582%25af%25e3%2583%259b%25e3%2583%25af%25e3%2582%25a4%25e3%2583%2588.html&mode=popup
Frame ID: 47EF72C245CF64422399FF99E2E62BC8
Requests: 4 HTTP requests in this frame

Frame: https://b.hatena.ne.jp/entry/button/?url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e6%25a0%25bd%25e5%259f%25b9-qa%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4-%25e8%2582%25b2%25e3%2581%25a6%25e3%2582%2584%25e3%2581%2599%25e3%2581%2584%25ef%25bc%259f.html&mode=popup
Frame ID: F88BCB39412CB6D75E0FA5122ACC44FD
Requests: 4 HTTP requests in this frame

Frame: https://b.hatena.ne.jp/entry/button/?url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e5%2588%259d%25e6%2581%258b.html&mode=popup
Frame ID: AE26284CDA78DF52F91594240EF04EBC
Requests: 4 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.p7L79FLXQCw.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g%2Fm%3D__features__
Frame ID: 25C3FC08AD28488E5106F7C07DAB94B8
Requests: 4 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net
Frame ID: D0164AD6947585167D4D991825136965
Requests: 2 HTTP requests in this frame

Frame: https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=ja&origin=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.p7L79FLXQCw.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g%2Fm%3D__features__
Frame ID: 403DD7FA05FC2D3C3BA7FB130968242E
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&adk=1812271804&adf=3025194257&lmt=1622121063&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&format=0x0&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063424&bpp=3&bdt=1276&idt=218&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7377409692150&frm=20&pv=2&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=241
Frame ID: 087C5889E247B61AD2F70AB58ACFDE27
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=3227892732&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063427&bpp=2&bdt=1280&idt=248&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=985&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=2U8N8CkQ5I&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=258
Frame ID: 64168282D2153B5ADDD2B0C32DF1AC35
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=604988848&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063429&bpp=1&bdt=1282&idt=276&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=2268&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=QZhJw0wwEI&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=280
Frame ID: 99F9E46356CF891552B7716E59A03B09
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=3989722972&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063430&bpp=1&bdt=1283&idt=287&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=3460&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=62d10EtzU1&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=292
Frame ID: C2FA4663400F1F8943974C6DF0E85E48
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=399&slotname=1250160123&adk=4098457666&adf=2106242515&pi=t.ma~as.1250160123&w=666&cr_col=4&cr_row=2&fwrn=2&lmt=1622121063&rafmt=9&psa=0&format=666x399&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063456&bpp=1&bdt=1309&idt=316&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=4387&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wVt5N0xkDt&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=321
Frame ID: 66BB4AA336568F8B4E1FB29DBDCA4E3A
Requests: 28 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=600&slotname=8412015728&adk=3975475001&adf=1919225299&pi=t.ma~as.8412015728&w=219&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=4&psa=0&format=219x600&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063501&bpp=43&bdt=1354&idt=295&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280%2C666x399&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1057&ady=1189&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=iH17qFM3Pe&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=302
Frame ID: 9BC0DA91ECFF1B1AEB03A41DDED873F2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CIu3yZ5qvYLC4Moa0twfC_YH4Ds-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItMzAwMTk2ODgwNDY1NDc4NcgBCagDAaoEygFP0JPADDvHI3fCv1P59cB-pD99DZ-qv3cDUkY0hlZsptA1KiampmcZfzM23LhAfmsADRUnAP0YRTm923mkuN0Ne5fLYQE6153_Luun_xXjhUt_bYI6pKCNxqYFB7aAm4lofkekv-MYO_TnnwfcX7jB9Y5daQrWfj34a9GFDObiPsEp9xlLwFahc2nVx7Fvz0jiRTGtaRvtaT8YqS1Zcz-AUCJuKTM_zrl3e66qraOoB0lRjovGZ9kI9HwWkigtQ9ZIhuxmfOhx88xpgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGAoWEhRwdWItMzAwMTk2ODgwNDY1NDc4NQ&sigh=zbZZ7n7pELc&tpd=AGWhJmtJB6V3EEP0YL8ZBH5uEWkTkKVOvxmAb86pfzE1v9iVyu48GWljeYtpcqydQbj1EFDUjftOkFLh8yQjFAbyUMREY5njpPu_jLKaHgzqu-6shby7cx10bHYsxtwmyEQaAvTf-ATSzApGvChVmsFhdb3dhgbJr8qLhgheq5YisO-i1Et0xvr79FH8QYT4nAB2mPqi0q0u-8PueMUvwN_LkEUdaH2b9_GhaovMiCNk93Xg-s9LKB-36kDXPyuo9laAJ96FY7Fqk3fYRKotDji_jC-enLLi70cNio-9TT2rz2KxRq9WPiaFR_ZRZDOSXMVKw8oyFoiS7dWxP3bWkcEe3DkmLjyTQTUD75e1f9eLPWb0t7tebQc3sz8si5Wxj2uPi5wPA01dbiwJT6nK1j2nHU4pDICWgP3CbJ5wT2qyDCwS5fYsPCWxIavkMxaQ_Eji3iEeOKmsdETgi-zDXYcACXHQVNImihNCaHOexuzCH3UZ1VdCzocf8Ets4UZZ8Xz8HGr3hJAv8zCgLqTYEGR_AnivR5C6lfU1ANZvaUA7xZCvk-K40HmN4o0sJHiRaFOQTKu1mZzve_L8b5DRJhOn5FHaaO6Z0BdhcSQlklId2LvJ6FoyLhfMFc1LpKXaKHi3gRvRSvPf3Zvgv3YtFGTnmSR_R0xCDxLv5flMD2Uo30M66IwhJfyW4dPmGv1ltYdABDR0XTupY6CEvkJGfnm-XpXYT6CMhIBgwd8DjkKbveWdsygKMp1MKQ_Kaj5mW-7voZAz4FCZwycboSMjTSyRMkDO1HF6pIm46pcqv6PICyJdLzr8CpO1UuhrVdez9aEL9crlGj2T8LQWYM5Yn0tRC_s7kLrVN5T7yBv2zFqZbHeCAtnqm_yJwZKKH0NEwhavQ_6k7qHuv3Y7lnG2eEj7MxY-QXMdtplA6nIWC7ChxY6bMQYKqcG83SSTtxRNqmPSVzvh9Wct0lnrQlLd320rqZk1hcGb8eEYTJsamPx7J2bgW36woWvLPj-JA0P7rqQOErjdKg1zfDrTRic53iSFMjpCbp31vIg
Frame ID: 1D014204B4EBF7520C98A1CB98BC8533
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/index.html
Frame ID: D5821D4C94F085381B61EF7F172AF929
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CvoIyZ5qvYJuRK9iKtwelupqYB5mlto5iv6nH6_sMrs3mrYkCEAEgtamjBmCVAqAB5rC9vwPIAQmpAo_rejQze7Q-qAMByANIqgTVAU_QANkGmqw4kJpOQZl4MN_XXu2ThdOfUTdDtKlHqVcJcc9yoA4KShW_jPdEqFxPkgrJzcX0My03ge8dTMHn81-PVtX0Y2M420PRfXqYvUCZzq3lShEQ7Z7-uhkt5RLLGkLrYLOmJLV6KLj4KMFTTxbyuxtJZPxLc6xnohX7JYcYfJQF_N1PCar2tVTIrRaYQx62bk4VO0AJ7F_m1Ubm019IFL-gzH3bzCayEz1mIAbXMvsQsxFgM6BIGFsDFVZwtEgCe3gp0GD5xJp2RRUOMqPsPXLhC8AEqd6vxMEDkgUECAQYAZIFBAgFGASgBi6AB4LPwkCoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQyPEK0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBgBcBshcaChgIABIUcHViLTMwMDE5Njg4MDQ2NTQ3ODU&sigh=PNe_PBTvlA8&template_id=419
Frame ID: 54EB7778503F4DBBD033C9B14A85BCE9
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 0E20A811C080702B54E96EB1835B4422
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/HZvw8QdJrJJXuJ48IXlV8VF-H8RHnxePCtakS6ABBeA.js
Frame ID: 21B5485ECC2A9B8A1655ED955FED540F
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.06c6ee58c3810956b7509218508c7b56.ja.html
Frame ID: 6E6A07D3210BAC2D6C370B7EBA901532
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.06c6ee58c3810956b7509218508c7b56.ja.html
Frame ID: 7A64AF2F9E98AE5929F01F45FC23E9D4
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.06c6ee58c3810956b7509218508c7b56.ja.html
Frame ID: C7CAFD63BBF3E904E652B944700EFA41
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8440874748895933971/index.html
Frame ID: 17DCA268CC165DE8B21779345347DA47
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=Csbm3Z5qvYMvuLIHGtwfCx5fICYvT_fxirYTujtMN6_D-gMckEAEgtamjBmCVAqAB4J7E-APIAQmpAo_rejQze7Q-qAMByANIqgTQAU_QQAa2odOWPuftspmwj081koy4FMcKGsL5zxKV2zhndZNVAl4OscNU2Q21H9Oic3Xc_LblWjIifqqloSO1WKdQYN0bpLRZvyws3VztWkcIFGpQGo25n-soLPcI_mtgjV794ASRbffnywFLfnD56Tne4Vp6Gclxm-p9AVv4SrA2PxGBP1u9CcEdEmA2y6jttY56092uHzB6KwTThFnFST75ysu_k5kiGA2N_HLwMQvR9QEg5IsnAPT8BVEwv_dC6QC9rtg6OmB4TiA4iWXlHWjABOChmpbAA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfHwPYCqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEIXRCtIICQiA4YAQEAEYH4AKAcgLAdgTDNAVAZgWAYAXAbIXGgoYCAASFHB1Yi0zMDAxOTY4ODA0NjU0Nzg1&sigh=pCsoQK1jLk0&template_id=419
Frame ID: 5DB3487F4ACE1DE2AA130D2041361771
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 90CCBD24F2CEBD4E8FB6EF4162915CA3
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5A2374166F27C7881A9F9B4FDE0A1EDB
Requests: 9 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: 9FC549CF1CDE8DD19802E4393D3A2948
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/HZvw8QdJrJJXuJ48IXlV8VF-H8RHnxePCtakS6ABBeA.js
Frame ID: 3E18DFF49D89F715DFAA569003EAC861
Requests: 1 HTTP requests in this frame

Frame: https://hal90009.redintelligence.net/request_content.php?s=16121600137314902179201011607009&a=c6a1e9dd
Frame ID: BCFE18B576974589A77CC8491D940C11
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 29554300843E1FA76641E33CBE9538F8
Requests: 9 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df300f6c3cc656b4%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e3%2583%2581%25e3%2583%25a7%25e3%2582%25b3%25e3%2583%2581%25e3%2583%2583%25e3%2582%25af%25e3%2583%259b%25e3%2583%25af%25e3%2582%25a4%25e3%2583%2588.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200
Frame ID: B079F1F7E1BB2C29554921FBDFB199AE
Requests: 4 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df18037ce209179c%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e6%25a0%25bd%25e5%259f%25b9-qa%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4-%25e8%2582%25b2%25e3%2581%25a6%25e3%2582%2584%25e3%2581%2599%25e3%2581%2584%25ef%25bc%259f.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200
Frame ID: 6EADCE12631CE9C31D91828BC798D100
Requests: 4 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df29e6c80311207%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e5%2588%259d%25e6%2581%258b.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200
Frame ID: 03FB912E605F42030227450FC3614F47
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: A221C918507B93F46431342120BD4462
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E186E9B750DFDF992ABDE1ED59E1F4DA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://xn--m9jp9mi8fra1016gid0b.net/ HTTP 301
https://xn--m9jp9mi8fra1016gid0b.net/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+s\d+\.wp\.com/i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+s\d+\.wp\.com/i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+s\d+\.wp\.com/i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

Page Statistics

227
Requests

99 %
HTTPS

54 %
IPv6

30
Domains

52
Subdomains

46
IPs

8
Countries

2617 kB
Transfer

6450 kB
Size

3
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://i2.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2021/05/Choco-Chic-White.jpg?ssl=1

Search URL Search Domain Scan URL

URL: https://i2.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2020/09/ajisai001.jpg?ssl=1

Search URL Search Domain Scan URL

URL: https://i1.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2017/06/hatukoi003.jpg?ssl=1

Search URL Search Domain Scan URL

URL: http://form1.fc2.com/form/?id=3078116081bd2dfd
Title: メールはこちらから

Search URL Search Domain Scan URL

URL: http://flower777.mimoza.jp/
Title: 園芸ナビ｜花と野菜の育て方

Search URL Search Domain Scan URL

URL: https://xn--m9jp9m6aj7c2644did0b.net/
Title: アサガオの育て方.net

Search URL Search Domain Scan URL

URL: https://xn--m9jp8q5a9qub3d2711dsz4b.net/
Title: シクラメンの育て方.net

Search URL Search Domain Scan URL

URL: https://xn--m9jp5n2a9d8536b7pvb.com/
Title: スイカの育て方.com

Search URL Search Domain Scan URL

URL: https://xn--m9jp3ya3i5308a7pvb.com/
Title: トマトの育て方.com

Search URL Search Domain Scan URL

URL: https://jagaimo-saibai.com/
Title: ジャガイモ栽培.com

Search URL Search Domain Scan URL

URL: https://flower.blogmura.com/ranking.html

Search URL Search Domain Scan URL

URL: https://blog.with2.net/link.php?1719401:2191

Search URL Search Domain Scan URL

URL: https://keyword.blogmura.com/key00008654.html
Title: [アジサイ] ブログ村キーワード

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://xn--m9jp9mi8fra1016gid0b.net/ HTTP 301
https://xn--m9jp9mi8fra1016gid0b.net/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24

https://flower.blogmura.com/img/flower88_31.gif HTTP 301
https://b.blogmura.com/flower/88_31.gif

Request Chain 114

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDrw7O6IhCwCRisAjII9947V29w5qI HTTP 301
https://tpc.googlesyndication.com/simgad/6390794388280864672

Request Chain 147

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 165

https://hal90009.redintelligence.net/request.php?zone=tojuhhm84f1g&nw=20&renderingType=javascript&namespace=4bbc9124e9&subid=&uid=6b29fce8fa1bb1f9&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D5004167035727989250%26mt_id%3D8675608%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D429a60af-9a67-4801-a6d5-859c91b877f0%26mt_cid%3D429a60af-9a67-4801-a6d5-859c91b877f0%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCwyTRZ5qvYLC4Moa0twfC_YH4Ds-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItMzAwMTk2ODgwNDY1NDc4NcgBCagDAaoEzQFP0JPADDvHI3fCv1P59cB-pD99DZ-qv3cDUkY0hlZsptA1KiampmcZfzM23LhAfmsADRUnAP0YRTm923mkuN0Ne5fLYQE6153_Luun_xXjhUt_bYI6pKCNxqYFB7aAm4lofkekv-MYO_TnnwfcX7jB9Y5daQrWfj34a9GFDObiPsEp9xlLwFahc2nVx7Fvz0jiRTGtaRvtaT8YqS1Zcz-AUCJuKTM_zrl3e66qraOoB0lRjovGZ9kItn4bAIS959HFIqTNpKjeA9F9UKnXgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0jAEbGdo6_X6QsVOAsCOwyYTUnnA%2526client%253Dca-pub-3001968804654785%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-3001968804654785%26output%3Dhtml%26h%3D600%26slotname%3D8412015728%26adk%3D3975475001%26adf%3D1919225299%26pi%3Dt.ma~as.8412015728%26w%3D219%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1622121063%26rafmt%3D4%26psa%3D0%26format%3D219x600%26url%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252F%26flash%3D0%26fwr%3D0%26rpe%3D1%26resp_fmts%3D4%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdXQ..%26dt%3D1622121063501%26bpp%3D43%26bdt%3D1354%26idt%3D295%26shv%3Dr20210524%26cbv%3D%252Fr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C666x280%252C666x280%252C666x280%252C666x399%26nras%3D1%26correlator%3D7377409692150%26frm%3D20%26pv%3D1%26ga_vid%3D838000433.1622121063%26ga_sid%3D1622121064%26ga_hid%3D15458963%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D1057%26ady%3D1189%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D42530671%252C31060957%26oid%3D3%26pvsid%3D3394013324203522%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CoeE%257C%26abl%3DCS%26pfx%3D0%26cms%3D2%26fu%3D128%26bc%3D31%26ifi%3D6%26uci%3Da!6%26fsb%3D1%26xpc%3DiH17qFM3Pe%26p%3Dhttps%253A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%26dtd%3D302&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net&random=2682362970106&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90009.redintelligence.net/request.php?zone=tojuhhm84f1g&nw=20&renderingType=javascript&namespace=4bbc9124e9&subid=&uid=6b29fce8fa1bb1f9&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D5004167035727989250%26mt_id%3D8675608%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D429a60af-9a67-4801-a6d5-859c91b877f0%26mt_cid%3D429a60af-9a67-4801-a6d5-859c91b877f0%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCwyTRZ5qvYLC4Moa0twfC_YH4Ds-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItMzAwMTk2ODgwNDY1NDc4NcgBCagDAaoEzQFP0JPADDvHI3fCv1P59cB-pD99DZ-qv3cDUkY0hlZsptA1KiampmcZfzM23LhAfmsADRUnAP0YRTm923mkuN0Ne5fLYQE6153_Luun_xXjhUt_bYI6pKCNxqYFB7aAm4lofkekv-MYO_TnnwfcX7jB9Y5daQrWfj34a9GFDObiPsEp9xlLwFahc2nVx7Fvz0jiRTGtaRvtaT8YqS1Zcz-AUCJuKTM_zrl3e66qraOoB0lRjovGZ9kItn4bAIS959HFIqTNpKjeA9F9UKnXgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0jAEbGdo6_X6QsVOAsCOwyYTUnnA%2526client%253Dca-pub-3001968804654785%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-3001968804654785%26output%3Dhtml%26h%3D600%26slotname%3D8412015728%26adk%3D3975475001%26adf%3D1919225299%26pi%3Dt.ma~as.8412015728%26w%3D219%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1622121063%26rafmt%3D4%26psa%3D0%26format%3D219x600%26url%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252F%26flash%3D0%26fwr%3D0%26rpe%3D1%26resp_fmts%3D4%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdXQ..%26dt%3D1622121063501%26bpp%3D43%26bdt%3D1354%26idt%3D295%26shv%3Dr20210524%26cbv%3D%252Fr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C666x280%252C666x280%252C666x280%252C666x399%26nras%3D1%26correlator%3D7377409692150%26frm%3D20%26pv%3D1%26ga_vid%3D838000433.1622121063%26ga_sid%3D1622121064%26ga_hid%3D15458963%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D1057%26ady%3D1189%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D42530671%252C31060957%26oid%3D3%26pvsid%3D3394013324203522%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CoeE%257C%26abl%3DCS%26pfx%3D0%26cms%3D2%26fu%3D128%26bc%3D31%26ifi%3D6%26uci%3Da!6%26fsb%3D1%26xpc%3DiH17qFM3Pe%26p%3Dhttps%253A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%26dtd%3D302&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net&random=2682362970106&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 184

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 191

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUIqN0cBuGRO8QrgjmQ-c-nY-66cF_N96CsaPcDtK9b9wVYa-xW5N9sY3Q0BGjLmHWSUpI7qNSijI1Y3hPAvCrHqsl3cHoyY&google_gid=CAESEBcLUfESW4LbBpJFI3mvLQY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtAYWFBQUFCZUtyMkduLQ&google_push=AQvitUIqN0cBuGRO8QrgjmQ-c-nY-66cF_N96CsaPcDtK9b9wVYa-xW5N9sY3Q0BGjLmHWSUpI7qNSijI1Y3hPAvCrHqsl3cHoyY

Request Chain 192

https://rtb.openx.net/sync/dds?google_gid=CAESEMGB0P1pywv2iRwbIJ-6dKM&google_cver=1&google_push=AQvitUIyKrCd-vW5l71wchJusjM7jvI7SmbKAPlrZ10Oz45lSB8A19yphLz91IkuXfGsr1OMmbDVFHgtwOB1LHuCas-dxDl835Ee HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEMGB0P1pywv2iRwbIJ-6dKM&google_cver=1&google_push=AQvitUIyKrCd-vW5l71wchJusjM7jvI7SmbKAPlrZ10Oz45lSB8A19yphLz91IkuXfGsr1OMmbDVFHgtwOB1LHuCas-dxDl835Ee&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIyKrCd-vW5l71wchJusjM7jvI7SmbKAPlrZ10Oz45lSB8A19yphLz91IkuXfGsr1OMmbDVFHgtwOB1LHuCas-dxDl835Ee&google_hm=lCb76YrCwuMdC0Ei0A1OfQ==

Request Chain 193

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPgF39W-eAKFQ_dAgDnANYg&google_cver=1&google_push=AQvitUInjUdmKMB-VTP1hAQPYOuwqAvamRr8TUTrKWcHZ2SqoGJ_CIdf0P-l6r-E6WZIECb_lfxUjAPDa-vEK9Q3_9dG0xCijGI HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPgF39W-eAKFQ_dAgDnANYg&google_cver=1&google_push=AQvitUInjUdmKMB-VTP1hAQPYOuwqAvamRr8TUTrKWcHZ2SqoGJ_CIdf0P-l6r-E6WZIECb_lfxUjAPDa-vEK9Q3_9dG0xCijGI&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1ANmh1iYRxCja2FVI2UF-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUInjUdmKMB-VTP1hAQPYOuwqAvamRr8TUTrKWcHZ2SqoGJ_CIdf0P-l6r-E6WZIECb_lfxUjAPDa-vEK9Q3_9dG0xCijGI

Request Chain 194

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAD1QzOVkf2B5OaLbjKUKa8&google_cver=1&google_push=AQvitUKuYpGNQu7nUlOn8QHt-KJl-n9vgOjBSPoB4VSaOY7SteFcwJ_j3qDw9O3Bh8lSYwefXCCp2nI3dU7gGw5mrnRUwlYYp8M HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A2WDAwMEQtWC00SDVB&google_push=AQvitUKuYpGNQu7nUlOn8QHt-KJl-n9vgOjBSPoB4VSaOY7SteFcwJ_j3qDw9O3Bh8lSYwefXCCp2nI3dU7gGw5mrnRUwlYYp8M

Request Chain 195

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw&google_cver=1&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw

Request Chain 196

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEKE2Flzct8DzNIRBKtPAYTE&google_cver=1&google_push=AQvitULqO9Jr0e4JNwCFua6Y8G9AkCuqE0XyxgHRBLCZKHH4OhPjKXq_ygmGQppWrtNtrQYQ44_ieYciOAZlY-G27PIFCS7gLGVkRA HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitULqO9Jr0e4JNwCFua6Y8G9AkCuqE0XyxgHRBLCZKHH4OhPjKXq_ygmGQppWrtNtrQYQ44_ieYciOAZlY-G27PIFCS7gLGVkRA&google_hm=

Request Chain 198

https://syndication.twitter.com/i/jot HTTP 302
https://platform.twitter.com/jot.html

Request Chain 205

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUL5KLMTpmsMeKKoPjDVWgz3NV5x1J49MPFJLKMER_DWzg_rYlVpraDMxeNvd1AjxsXzEJ1VNtm2lUGGoEE4zqR6S9-0G0MM&google_gid=CAESEJrsmdYSBuYL2q9V0rdJq5U&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtAYWFBQUFCQ3pXWG5DUQ&google_push=AQvitUL5KLMTpmsMeKKoPjDVWgz3NV5x1J49MPFJLKMER_DWzg_rYlVpraDMxeNvd1AjxsXzEJ1VNtm2lUGGoEE4zqR6S9-0G0MM

Request Chain 206

https://d.agkn.com/pixel/2175/?google_gid=CAESEN15AulxAUQCeGNIEU-3UmI&google_cver=1&google_push=AQvitUKVqHXSrI5RkyxPAI_MxqR4NOjkkDIJfuRm3kelYyIYQjU3DbB8TDUvnZPgCM9Ny0lDkOdxPZsa0m3PIZBE4lZET4IKj3m2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUKVqHXSrI5RkyxPAI_MxqR4NOjkkDIJfuRm3kelYyIYQjU3DbB8TDUvnZPgCM9Ny0lDkOdxPZsa0m3PIZBE4lZET4IKj3m2&google_hm=Q0FFU0VOMTVBdWx4QVVRQ2VHTklFVS0zVW1J

Request Chain 207

https://rtb.openx.net/sync/dds?google_gid=CAESECHjJ6sPDTXGyWu5Sl-yUYg&google_cver=1&google_push=AQvitUIzVYYooN7jI4u67ySeCChNCeXNl5Mfb5gVE2BxZVlgHgAzlcfinmSylpcBpMlakD8Bh5d9JqLQ3KUNL9zwqHI3ih889Xs5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIzVYYooN7jI4u67ySeCChNCeXNl5Mfb5gVE2BxZVlgHgAzlcfinmSylpcBpMlakD8Bh5d9JqLQ3KUNL9zwqHI3ih889Xs5&google_hm=lCb76YrCwuMdC0Ei0A1OfQ==

Request Chain 208

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPPUvDxaN1JqryZMy9vJ23M&google_cver=1&google_push=AQvitUI-hKWU3uEE54PYgs8ac-VjI18S400G1EkyGqtq3O5OgMlc_BmFMsX2BjjSN4Aoh8nswcIhuVvyusrv4mO7KD96aUl9uMNP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1ANmh1iYRxCja2FVI2UF-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUI-hKWU3uEE54PYgs8ac-VjI18S400G1EkyGqtq3O5OgMlc_BmFMsX2BjjSN4Aoh8nswcIhuVvyusrv4mO7KD96aUl9uMNP

Request Chain 209

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBhQXofN8uuTgX5yyx-9_n4&google_cver=1&google_push=AQvitUIeTV4zNkna-8r66os09T4gcC1ZHWFAoQ5H9WmKrXUvjyQ7atX6JcryN0iSqX759Sry9Ou1_TZpQ906swd3p3dqKhYa7zBt HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A2WDAwMkktMUEtRjNBSw==&google_push=AQvitUIeTV4zNkna-8r66os09T4gcC1ZHWFAoQ5H9WmKrXUvjyQ7atX6JcryN0iSqX759Sry9Ou1_TZpQ906swd3p3dqKhYa7zBt

Request Chain 210

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo&google_cver=1&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo

Request Chain 212

https://www.awin1.com/cshow.php?s=2846679&v=14098&q=409715&r=296283&pref1=16121600137314902179201011607009&pv=0 HTTP 302
https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kis_160x600px.jpg

227 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
xn--m9jp9mi8fra1016gid0b.net/
Redirect Chain

http://xn--m9jp9mi8fra1016gid0b.net/
https://xn--m9jp9mi8fra1016gid0b.net/

42 KB
9 KB

1326ms
680ms

Document
text/html

183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 33baeb718e9e7702ced289cf7b741dce725669aaa897f11638fe824e89cd2b91

Request headers

:method: GET
:authority: xn--m9jp9mi8fra1016gid0b.net
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx
date: Thu, 27 May 2021 13:11:00 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
link: <https://xn--m9jp9mi8fra1016gid0b.net/wp-json/>; rel="https://api.w.org/", <https://wp.me/635ob>; rel=shortlink
content-encoding: gzip

Redirect headers

Server: nginx
Date: Thu, 27 May 2021 13:10:59 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 245
Connection: keep-alive
Location: https://xn--m9jp9mi8fra1016gid0b.net/

GET
H2 200 autoptimize_84ec018d7035980dad00cc32e128de04.css
xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/ 226 KB
36 KB 324ms
322ms Stylesheet
text/css 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 06c13db744463f6c195418a62a7f219a2f7fb02610627cced7d12caaa1f08463

Request headers

:path: /wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:01 GMT
content-encoding: gzip
last-modified: Sat, 15 Feb 2020 03:17:25 GMT
server: nginx
etag: W/"386c0-59e94c2dd877b"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=30672000, public, immutable
expires: Tue, 17 May 2022 13:11:01 GMT

GET
H2 200 jquery-1.8.1.min.js Show response
code.jquery.com/ 91 KB
33 KB 9ms
7ms Script
application/javascript 2001:4de0:ac18::1:a:3b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.8.1.min.js
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: fc184f96dd18794e204c41075a00923be7e8e568744231d74f2fdf8921f78d29

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:02 GMT
content-encoding: gzip
last-modified: Fri, 24 Oct 2014 00:16:07 GMT
server: nginx
etag: W/"54499a47-16a78"
vary: Accept-Encoding
x-hw: 1622121062.dop149.fr8.t,1622121062.cds259.fr8.hc,1622121062.cds268.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 33175

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.8.3/ 91 KB
33 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js?ver=1.8.3

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 08:50:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102026
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33593
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 26 May 2022 08:50:36 GMT

GET
H2 200 subMenu.js Show response
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/js/ 93 B
234 B 323ms
321ms Script
application/javascript 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/js/subMenu.js
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 4673ebe70a556c4cc907cc87271b8cfa491c397fcc8785a6da52ed03f4ad7b1b

Request headers

:path: /wp-content/themes/01the_world_default/js/subMenu.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:01 GMT
last-modified: Wed, 12 Sep 2018 11:55:04 GMT
server: nginx
accept-ranges: bytes
etag: "5d-575ab42d2e194"
content-length: 93
content-type: application/javascript

GET
H2 200 smoothscroll.js Show response
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/js/ 4 KB
2 KB 323ms
322ms Script
application/javascript 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/js/smoothscroll.js
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: d92264da65d318e658fc1b2d8210382089ab290c8bade5b45e0a5b979ccc1374

Request headers

:path: /wp-content/themes/01the_world_default/js/smoothscroll.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:01 GMT
content-encoding: gzip
last-modified: Wed, 12 Sep 2018 11:55:04 GMT
server: nginx
etag: W/"10a8-575ab42d2ce0c"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 homing.js Show response
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/js/ 2 KB
1000 B 323ms
322ms Script
application/javascript 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/js/homing.js
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 230143c7f608c219bf74c4b298c1b7e548eb4e2b177354a354ca3458420a14cf

Request headers

:path: /wp-content/themes/01the_world_default/js/homing.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:01 GMT
content-encoding: gzip
last-modified: Wed, 12 Sep 2018 11:55:04 GMT
server: nginx
etag: W/"6c8-575ab42cffb64"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 10ms
5ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 2651
date: Thu, 27 May 2021 12:26:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Thu, 27 May 2021 14:26:52 GMT

GET
H2 200 jquery.js Show response
xn--m9jp9mi8fra1016gid0b.net/wp-includes/js/jquery/ 95 KB
39 KB 327ms
326ms Script
application/javascript 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-includes/js/jquery/jquery.js?ver=1.12.4
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: cf34e1b87bbfd9d9b185dec994924a496e279d8dc9387ad8d35bc0110134c4d3

Request headers

:path: /wp-includes/js/jquery/jquery.js?ver=1.12.4
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:01 GMT
content-encoding: gzip
last-modified: Thu, 05 Sep 2019 12:09:41 GMT
server: nginx
etag: W/"17a6a-591cd3241d523"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 jquery-migrate.min.js Show response
xn--m9jp9mi8fra1016gid0b.net/wp-includes/js/jquery/ 10 KB
4 KB 327ms
326ms Script
application/javascript 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

:path: /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:01 GMT
content-encoding: gzip
last-modified: Thu, 22 Jun 2017 05:33:09 GMT
server: nginx
etag: W/"2748-55285d1e6bc50"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 133 KB
47 KB 28ms
24ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ff47eb1f953376d34de66f8e75b913034a9ed88ca290bcff2b3c943e8ad821d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48322
x-xss-protection: 0
server: cafe
etag: 9464164001252721547
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 27 May 2021 13:11:03 GMT

GET
H2 200 1.png
xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2015/01/ 147 KB
147 KB 306ms
302ms Image
image/png 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2015/01/1.png
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 5df66831e6042706636f0229e278d8bb956ae50e09e1b7c49130a08733b61436

Request headers

:path: /wp-content/uploads/2015/01/1.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:02 GMT
last-modified: Thu, 22 Jun 2017 04:46:09 GMT
server: nginx
accept-ranges: bytes
etag: "24afb-5528529d64b1e"
content-length: 150267
content-type: image/png

GET
H2 200 ajisai-aka.jpg
i1.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2018/06/ 822 B
998 B 26ms
23ms Image
image/webp 192.0.77.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2018/06/ajisai-aka.jpg?resize=40%2C40&ssl=1

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN (),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

06da78a3e63fff3af51db5988fdb0a2d605936612822d8edcb0815bee28cd80a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 5
date: Thu, 27 May 2021 13:11:03 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Mar 2021 10:19:08 GMT
server: nginx
etag: "f8e51383f119682a"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2018/06/ajisai-aka.jpg>; rel="canonical"
content-length: 822
expires: Sat, 25 Mar 2023 22:19:08 GMT

GET
H2 200 sasiki.jpg
i1.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2018/07/ 796 B
990 B 26ms
22ms Image
image/webp 192.0.77.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2018/07/sasiki.jpg?resize=40%2C40&ssl=1

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN (),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

fdb7665251ed2d54963505f180dad86b307613ef25f1c63f6f896b22141562f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 4
date: Thu, 27 May 2021 13:11:03 GMT
x-content-type-options: nosniff
last-modified: Mon, 15 Feb 2021 16:42:36 GMT
server: nginx
etag: "36914941c46972a0"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2018/07/sasiki.jpg>; rel="canonical"
content-length: 796
expires: Thu, 16 Feb 2023 04:42:36 GMT

GET
H2 200 ajisai-hatiue003.jpg
i2.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2017/01/ 976 B
1 KB 27ms
23ms Image
image/webp 192.0.77.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2017/01/ajisai-hatiue003.jpg?resize=40%2C40&ssl=1

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN (),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

041cd8409312005124f459ea808587d620cdaeabd70bf272d6998555b0edb4fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 5
date: Thu, 27 May 2021 13:11:03 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Mar 2021 10:19:08 GMT
server: nginx
etag: "d8e3f4c33199d0d4"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2017/01/ajisai-hatiue003.jpg>; rel="canonical"
content-length: 976
expires: Sat, 25 Mar 2023 22:19:08 GMT

GET
H2 200 tamaajisai001.jpg
i0.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2018/06/ 906 B
1 KB 27ms
24ms Image
image/webp 192.0.77.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2018/06/tamaajisai001.jpg?resize=40%2C40&ssl=1

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN (),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

42a8c96eb6ee70d610080405c855a78b19fb7eef807a753681567afe3b91f16c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 3
date: Thu, 27 May 2021 13:11:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 11 May 2021 10:14:02 GMT
server: nginx
etag: "c698489696737984"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2018/06/tamaajisai001.jpg>; rel="canonical"
content-length: 906
expires: Thu, 11 May 2023 22:14:02 GMT

GET
H2 200 ajisai00.jpg
i2.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2018/06/ 662 B
865 B 26ms
23ms Image
image/webp 192.0.77.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2018/06/ajisai00.jpg?resize=40%2C40&ssl=1

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN (),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

a6cef3848ae7f5956dcab36c6fd62af7e2f3dcc0dc537b1fd1237f4603868393

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Thu, 27 May 2021 13:11:03 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 19:23:17 GMT
server: nginx
etag: "e56fc24861ec3e7f"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2018/06/ajisai00.jpg>; rel="canonical"
content-length: 662
expires: Thu, 18 May 2023 07:23:17 GMT

GET
H2 200 button-only.gif
b.st-hatena.com/images/entry-button/ 254 B
710 B 99ms
33ms Image
image/gif 13.226.159.91

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.st-hatena.com/images/entry-button/button-only.gif

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.159.91 , United States, ASN (),

Reverse DNS

server-13-226-159-91.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

cecced3759ead676c01a7fa67745175f258e1cf40bac53e54a958236c65180ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 10 Feb 2021 00:49:30 GMT
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
age: 9202892
x-cache: Hit from cloudfront
content-length: 254
last-modified: Wed, 13 May 2020 05:44:30 GMT
server: nginx
etag: "5ebb893e-fe"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
access-control-allow-origin: https://b.hatena.ne.jp
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
x-amz-cf-id: WJfuahrcjJv-WWUivimrX8yQqURidzmBmh2zxrNGC5O0lq_XKxZSIg==
expires: Thu, 10 Feb 2022 00:49:30 GMT

GET
H2 200 bookmark_button.js Show response
b.st-hatena.com/js/ 35 KB
11 KB 96ms
47ms Script
application/x-javascript 13.226.159.91

General

Check archive.org

Show headers Download Go to

Full URL

https://b.st-hatena.com/js/bookmark_button.js

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.159.91 , United States, ASN (),

Reverse DNS

server-13-226-159-91.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

f5533dc1e890e99b74930d8f462d013ad2aeff9a6fb7f673ce6eba3deb107ae7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
etag: W/"60adde51-8af2"
age: 9949
x-cache: Hit from cloudfront
access-control-allow-origin: https://b.hatena.ne.jp
last-modified: Wed, 26 May 2021 05:36:17 GMT
server: nginx
date: Thu, 27 May 2021 10:25:14 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: TjG-Lw_NuosPLzRwMWT2nJcVZ1FPer-vGNPAUpvzMMx2G47D8_Z37w==
expires: Fri, 28 May 2021 10:25:14 GMT

GET
H2 200 plusone.js Show response
apis.google.com/js/ 54 KB
21 KB 28ms
28ms Script
application/javascript 2a00:1450:4001:812::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/plusone.js

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

ESF /

Resource Hash

4d097a0116293da844fdeeaa11f41dd941e511e6df699ff2195e8499de8a42fd

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-GPHXUScKLr7hLPlNv5tpGA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "920a6e51949cf2eec053a3396b28fac1"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-GPHXUScKLr7hLPlNv5tpGA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Thu, 27 May 2021 13:11:02 GMT

GET
H2 200 Choco-Chic-White.jpg
i2.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2021/05/ 30 KB
30 KB 1819ms
1817ms Image
image/webp 192.0.77.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2021/05/Choco-Chic-White.jpg?w=450&ssl=1

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN (),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

493c774a343778ffd0dd16e715f0c639cf1ccacdd8be1c10dc6d41efb5241043

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 7
date: Thu, 27 May 2021 13:11:04 GMT
x-content-type-options: nosniff
last-modified: Thu, 27 May 2021 13:11:04 GMT
server: nginx
etag: "15925b7f59e3fc8f"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2021/05/Choco-Chic-White.jpg>; rel="canonical"
content-length: 30434
expires: Sun, 28 May 2023 01:11:04 GMT

GET
H2 200 ajisai001.jpg
i2.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2020/09/ 31 KB
31 KB 1583ms
1581ms Image
image/webp 192.0.77.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2020/09/ajisai001.jpg?w=640&ssl=1

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN (),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

1827c1f5a5efdb274086bf7e0aaa0d7f8baba8a793edec11c24afb7c0d24f1a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 5
date: Thu, 27 May 2021 13:11:04 GMT
x-content-type-options: nosniff
last-modified: Thu, 27 May 2021 13:11:04 GMT
server: nginx
etag: "88a71c8a13c87fea"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2020/09/ajisai001.jpg>; rel="canonical"
content-length: 31824
expires: Sun, 28 May 2023 01:11:04 GMT

GET
H2 200 hatukoi003.jpg
i1.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2017/06/ 32 KB
33 KB 1575ms
1573ms Image
image/webp 192.0.77.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2017/06/hatukoi003.jpg?w=450&ssl=1

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN (),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

ab3f982a1a88a14ca563f14cdea36500351db129dfe91fc4e134285d129cbd5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 5
date: Thu, 27 May 2021 13:11:04 GMT
x-content-type-options: nosniff
last-modified: Thu, 27 May 2021 13:11:04 GMT
server: nginx
etag: "e64123fddfb01a5f"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2017/06/hatukoi003.jpg>; rel="canonical"
content-length: 33184
expires: Sun, 28 May 2023 01:11:04 GMT

GET
H2 200 ajisai-niwa003.jpg
i1.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2020/08/ 874 B
1 KB 25ms
23ms Image
image/webp 192.0.77.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2020/08/ajisai-niwa003.jpg?resize=40%2C40&ssl=1

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN (),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

9c72c6fa4cc5eae9e3ccb121bb7586390b975fd9289345f1287c4c879b3f7689

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 5
date: Thu, 27 May 2021 13:11:03 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 19:23:17 GMT
server: nginx
etag: "3a0a0cf225adf6dd"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2020/08/ajisai-niwa003.jpg>; rel="canonical"
content-length: 874
expires: Thu, 18 May 2023 07:23:17 GMT

GET
H2 200 ajisai.jpg
i2.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2015/06/ 1 KB
1 KB 23ms
23ms Image
image/webp 192.0.77.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2015/06/ajisai.jpg?resize=40%2C40&ssl=1

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN (),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

9535a88a3e3d1cfae3cbcb5e511f4e2cc09d80c6e312708af388d18ff7c3d190

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 5
date: Thu, 27 May 2021 13:11:03 GMT
x-content-type-options: nosniff
last-modified: Thu, 27 May 2021 13:10:29 GMT
server: nginx
etag: "d188da4456d23633"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://xn--m9jp9mi8fra1016gid0b.net/wp-content/uploads/2015/06/ajisai.jpg>; rel="canonical"
content-length: 1040
expires: Sun, 28 May 2023 01:10:29 GMT

GET
H2

200

88_31.gif
b.blogmura.com/flower/
Redirect Chain

https://flower.blogmura.com/img/flower88_31.gif
https://b.blogmura.com/flower/88_31.gif

2 KB
3 KB

131ms
43ms

Image
image/gif

13.224.195.17

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b.blogmura.com/flower/88_31.gif
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.17 , United States, ASN (),
Reverse DNS: server-13-224-195-17.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fa03170fd683d0784207a08315cfa8a9f83401c4fa6abfccc72a7cc02ee3dfab

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Jan 2021 01:40:54 GMT
via: 1.1 1ac3fd533bf6be1b511077f8b8e23bfd.cloudfront.net (CloudFront)
last-modified: Wed, 03 Apr 2019 02:41:08 GMT
server: AmazonS3
age: 10236611
etag: "be514fb59710b5ba82252bf106b6b54c"
x-cache: Hit from cloudfront
content-type: image/gif
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-length: 2556
x-amz-cf-id: kS61pjl82BZmmUaGS3Ubk6IBO40CmLHtldHGWPRTBo9nxcfolD4HaQ==

Redirect headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:03 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-language: en-US
location: https://b.blogmura.com/flower/88_31.gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
strict-transport-security: max-age=31536000 ; includeSubDomains
content-length: 0
x-xss-protection: 1; mode=block
expires: 0

GET
H/1.1 200
OK br_c_2191_1.gif
blog.with2.net/img/banner/c/banner_1/ 3 KB
3 KB 1155ms
284ms Image
image/gif 153.120.49.76
SAKURA-A SAKURA I...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.with2.net/img/banner/c/banner_1/br_c_2191_1.gif
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 153.120.49.76 , Japan, ASN7684 (SAKURA-A SAKURA Internet Inc., JP),
Reverse DNS: www28.with2.net
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 8ac8403b25bd046c25821ac494770d24d884f3e196627c7c23e374ecda9c6a78

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 27 May 2021 13:11:04 GMT
Last-Modified: Tue, 24 Jan 2012 08:18:22 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "8827f3-a3c-4b741ca526f80"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=100
Content-Length: 2620

GET
H2 200 photon.min.js Show response
xn--m9jp9mi8fra1016gid0b.net/wp-content/plugins/jetpack/_inc/build/photon/ 580 B
723 B 327ms
326ms Script
application/javascript 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20130122
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: f5fa487416676288b5e92b1530f85fbc61d2875f4a74926affa77be11223cfe9

Request headers

:path: /wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20130122
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:01 GMT
last-modified: Sat, 23 Nov 2019 12:09:44 GMT
server: nginx
accept-ranges: bytes
etag: "244-5980267f4278d"
content-length: 580
content-type: application/javascript

GET
H2 200 devicepx-jetpack.js Show response
s0.wp.com/wp-content/js/ 10 KB
3 KB 149ms
23ms Script
application/javascript 192.0.77.32

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=202121
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN (),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f32d41f2099a0be20e6b57c5e0d1b71c079d3e1345827b0f5c5b97c6e5e3f78d

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Thu, 27 May 2021 13:11:03 GMT
content-encoding: gzip
server: nginx
etag: W/"5867460b-52b6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Mon, 23 May 2022 14:26:00 GMT

GET
H2 200 wp-embed.min.js Show response
xn--m9jp9mi8fra1016gid0b.net/wp-includes/js/ 1 KB
907 B 307ms
302ms Script
application/javascript 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-includes/js/wp-embed.min.js?ver=4.9.18
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 5138d39633dc69fcd0ed7f33a5e38dc339123f682fa7f5242066879c2bbc8c9b

Request headers

:path: /wp-includes/js/wp-embed.min.js?ver=4.9.18
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:02 GMT
content-encoding: gzip
last-modified: Thu, 15 Apr 2021 12:09:45 GMT
server: nginx
etag: W/"56f-5c001bd38b4a7"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 e-202121.js Show response
stats.wp.com/ 9 KB
3 KB 24ms
23ms Script
application/javascript 192.0.76.3

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202121.js
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams
date: Thu, 27 May 2021 13:11:03 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 15 May 2022 22:04:32 GMT

GET
H2 200 wp-emoji-release.min.js Show response
xn--m9jp9mi8fra1016gid0b.net/wp-includes/js/ 12 KB
5 KB 295ms
293ms Script
application/javascript 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-includes/js/wp-emoji-release.min.js?ver=4.9.18
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 647a6b36f3fd1f21bae171270111096b4613c23a47e6621628a51bae9c82b0b7

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=4.9.18
pragma: no-cache
cookie: _ga=GA1.2.838000433.1622121063; _gid=GA1.2.2024695584.1622121063; _gat=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:02 GMT
content-encoding: gzip
last-modified: Thu, 15 Apr 2021 12:09:45 GMT
server: nginx
etag: W/"2ea7-5c001bd38b4a7"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 404 h2mark.png
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/ 22 KB
22 KB 620ms
619ms Image
text/html 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/h2mark.png
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 77760d7f202b6173b466dbfffe1b9a36cdd3a1bdda38c289832a564f169abbe4

Request headers

:path: /wp-content/themes/01the_world_default/img/h2mark.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:02 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://xn--m9jp9mi8fra1016gid0b.net/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 shadow.png
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/ 1 KB
1 KB 496ms
495ms Image
image/png 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/shadow.png
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: df6068c3f6c9e2b0636aab93e76e970992232b16720340cbaf021686b6b91e13

Request headers

:path: /wp-content/themes/01the_world_default/img/shadow.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:02 GMT
last-modified: Wed, 12 Sep 2018 11:55:03 GMT
server: nginx
accept-ranges: bytes
etag: "414-575ab42c8853c"
content-length: 1044
content-type: image/png

GET
H2 200 g_line.png
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/ 943 B
1 KB 496ms
495ms Image
image/png 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/g_line.png
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: df401b0b87a9287a304dbef19b59a0abd05941a7346822ffde41475a1b4745e4

Request headers

:path: /wp-content/themes/01the_world_default/img/g_line.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:02 GMT
last-modified: Wed, 12 Sep 2018 11:55:03 GMT
server: nginx
accept-ranges: bytes
etag: "3af-575ab42c41484"
content-length: 943
content-type: image/png

GET
H2 200 imb_back.png
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/ 1 KB
1 KB 496ms
495ms Image
image/png 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/imb_back.png
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 899dcf7138f61a53ca5f3efc0faa08eeb9f26c928f2535ee107f06edb0b7ddc8

Request headers

:path: /wp-content/themes/01the_world_default/img/imb_back.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:02 GMT
last-modified: Wed, 12 Sep 2018 11:55:03 GMT
server: nginx
accept-ranges: bytes
etag: "40d-575ab42c306fc"
content-length: 1037
content-type: image/png

GET
H2 200 st.png
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/ 961 B
1 KB 496ms
495ms Image
image/png 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/st.png
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 32691cdd576bc9ef3a500e0de9b468fd8638cd89d978fab7912cbc864a306b74

Request headers

:path: /wp-content/themes/01the_world_default/img/st.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:02 GMT
last-modified: Wed, 12 Sep 2018 11:55:04 GMT
server: nginx
accept-ranges: bytes
etag: "3c1-575ab42cbcd14"
content-length: 961
content-type: image/png

GET
H2 200 clear.png
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/ 935 B
1 KB 497ms
495ms Image
image/png 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/clear.png
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 40e054e66bd00544bbe94f84ab2cb916beccbb74115d9412a31815427b8ac15f

Request headers

:path: /wp-content/themes/01the_world_default/img/clear.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:02 GMT
last-modified: Wed, 12 Sep 2018 11:55:02 GMT
server: nginx
accept-ranges: bytes
etag: "3a7-575ab42ae467c"
content-length: 935
content-type: image/png

GET
H2 200 all.js Show response
connect.facebook.net/ja_JP/ 3 KB
2 KB 17ms
16ms Script
application/x-javascript 2a03:2880:f030:13:face:b00c:0:3

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/ja_JP/all.js

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f030:13:face:b00c:0:3 , France, ASN (),

Reverse DNS

Software

Resource Hash

e8ca9742cc9592619de7ebfd700d8c40a5c3cab2d1b16ca1a4d157b853176a5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 35d3PJDArpEvAqMYdB4tKQ==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1778
x-fb-rlafr: 0
x-fb-debug: eAejkPj+Y+eDsTNaW6ePV3ZskuyRZzeDMz09KhvZLoM9oatJ+NHkoS44R8Y6Q8/S8p19cg20nC0eoDdxCqKr4A==
x-fb-trip-id: 686109401
x-fb-content-md5: 9c213c080ed0751fc6687e1c6491e2ec
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Thu, 27 May 2021 13:11:03 GMT
vary: Accept-Encoding
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "f3ac349bd91e2a5e683852c2334fdfa2"
timing-allow-origin: *
priority: u=3,i
expires: Thu, 27 May 2021 13:28:24 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 28ms
7ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN (),
Reverse DNS
Software: ECS (frb/67F3) /
Resource Hash: a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 27 May 2021 13:11:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:57:32 GMT
Server: ECS (frb/67F3)
Age: 874
Etag: "9eb59e5602fef4b3ebf6090856ff21db+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28779

GET
H3-29 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/ 142 KB
50 KB 32ms
6ms Script
text/javascript 2a00:1450:4001:812::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

187e5ab1d37aaa4779205fddec1d0bd632c73ba09db7590c8f79bc238557932f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 03:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 19 May 2021 15:07:34 GMT
server: sffe
age: 36013
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51027
x-xss-protection: 0
expires: Fri, 27 May 2022 03:10:50 GMT

GET
H2 404 h3back.png
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/ 22 KB
22 KB 689ms
689ms Image
text/html 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/h3back.png
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: b22afdbbbfcf73cd99ffe6d477ab57e4d5061e4d06e5d6739bc19b99511e26b5

Request headers

:path: /wp-content/themes/01the_world_default/img/h3back.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:02 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://xn--m9jp9mi8fra1016gid0b.net/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 arrow_on.png
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/blue/ 1 KB
1 KB 403ms
402ms Image
image/png 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/blue/arrow_on.png
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 43fb0402bedc54f7d48e83bf34ebd376b4662dd9d79c8f28bfc89c79ad6a527c

Request headers

:path: /wp-content/themes/01the_world_default/img/blue/arrow_on.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:02 GMT
last-modified: Wed, 12 Sep 2018 11:55:12 GMT
server: nginx
accept-ranges: bytes
etag: "402-575ab434cf394"
content-length: 1026
content-type: image/png

GET
H2 200 next_shadow.png
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/ 1 KB
2 KB 294ms
293ms Image
image/png 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/next_shadow.png
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 66503281fdad2cec090b988eb755fc220e78cd05f9681c79ae5da4601f05ebc0

Request headers

:path: /wp-content/themes/01the_world_default/img/next_shadow.png
pragma: no-cache
cookie: _ga=GA1.2.838000433.1622121063; _gid=GA1.2.2024695584.1622121063; _gat=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:02 GMT
last-modified: Wed, 12 Sep 2018 11:55:03 GMT
server: nginx
accept-ranges: bytes
etag: "5ff-575ab42c3c664"
content-length: 1535
content-type: image/png

GET
H2 200 tag.png
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/ 1 KB
1 KB 294ms
293ms Image
image/png 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/tag.png
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 086afeb157771a7275f4f8d7be68e67011fb030b35eccc6ff9de2121291e3ddb

Request headers

:path: /wp-content/themes/01the_world_default/img/tag.png
pragma: no-cache
cookie: _ga=GA1.2.838000433.1622121063; _gid=GA1.2.2024695584.1622121063; _gat=1; __gads=ID=28f95bde12bad382-225f2b981ec80036:T=1622121063:RT=1622121063:S=ALNI_MZ6n3Avyu_Qk7kyGmEyGhq6gsjcFg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:02 GMT
last-modified: Wed, 12 Sep 2018 11:55:03 GMT
server: nginx
accept-ranges: bytes
etag: "47a-575ab42cacb44"
content-length: 1146
content-type: image/png

GET
H2 200 category.png
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/ 1011 B
1 KB 294ms
293ms Image
image/png 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/category.png
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 419ed38c05ae1faa42723b80a53b7441984cecb4fa1eec819e11e29ad08b6d16

Request headers

:path: /wp-content/themes/01the_world_default/img/category.png
pragma: no-cache
cookie: _ga=GA1.2.838000433.1622121063; _gid=GA1.2.2024695584.1622121063; _gat=1; __gads=ID=28f95bde12bad382-225f2b981ec80036:T=1622121063:RT=1622121063:S=ALNI_MZ6n3Avyu_Qk7kyGmEyGhq6gsjcFg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:02 GMT
last-modified: Wed, 12 Sep 2018 11:55:02 GMT
server: nginx
accept-ranges: bytes
etag: "3f3-575ab42ae6d8c"
content-length: 1011
content-type: image/png

GET
H3-29 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/ 97 KB
34 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/cb=gapi.loaded_1

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

b1d498e3e12268c6a8b066ddb3468f90be4471748e97e4cebdd4d11d5dc55f2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 20 May 2021 18:28:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 20:19:21 GMT
server: sffe
age: 585724
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34410
x-xss-protection: 0
expires: Fri, 20 May 2022 18:28:59 GMT

GET
H3-29 403 fastbutton Show response
apis.google.com/se/0/_/+1/ Frame 3AC2 1 KB
1 KB 229ms
228ms Document
text/html 2a00:1450:4001:812::200e

General

Check archive.org

Show headers Download Go to

Full URL: https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=ja&origin=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.p7L79FLXQCw.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g%2Fm%3D__features__
Requested by: Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash: 9010e5a841cf0acfb13facfaa2c3318bc8118020ec071d15de099eb9a628fd01

Request headers

:method: GET
:authority: apis.google.com
:scheme: https
:path: /se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=ja&origin=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.p7L79FLXQCw.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=216=HL3IAgWED48CFHw6FI7EoMP6KsJPRnaSjWgQPjkKtDU2i6WWuFwTWDVx-kVB0LMir3X4PfmoXkgQaXj4dY0WbHN6QMp66grObzCrXYSYpvCDPzOKB-WAALbaBkflW0ceZ1EUcg5aJa__tjXObmxy8pZePMZRZbdz2UBvR3Q-y6A
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

content-length: 1103
content-type: text/html; charset=UTF-8
date: Thu, 27 May 2021 13:11:03 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 404 fastbutton Show response
apis.google.com/se/0/_/+1/ Frame EAD4 2 KB
913 B 25ms
25ms Document
text/html 2a00:1450:4001:812::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=ja&origin=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.p7L79FLXQCw.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

ESF /

Resource Hash

ac7447dbe84475daef4044da17c5effe6b719390fe5823995e0182fdaf6a16db

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-biUgqLGZyuU6UgYY/HHrgw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: apis.google.com
:scheme: https
:path: /se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=ja&origin=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.p7L79FLXQCw.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=216=HL3IAgWED48CFHw6FI7EoMP6KsJPRnaSjWgQPjkKtDU2i6WWuFwTWDVx-kVB0LMir3X4PfmoXkgQaXj4dY0WbHN6QMp66grObzCrXYSYpvCDPzOKB-WAALbaBkflW0ceZ1EUcg5aJa__tjXObmxy8pZePMZRZbdz2UBvR3Q-y6A
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 27 May 2021 13:11:03 GMT
content-security-policy: script-src 'report-sample' 'nonce-biUgqLGZyuU6UgYY/HHrgw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 404 back1.png
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/ 22 KB
22 KB 697ms
696ms Image
text/html 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/back1.png
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 24361adc71aaade43c12ed409b98e263a08170fec8f948d9f4aa8a638f6db240

Request headers

:path: /wp-content/themes/01the_world_default/img/back1.png
pragma: no-cache
cookie: _ga=GA1.2.838000433.1622121063; _gid=GA1.2.2024695584.1622121063; _gat=1; __gads=ID=28f95bde12bad382-225f2b981ec80036:T=1622121063:RT=1622121063:S=ALNI_MZ6n3Avyu_Qk7kyGmEyGhq6gsjcFg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:03 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://xn--m9jp9mi8fra1016gid0b.net/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 14ms
14ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=15458963&t=pageview&_s=1&dl=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&ul=en-us&de=UTF-8&dt=%E3%82%A2%E3%82%B8%E3%82%B5%E3%82%A4%E3%81%AE%E8%82%B2%E3%81%A6%E6%96%B9.net%20%7C%20%E3%82%A2%E3%82%B8%E3%82%B5%E3%82%A4%E3%81%AE%E3%82%8F%E3%81%8B%E3%82%8A%E3%82%84%E3%81%99%E3%81%84%E8%82%B2%E3%81%A6%E6%96%B9%E3%80%81%E7%A8%AE%E3%81%BE%E3%81%8D%E3%83%BB%E6%8C%BF%E3%81%97%E6%9C%A8%E3%81%8B%E3%82%89%E5%89%AA%E5%AE%9A%E3%81%BE%E3%81%A7%E3%80%82&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=186219775&gjid=1039044716&cid=838000433.1622121063&tid=UA-42342128-8&_gid=2024695584.1622121063&_r=1&_slc=1&z=160605398

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://xn--m9jp9mi8fra1016gid0b.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210524/r20190131/ 232 KB
86 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:809::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210524/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3001968804654785&plah=xn--m9jp9mi8fra1016gid0b.net&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

8d7401bef80e31a1aa3a2d1daab189dfba7f02a21e7cfef216e011f0c05a74da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87658
x-xss-protection: 0
server: cafe
etag: 5316214545020586774
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 27 May 2021 13:11:03 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210524/r20190131/ Frame 4D9E 10 KB
4 KB 5ms
5ms Document
text/html 2a00:1450:4001:82f::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210524/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210524/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 26 May 2021 20:29:24 GMT
expires: Wed, 09 Jun 2021 20:29:24 GMT
content-type: text/html; charset=UTF-8
etag: 15349191498103243965
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4506
x-xss-protection: 0
age: 60099
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 all.js Show response
connect.facebook.net/ja_JP/ 218 KB
64 KB 18ms
18ms Script
application/x-javascript 2a03:2880:f030:13:face:b00c:0:3

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/ja_JP/all.js?hash=dec8c7babd099aee209dfe36f9b7df8f&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/ja_JP/all.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f030:13:face:b00c:0:3 , France, ASN (),

Reverse DNS

Software

Resource Hash

ec2a96acb07f2aeded27bb5f70c80631535b7460526e371d8d0a1427a96a810a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://xn--m9jp9mi8fra1016gid0b.net
Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 6FDeMIpjOXS166S4smAFwA==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 65785
x-fb-rlafr: 0
x-fb-debug: 2EiJoTkRrEwL4lePqngzuerLjenzzfzoxwgYDCDplU0yEyl2+YYDSQ6Xt3wncwGMwH3kdFsfTZjvZDdG+P9mOg==
x-fb-content-md5: 25390730d35b87b87b3a6bb01003befe
x-frame-options: DENY
date: Thu, 27 May 2021 13:11:03 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "ce3dc953650614be23e84cbac9288483"
timing-allow-origin: *
priority: u=3,i
expires: Fri, 27 May 2022 11:55:30 GMT

GET
H2 200 / Show response
b.hatena.ne.jp/entry/button/ Frame 47EF 2 KB
1 KB 357ms
288ms Document
text/html 13.226.159.42

General

Check archive.org

Show headers Download Go to

Full URL

https://b.hatena.ne.jp/entry/button/?url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e3%2583%2581%25e3%2583%25a7%25e3%2582%25b3%25e3%2583%2581%25e3%2583%2583%25e3%2582%25af%25e3%2583%259b%25e3%2583%25af%25e3%2582%25a4%25e3%2583%2588.html&mode=popup

Requested by

Host: b.st-hatena.com
URL: https://b.st-hatena.com/js/bookmark_button.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.159.42 , United States, ASN (),

Reverse DNS

server-13-226-159-42.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

2d91679789e8dd39cea52232a4de3cb5ac3a45e882b310e844ef2ab0546e1363

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: b.hatena.ne.jp
:scheme: https
:path: /entry/button/?url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e3%2583%2581%25e3%2583%25a7%25e3%2582%25b3%25e3%2583%2581%25e3%2583%2583%25e3%2582%25af%25e3%2583%259b%25e3%2583%25af%25e3%2582%25a4%25e3%2583%2588.html&mode=popup
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

content-type: text/html; charset=utf-8
date: Thu, 27 May 2021 13:11:03 GMT
server: nginx
cache-control: public, max-age=3600, s-maxage=3600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 8ad073ef904d92431b3428f3430707af.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: VRr4eS3sYW5pppKPj0gBY0EeopKC8inTOOxp0x2srZzd4p7J7I9I1w==

GET
H2 200 / Show response
b.hatena.ne.jp/entry/button/ Frame F88B 2 KB
1 KB 384ms
315ms Document
text/html 13.226.159.42

General

Check archive.org

Show headers Download Go to

Full URL

https://b.hatena.ne.jp/entry/button/?url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e6%25a0%25bd%25e5%259f%25b9-qa%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4-%25e8%2582%25b2%25e3%2581%25a6%25e3%2582%2584%25e3%2581%2599%25e3%2581%2584%25ef%25bc%259f.html&mode=popup

Requested by

Host: b.st-hatena.com
URL: https://b.st-hatena.com/js/bookmark_button.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.159.42 , United States, ASN (),

Reverse DNS

server-13-226-159-42.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

e1da9a546b794dbbbe152839024bd4d82e5e93aad6ea737e1e10d5879f70ae46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: b.hatena.ne.jp
:scheme: https
:path: /entry/button/?url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e6%25a0%25bd%25e5%259f%25b9-qa%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4-%25e8%2582%25b2%25e3%2581%25a6%25e3%2582%2584%25e3%2581%2599%25e3%2581%2584%25ef%25bc%259f.html&mode=popup
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

content-type: text/html; charset=utf-8
date: Thu, 27 May 2021 13:11:03 GMT
server: nginx
cache-control: public, max-age=3600, s-maxage=3600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 8ad073ef904d92431b3428f3430707af.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: jGoB9VQfx0spJ1x5BaAqmBr-HOqVwPs9cVYEc73f_UBlwbK8l9Ujog==

GET
H2 200 / Show response
b.hatena.ne.jp/entry/button/ Frame AE26 1 KB
1 KB 348ms
281ms Document
text/html 13.226.159.42

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: b.st-hatena.com
URL: https://b.st-hatena.com/js/bookmark_button.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.159.42 , United States, ASN (),

Reverse DNS

server-13-226-159-42.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

c91eb84c03f861486dccd5c911f53732a9249b2a38c68bef09e1dcda1d073686

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: b.hatena.ne.jp
:scheme: https
:path: /entry/button/?url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e5%2588%259d%25e6%2581%258b.html&mode=popup
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

content-type: text/html; charset=utf-8
date: Thu, 27 May 2021 13:11:03 GMT
server: nginx
cache-control: public, max-age=3600, s-maxage=3600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 8ad073ef904d92431b3428f3430707af.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: TojrJfI_VqSskTmV3LJHZ2_4QN7WVqnymuoHiIBd-mBe-3z76a9sag==

GET
H2 200 dot_side.png
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/blue/ 1 KB
2 KB 291ms
291ms Image
image/png 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/blue/dot_side.png
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 2fd86087ffe96e1c8d6602817635a56e8de6069ba16fdb9c76af8ec23def8dab

Request headers

:path: /wp-content/themes/01the_world_default/img/blue/dot_side.png
pragma: no-cache
cookie: _ga=GA1.2.838000433.1622121063; _gid=GA1.2.2024695584.1622121063; _gat=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:02 GMT
last-modified: Wed, 12 Sep 2018 11:55:13 GMT
server: nginx
accept-ranges: bytes
etag: "5c5-575ab4354330c"
content-length: 1477
content-type: image/png

GET
H2 200 side_ul.png
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/ 1017 B
1 KB 292ms
291ms Image
image/png 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/side_ul.png
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: e60c50fa59646d7f3f5f388c0ab2cf2bee2597780437470133f42fc8d5240425

Request headers

:path: /wp-content/themes/01the_world_default/img/side_ul.png
pragma: no-cache
cookie: _ga=GA1.2.838000433.1622121063; _gid=GA1.2.2024695584.1622121063; _gat=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:02 GMT
last-modified: Wed, 12 Sep 2018 11:55:03 GMT
server: nginx
accept-ranges: bytes
etag: "3f9-575ab42c8a864"
content-length: 1017
content-type: image/png

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
97 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c00::9a

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-42342128-8&cid=838000433.1622121063&jid=186219775&gjid=1039044716&_gid=2024695584.1622121063&_u=IEBAAEAAAAAAAC~&z=535496786

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 27 May 2021 13:11:03 GMT
content-type: text/plain
access-control-allow-origin: https://xn--m9jp9mi8fra1016gid0b.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 sub_back1.png
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/ 22 KB
22 KB 630ms
630ms Image
text/html 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/sub_back1.png
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: 26a80fc7a0273f9b1dc9654286a0cb955391a828b09eb04541c13ad6f235f998

Request headers

:path: /wp-content/themes/01the_world_default/img/sub_back1.png
pragma: no-cache
cookie: _ga=GA1.2.838000433.1622121063; _gid=GA1.2.2024695584.1622121063; _gat=1; __gads=ID=28f95bde12bad382-225f2b981ec80036:T=1622121063:RT=1622121063:S=ALNI_MZ6n3Avyu_Qk7kyGmEyGhq6gsjcFg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:03 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://xn--m9jp9mi8fra1016gid0b.net/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 footer.png
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/ 1012 B
1 KB 306ms
305ms Image
image/png 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/footer.png
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: c9e035838df6f34590522efdc1c7eea18db61e1d0ad554831bf9014141d87e24

Request headers

:path: /wp-content/themes/01the_world_default/img/footer.png
pragma: no-cache
cookie: _ga=GA1.2.838000433.1622121063; _gid=GA1.2.2024695584.1622121063; _gat=1; __gads=ID=28f95bde12bad382-225f2b981ec80036:T=1622121063:RT=1622121063:S=ALNI_MZ6n3Avyu_Qk7kyGmEyGhq6gsjcFg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:03 GMT
last-modified: Wed, 12 Sep 2018 11:55:03 GMT
server: nginx
accept-ranges: bytes
etag: "3f4-575ab42c16cd4"
content-length: 1012
content-type: image/png

GET
H2 200 go_top.png
xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/blue/ 3 KB
4 KB 306ms
305ms Image
image/png 183.90.238.38
XSERVER Xserver Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/themes/01the_world_default/img/blue/go_top.png
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 183.90.238.38 , Japan, ASN131965 (XSERVER Xserver Inc., JP),
Reverse DNS: sv2337.xserver.jp
Software: nginx /
Resource Hash: a4250e56da12e803b43d293e01604101acada973563c7c7ec7810a353ff7dd13

Request headers

:path: /wp-content/themes/01the_world_default/img/blue/go_top.png
pragma: no-cache
cookie: _ga=GA1.2.838000433.1622121063; _gid=GA1.2.2024695584.1622121063; _gat=1; __gads=ID=28f95bde12bad382-225f2b981ec80036:T=1622121063:RT=1622121063:S=ALNI_MZ6n3Avyu_Qk7kyGmEyGhq6gsjcFg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: xn--m9jp9mi8fra1016gid0b.net
referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://xn--m9jp9mi8fra1016gid0b.net/wp-content/cache/autoptimize/css/autoptimize_84ec018d7035980dad00cc32e128de04.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:03 GMT
last-modified: Wed, 12 Sep 2018 11:55:13 GMT
server: nginx
accept-ranges: bytes
etag: "d9e-575ab435753d4"
content-length: 3486
content-type: image/png

GET
H3-29 200 postmessageRelay Show response
accounts.google.com/o/oauth2/ Frame 25C3 566 B
379 B 50ms
50ms Document
text/html 2a00:1450:4001:82f::200d

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.p7L79FLXQCw.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/cb=gapi.loaded_1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200d Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

ESF /

Resource Hash

b0e86f0faffad7b12833cd7c0222893e2b3a887a0c41fd864a5557ab1646d3ea

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-A0VXtNb+hAx2jiv5vlyDTQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/postmessageRelay?parent=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.p7L79FLXQCw.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=216=HL3IAgWED48CFHw6FI7EoMP6KsJPRnaSjWgQPjkKtDU2i6WWuFwTWDVx-kVB0LMir3X4PfmoXkgQaXj4dY0WbHN6QMp66grObzCrXYSYpvCDPzOKB-WAALbaBkflW0ceZ1EUcg5aJa__tjXObmxy8pZePMZRZbdz2UBvR3Q-y6A
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 27 May 2021 13:11:03 GMT
content-security-policy: script-src 'report-sample' 'nonce-A0VXtNb+hAx2jiv5vlyDTQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK widget_iframe.06c6ee58c3810956b7509218508c7b56.html Show response
platform.twitter.com/widgets/ Frame D016 319 KB
103 KB 12ms
9ms Document
text/html 2606:2800:234:59:254c:406:2366:268c

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN (),
Reverse DNS
Software: ECS (frb/6723) /
Resource Hash: 5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://xn--m9jp9mi8fra1016gid0b.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 53396
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 27 May 2021 13:11:03 GMT
Etag: "dab7ee9ff99366614e06e117bab5e542+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:54 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6723)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105298

GET
H3-29 404 fastbutton Show response
apis.google.com/se/0/_/+1/ Frame 403D 2 KB
918 B 23ms
23ms Document
text/html 2a00:1450:4001:812::200e

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

ESF /

Resource Hash

8592ee430b6c99b8c06872734c0a92008de5aa7c72ae58c44a4769ae2171aa91

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-b5ml1/8o8EY0ocDodE2VvA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: apis.google.com
:scheme: https
:path: /se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=ja&origin=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.p7L79FLXQCw.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=216=HL3IAgWED48CFHw6FI7EoMP6KsJPRnaSjWgQPjkKtDU2i6WWuFwTWDVx-kVB0LMir3X4PfmoXkgQaXj4dY0WbHN6QMp66grObzCrXYSYpvCDPzOKB-WAALbaBkflW0ceZ1EUcg5aJa__tjXObmxy8pZePMZRZbdz2UBvR3Q-y6A
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 27 May 2021 13:11:03 GMT
content-security-policy: script-src 'report-sample' 'nonce-b5ml1/8o8EY0ocDodE2VvA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
111 B 31ms
30ms Image
image/gif 2a00:1450:4001:809::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-42342128-8&cid=838000433.1622121063&jid=186219775&_u=IEBAAEAAAAAAAC~&z=2053198512

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 31ms
30ms Image
image/gif 2a00:1450:4001:80f::2003

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-42342128-8&cid=838000433.1622121063&jid=186219775&_u=IEBAAEAAAAAAAC~&z=2053198512

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
92 B 24ms
22ms Image
image/gif 192.0.76.3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A7.0.2&blog=89393719&post=0&tz=9&srv=xn--m9jp9mi8fra1016gid0b.net&host=xn--m9jp9mi8fra1016gid0b.net&ref=&fcp=3441&rand=0.8578948518235463
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:03 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 218 B
273 B 66ms
66ms Script
text/javascript 142.250.181.226

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=xn--m9jp9mi8fra1016gid0b.net&callback=_gfp_s_&client=ca-pub-3001968804654785

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210524/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3001968804654785&plah=xn--m9jp9mi8fra1016gid0b.net&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN (),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

8bf46177550049608c87a277d04e58041d3e4896947ee05e5cff34e32682946c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0

GET
H2 200 googlelogo_color_150x54dp.png
www.google.com/images/branding/googlelogo/1x/ Frame EAD4 3 KB
3 KB 14ms
13ms Image
image/png 2a00:1450:4001:809::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png

Requested by

Host: apis.google.com
URL: https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=ja&origin=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.p7L79FLXQCw.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g%2Fm%3D__features__

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://apis.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3170
x-xss-protection: 0
expires: Thu, 27 May 2021 13:11:03 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 16ms
16ms Script
application/javascript 2a00:1450:4001:808::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=xn--m9jp9mi8fra1016gid0b.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 27 May 2021 13:11:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
15ms Script
application/javascript 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=xn--m9jp9mi8fra1016gid0b.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 27 May 2021 13:11:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 087C 6 KB
767 B 107ms
107ms Document
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&adk=1812271804&adf=3025194257&lmt=1622121063&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&format=0x0&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063424&bpp=3&bdt=1276&idt=218&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7377409692150&frm=20&pv=2&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=241

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

b38910ea1ebed994e063b4ccc8f851b7c74ab510ce95829840df90e7ae18d72b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3001968804654785&output=html&adk=1812271804&adf=3025194257&lmt=1622121063&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&format=0x0&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063424&bpp=3&bdt=1276&idt=218&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7377409692150&frm=20&pv=2&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=241
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 27 May 2021 13:11:03 GMT
server: cafe
content-length: 744
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 27-May-2021 13:26:03 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 27 May 2021 13:11:03 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

8f359cea41f7e97a585f44c7c318c4f2314b2981060da1623e39d8d348ff9150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622028727180027"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27990
x-xss-protection: 0
expires: Thu, 27 May 2021 13:11:03 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6416 105 KB
33 KB 402ms
402ms Document
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=3227892732&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063427&bpp=2&bdt=1280&idt=248&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=985&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=2U8N8CkQ5I&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=258

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

5bc833e41fe24dd85a458b24cbf1b5924ab53530454c0cc7f730f3d5bf1c0ba7

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNvgo-736fACFVjF7QodJZ0Gcw&gqi=Z5qvYMLWKsTHtweV4bvIAg&layout=/sadbundle/%24csp%253Der3%24/15114128110379568047/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=3227892732&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063427&bpp=2&bdt=1280&idt=248&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=985&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=2U8N8CkQ5I&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=258
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNvgo-736fACFVjF7QodJZ0Gcw&gqi=Z5qvYMLWKsTHtweV4bvIAg&layout=/sadbundle/%24csp%253Der3%24/15114128110379568047/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 27 May 2021 13:11:04 GMT
server: cafe
content-length: 33900
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 27-May-2021 13:26:03 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 27 May 2021 13:11:04 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 99F9 115 KB
37 KB 416ms
415ms Document
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=604988848&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063429&bpp=1&bdt=1282&idt=276&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=2268&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=QZhJw0wwEI&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=280

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

0becb16a0f6308c6eb7e41a88febe3017500ed2ad403d8d3c1370d5f93bdc423

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8440874748895933971/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8440874748895933971/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIu-pe736fACFQHj7QodwuMFmQ&gqi=Z5qvYJ69LJjYtwev2LTgAw&layout=/sadbundle/%24csp%253Der3%24/8440874748895933971/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=604988848&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063429&bpp=1&bdt=1282&idt=276&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=2268&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=QZhJw0wwEI&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=280
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8440874748895933971/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8440874748895933971/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIu-pe736fACFQHj7QodwuMFmQ&gqi=Z5qvYJ69LJjYtwev2LTgAw&layout=/sadbundle/%24csp%253Der3%24/8440874748895933971/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 27 May 2021 13:11:04 GMT
server: cafe
content-length: 37437
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 27-May-2021 13:26:03 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 27 May 2021 13:11:04 GMT
cache-control: private

GET
H2 200 2038943760-postmessagerelay.js Show response
ssl.gstatic.com/accounts/o/ Frame 25C3 10 KB
4 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/o/2038943760-postmessagerelay.js

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.p7L79FLXQCw.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g%2Fm%3D__features__

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5bd9ca2f57b6c388332dd095d8c9be87dc71c2e1b78b843515ae758fe05a1223

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 11:15:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 21 May 2021 04:38:18 GMT
server: sffe
age: 93318
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4265
x-xss-protection: 0
expires: Thu, 26 May 2022 11:15:45 GMT

GET
H3-29 200 rpc:shindig_random.js Show response
apis.google.com/js/ Frame 25C3 12 KB
5 KB 30ms
30ms Script
application/javascript 2a00:1450:4001:812::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/rpc:shindig_random.js?onload=init

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

ESF /

Resource Hash

dcd36419da7937e52754772f60380387c49f3243240a21f41ca6d87346f72a0e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ufXeqsukoDtLY2rcnfSSsw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "9315aed2f49db41de65f19f75330f816"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-ufXeqsukoDtLY2rcnfSSsw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Thu, 27 May 2021 13:11:03 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C2FA 97 KB
26 KB 354ms
353ms Document
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=3989722972&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063430&bpp=1&bdt=1283&idt=287&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=3460&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=62d10EtzU1&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=292

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

17860451b7c34c18fa957f1c282809bf1ddfd4315680d4816fcc15a08062650e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=3989722972&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063430&bpp=1&bdt=1283&idt=287&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=3460&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=62d10EtzU1&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=292
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 27 May 2021 13:11:04 GMT
server: cafe
content-length: 26452
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 27-May-2021 13:26:03 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 27 May 2021 13:11:04 GMT
cache-control: private

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 26ms
24ms Script
application/javascript 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=xn--m9jp9mi8fra1016gid0b.net

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 27 May 2021 13:11:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 26ms
23ms Script
application/javascript 2a00:1450:4001:810::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=xn--m9jp9mi8fra1016gid0b.net

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 27 May 2021 13:11:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 66BB 118 KB
27 KB 499ms
499ms Document
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=399&slotname=1250160123&adk=4098457666&adf=2106242515&pi=t.ma~as.1250160123&w=666&cr_col=4&cr_row=2&fwrn=2&lmt=1622121063&rafmt=9&psa=0&format=666x399&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063456&bpp=1&bdt=1309&idt=316&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=4387&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wVt5N0xkDt&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=321

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

2a52cb777fcdc19803ae6e1f2b3116abee1d4bd5d1a20099ef1c4cdc16227bf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3001968804654785&output=html&h=399&slotname=1250160123&adk=4098457666&adf=2106242515&pi=t.ma~as.1250160123&w=666&cr_col=4&cr_row=2&fwrn=2&lmt=1622121063&rafmt=9&psa=0&format=666x399&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063456&bpp=1&bdt=1309&idt=316&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=4387&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wVt5N0xkDt&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=321
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 27 May 2021 13:11:04 GMT
server: cafe
content-length: 27870
x-xss-protection: 0
set-cookie: IDE=AHWqTUlKy1bkEI4kWWSwbNIpSFTq6K7sZCrXz6Jzo9493_74e8rfMxBnmex92V8PmXM; expires=Tue, 21-Jun-2022 13:11:03 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 27 May 2021 13:11:04 GMT
cache-control: private

GET
H3-29 200 googlelogo_color_150x54dp.png
www.google.com/images/branding/googlelogo/1x/ Frame 403D 3 KB
3 KB 15ms
15ms Image
image/png 2a00:1450:4001:809::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://apis.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3170
x-xss-protection: 0
expires: Thu, 27 May 2021 13:11:03 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9BC0 16 KB
8 KB 251ms
250ms Document
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=600&slotname=8412015728&adk=3975475001&adf=1919225299&pi=t.ma~as.8412015728&w=219&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=4&psa=0&format=219x600&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063501&bpp=43&bdt=1354&idt=295&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280%2C666x399&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1057&ady=1189&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=iH17qFM3Pe&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=302

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

b772252dd0fbf5ab9125fb8701b51227e7a13da7fed00a6f9faf4a9bd242eed7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3001968804654785&output=html&h=600&slotname=8412015728&adk=3975475001&adf=1919225299&pi=t.ma~as.8412015728&w=219&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=4&psa=0&format=219x600&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063501&bpp=43&bdt=1354&idt=295&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280%2C666x399&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1057&ady=1189&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=iH17qFM3Pe&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=302
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 27 May 2021 13:11:04 GMT
server: cafe
content-length: 7703
x-xss-protection: 0
set-cookie: IDE=AHWqTUl7lld6jZSprD2fkQAoYMUz5HOBeo4KXITCS2zvItYrMoqnp1HHbN7n0s2lZg8; expires=Tue, 21-Jun-2022 13:11:03 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 27 May 2021 13:11:04 GMT
cache-control: private

GET
H3-29 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/ Frame 25C3 50 KB
18 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/rpc:shindig_random.js?onload=init

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

3ed7961b640cad3efd4a453277533d8f8c87368d0b46fde38fd5d8d7d9a7dea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 03:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 19 May 2021 15:07:34 GMT
server: sffe
age: 35118
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18016
x-xss-protection: 0
expires: Fri, 27 May 2022 03:25:45 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame D016 256 B
442 B 204ms
145ms Fetch
application/json 104.244.42.136

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=a85e09226db5a7ca914efd8feebf9769a6afd1bb

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN (),

Reverse DNS

Software

tsa_o /

Resource Hash

c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:03 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:11:03 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 7bb280339711b11d568a2881511f0d89df18b4389addada4f6dc89096481bf22
content-length: 176

GET
H2 200 reset.css
b.st-hatena.com/css/ Frame AE26 2 KB
1 KB 27ms
26ms Stylesheet
text/css 13.226.159.91

General

Check archive.org

Show headers Download Go to

Full URL

https://b.st-hatena.com/css/reset.css?27b2841ed6ed045826d6945c0b0b32b82bceb5a1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.159.91 , United States, ASN (),

Reverse DNS

server-13-226-159-91.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

0fda122942f39c62ebd2d1ac9de0cf6c6e4cefefb31eb86e39777f46c7ed5064

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://b.hatena.ne.jp/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Jan 2021 02:48:04 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 10318979
x-cache: Hit from cloudfront
access-control-allow-origin: https://b.hatena.ne.jp
last-modified: Wed, 13 May 2020 05:44:30 GMT
server: nginx
etag: W/"5ebb893e-817"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: dHp-GDKa-29al-oVgkPuhoaxK2WEKnJgnyQL7dLFlN9IRRQ0esXlSQ==
expires: Fri, 28 Jan 2022 02:48:04 GMT

GET
H2 200 entry-button.css
b.st-hatena.com/css/ Frame AE26 5 KB
2 KB 27ms
26ms Stylesheet
text/css 13.226.159.91

General

Check archive.org

Show headers Download Go to

Full URL

https://b.st-hatena.com/css/entry-button.css?27b2841ed6ed045826d6945c0b0b32b82bceb5a1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.159.91 , United States, ASN (),

Reverse DNS

server-13-226-159-91.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

61403f586e03ca26a4920ac368ecf4973ad46def79a1b46532f6bfc3d5573125

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://b.hatena.ne.jp/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Jan 2021 01:07:09 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 10238634
x-cache: Hit from cloudfront
access-control-allow-origin: https://b.hatena.ne.jp
last-modified: Wed, 13 May 2020 05:44:30 GMT
server: nginx
etag: W/"5ebb893e-134a"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: AYvMMgiAlPAvRtBRw3y7F02gv3acGTzUL859z6EZTiKmTBLDJPIQ8Q==
expires: Sat, 29 Jan 2022 01:07:09 GMT

GET
H2 200 reset.css
b.st-hatena.com/css/ Frame 47EF 2 KB
1 KB 29ms
28ms Stylesheet
text/css 13.226.159.91

General

Check archive.org

Show headers Download Go to

Full URL

https://b.st-hatena.com/css/reset.css?27b2841ed6ed045826d6945c0b0b32b82bceb5a1

Requested by

Host: b.hatena.ne.jp
URL: https://b.hatena.ne.jp/entry/button/?url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e3%2583%2581%25e3%2583%25a7%25e3%2582%25b3%25e3%2583%2581%25e3%2583%2583%25e3%2582%25af%25e3%2583%259b%25e3%2583%25af%25e3%2582%25a4%25e3%2583%2588.html&mode=popup

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.159.91 , United States, ASN (),

Reverse DNS

server-13-226-159-91.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

0fda122942f39c62ebd2d1ac9de0cf6c6e4cefefb31eb86e39777f46c7ed5064

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://b.hatena.ne.jp/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Jan 2021 02:48:04 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 10318979
x-cache: Hit from cloudfront
access-control-allow-origin: https://b.hatena.ne.jp
last-modified: Wed, 13 May 2020 05:44:30 GMT
server: nginx
etag: W/"5ebb893e-817"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: _szHkQYOQWiL3Cm6rQApW5ImQJlKPnVo5PiIk8jvW_tcNtiu23l5WQ==
expires: Fri, 28 Jan 2022 02:48:04 GMT

GET
H2 200 entry-button.css
b.st-hatena.com/css/ Frame 47EF 5 KB
2 KB 29ms
29ms Stylesheet
text/css 13.226.159.91

General

Check archive.org

Show headers Download Go to

Full URL

https://b.st-hatena.com/css/entry-button.css?27b2841ed6ed045826d6945c0b0b32b82bceb5a1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.159.91 , United States, ASN (),

Reverse DNS

server-13-226-159-91.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

61403f586e03ca26a4920ac368ecf4973ad46def79a1b46532f6bfc3d5573125

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://b.hatena.ne.jp/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Jan 2021 01:07:09 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 10238634
x-cache: Hit from cloudfront
access-control-allow-origin: https://b.hatena.ne.jp
last-modified: Wed, 13 May 2020 05:44:30 GMT
server: nginx
etag: W/"5ebb893e-134a"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: zBCiok3jkLrJeWkFEQz4MTDedt1YU8wS7AybqScwkhb9A7rELBJDQw==
expires: Sat, 29 Jan 2022 01:07:09 GMT

GET
H2 200 standard.svg
b.st-hatena.com/images/entry-button/ Frame AE26 785 B
1 KB 27ms
26ms Image
image/svg+xml 13.226.159.91

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.st-hatena.com/images/entry-button/standard.svg

Requested by

Host: b.st-hatena.com
URL: https://b.st-hatena.com/css/entry-button.css?27b2841ed6ed045826d6945c0b0b32b82bceb5a1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.159.91 , United States, ASN (),

Reverse DNS

server-13-226-159-91.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

fd5454d70f20662294b9cd2fa1e7cd1e6bebf7e5ea4426259f6f538fa012753b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://b.st-hatena.com/css/entry-button.css?27b2841ed6ed045826d6945c0b0b32b82bceb5a1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Sep 2020 00:39:21 GMT
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
last-modified: Wed, 13 May 2020 05:44:30 GMT
server: nginx
age: 21385902
etag: "5ebb893e-311"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 785
x-amz-cf-id: COLrW_jnKaScnLwvXyOfOmtO15iL2HcQmfn5bCPmlUwYKTKZYgxW1Q==
expires: Wed, 22 Sep 2021 00:39:21 GMT

GET
H2 200 reset.css
b.st-hatena.com/css/ Frame F88B 2 KB
1 KB 28ms
27ms Stylesheet
text/css 13.226.159.91

General

Check archive.org

Show headers Download Go to

Full URL

https://b.st-hatena.com/css/reset.css?27b2841ed6ed045826d6945c0b0b32b82bceb5a1

Requested by

Host: b.hatena.ne.jp
URL: https://b.hatena.ne.jp/entry/button/?url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e6%25a0%25bd%25e5%259f%25b9-qa%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4-%25e8%2582%25b2%25e3%2581%25a6%25e3%2582%2584%25e3%2581%2599%25e3%2581%2584%25ef%25bc%259f.html&mode=popup

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.159.91 , United States, ASN (),

Reverse DNS

server-13-226-159-91.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

0fda122942f39c62ebd2d1ac9de0cf6c6e4cefefb31eb86e39777f46c7ed5064

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://b.hatena.ne.jp/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Jan 2021 02:48:04 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 10318979
x-cache: Hit from cloudfront
access-control-allow-origin: https://b.hatena.ne.jp
last-modified: Wed, 13 May 2020 05:44:30 GMT
server: nginx
etag: W/"5ebb893e-817"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: 4nL4MQY8gBxEdAblxS4pc9WJPy5z6Je1thrWPV-OcrojZCcQpN_zvQ==
expires: Fri, 28 Jan 2022 02:48:04 GMT

GET
H2 200 entry-button.css
b.st-hatena.com/css/ Frame F88B 5 KB
2 KB 28ms
27ms Stylesheet
text/css 13.226.159.91

General

Check archive.org

Show headers Download Go to

Full URL

https://b.st-hatena.com/css/entry-button.css?27b2841ed6ed045826d6945c0b0b32b82bceb5a1

Requested by

Host: b.hatena.ne.jp
URL: https://b.hatena.ne.jp/entry/button/?url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e6%25a0%25bd%25e5%259f%25b9-qa%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4-%25e8%2582%25b2%25e3%2581%25a6%25e3%2582%2584%25e3%2581%2599%25e3%2581%2584%25ef%25bc%259f.html&mode=popup

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.159.91 , United States, ASN (),

Reverse DNS

server-13-226-159-91.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

61403f586e03ca26a4920ac368ecf4973ad46def79a1b46532f6bfc3d5573125

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://b.hatena.ne.jp/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Jan 2021 01:07:09 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 10238634
x-cache: Hit from cloudfront
access-control-allow-origin: https://b.hatena.ne.jp
last-modified: Wed, 13 May 2020 05:44:30 GMT
server: nginx
etag: W/"5ebb893e-134a"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: o1o0isBs_qsSxz8N1ybO32kkWCvxvdOBALEcboStdgRklGI0RMqing==
expires: Sat, 29 Jan 2022 01:07:09 GMT

GET
H2 200 standard.svg
b.st-hatena.com/images/entry-button/ Frame 47EF 785 B
1 KB 27ms
27ms Image
image/svg+xml 13.226.159.91

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.st-hatena.com/images/entry-button/standard.svg

Requested by

Host: b.st-hatena.com
URL: https://b.st-hatena.com/css/entry-button.css?27b2841ed6ed045826d6945c0b0b32b82bceb5a1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.159.91 , United States, ASN (),

Reverse DNS

server-13-226-159-91.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

fd5454d70f20662294b9cd2fa1e7cd1e6bebf7e5ea4426259f6f538fa012753b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://b.st-hatena.com/css/entry-button.css?27b2841ed6ed045826d6945c0b0b32b82bceb5a1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Sep 2020 00:39:21 GMT
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
last-modified: Wed, 13 May 2020 05:44:30 GMT
server: nginx
age: 21385902
etag: "5ebb893e-311"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 785
x-amz-cf-id: NA0lfQb24jYkMSOiEAOMjibpPASBWJaxgFXLTk4XfDH2adTcLFgDGg==
expires: Wed, 22 Sep 2021 00:39:21 GMT

GET
H2 200 standard.svg
b.st-hatena.com/images/entry-button/ Frame F88B 785 B
1 KB 76ms
74ms Image
image/svg+xml 13.226.159.91

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.st-hatena.com/images/entry-button/standard.svg

Requested by

Host: b.st-hatena.com
URL: https://b.st-hatena.com/css/entry-button.css?27b2841ed6ed045826d6945c0b0b32b82bceb5a1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.159.91 , United States, ASN (),

Reverse DNS

server-13-226-159-91.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

fd5454d70f20662294b9cd2fa1e7cd1e6bebf7e5ea4426259f6f538fa012753b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://b.st-hatena.com/css/entry-button.css?27b2841ed6ed045826d6945c0b0b32b82bceb5a1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Sep 2020 00:39:21 GMT
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
last-modified: Wed, 13 May 2020 05:44:30 GMT
server: nginx
age: 21385903
etag: "5ebb893e-311"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 785
x-amz-cf-id: 3qKt7UFJ70-GZlbfwHG6TSbybuo5g0Fb8ZpYzem3htI2zAZXirt64w==
expires: Wed, 22 Sep 2021 00:39:21 GMT

GET
H/1.1 200
OK button.5573c974dc31bbdab5ea7923a0bd5cf3.js Show response
platform.twitter.com/js/ 7 KB
3 KB 7ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.5573c974dc31bbdab5ea7923a0bd5cf3.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN (),
Reverse DNS
Software: ECS (frb/67F3) /
Resource Hash: e05edf2ae58e3a9f1d2a84d32a8b216fd0aece46f527b58dcbce75255989ea88

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 27 May 2021 13:11:04 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:56:41 GMT
Server: ECS (frb/67F3)
Age: 53397
Etag: "382be2960021b88f6ce982d997cdbd01+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2294

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1D01 0
0 18ms
18ms Fetch
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CIu3yZ5qvYLC4Moa0twfC_YH4Ds-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItMzAwMTk2ODgwNDY1NDc4NcgBCagDAaoEygFP0JPADDvHI3fCv1P59cB-pD99DZ-qv3cDUkY0hlZsptA1KiampmcZfzM23LhAfmsADRUnAP0YRTm923mkuN0Ne5fLYQE6153_Luun_xXjhUt_bYI6pKCNxqYFB7aAm4lofkekv-MYO_TnnwfcX7jB9Y5daQrWfj34a9GFDObiPsEp9xlLwFahc2nVx7Fvz0jiRTGtaRvtaT8YqS1Zcz-AUCJuKTM_zrl3e66qraOoB0lRjovGZ9kI9HwWkigtQ9ZIhuxmfOhx88xpgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGAoWEhRwdWItMzAwMTk2ODgwNDY1NDc4NQ&sigh=zbZZ7n7pELc&tpd=AGWhJmtJB6V3EEP0YL8ZBH5uEWkTkKVOvxmAb86pfzE1v9iVyu48GWljeYtpcqydQbj1EFDUjftOkFLh8yQjFAbyUMREY5njpPu_jLKaHgzqu-6shby7cx10bHYsxtwmyEQaAvTf-ATSzApGvChVmsFhdb3dhgbJr8qLhgheq5YisO-i1Et0xvr79FH8QYT4nAB2mPqi0q0u-8PueMUvwN_LkEUdaH2b9_GhaovMiCNk93Xg-s9LKB-36kDXPyuo9laAJ96FY7Fqk3fYRKotDji_jC-enLLi70cNio-9TT2rz2KxRq9WPiaFR_ZRZDOSXMVKw8oyFoiS7dWxP3bWkcEe3DkmLjyTQTUD75e1f9eLPWb0t7tebQc3sz8si5Wxj2uPi5wPA01dbiwJT6nK1j2nHU4pDICWgP3CbJ5wT2qyDCwS5fYsPCWxIavkMxaQ_Eji3iEeOKmsdETgi-zDXYcACXHQVNImihNCaHOexuzCH3UZ1VdCzocf8Ets4UZZ8Xz8HGr3hJAv8zCgLqTYEGR_AnivR5C6lfU1ANZvaUA7xZCvk-K40HmN4o0sJHiRaFOQTKu1mZzve_L8b5DRJhOn5FHaaO6Z0BdhcSQlklId2LvJ6FoyLhfMFc1LpKXaKHi3gRvRSvPf3Zvgv3YtFGTnmSR_R0xCDxLv5flMD2Uo30M66IwhJfyW4dPmGv1ltYdABDR0XTupY6CEvkJGfnm-XpXYT6CMhIBgwd8DjkKbveWdsygKMp1MKQ_Kaj5mW-7voZAz4FCZwycboSMjTSyRMkDO1HF6pIm46pcqv6PICyJdLzr8CpO1UuhrVdez9aEL9crlGj2T8LQWYM5Yn0tRC_s7kLrVN5T7yBv2zFqZbHeCAtnqm_yJwZKKH0NEwhavQ_6k7qHuv3Y7lnG2eEj7MxY-QXMdtplA6nIWC7ChxY6bMQYKqcG83SSTtxRNqmPSVzvh9Wct0lnrQlLd320rqZk1hcGb8eEYTJsamPx7J2bgW36woWvLPj-JA0P7rqQOErjdKg1zfDrTRic53iSFMjpCbp31vIg

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=600&slotname=8412015728&adk=3975475001&adf=1919225299&pi=t.ma~as.8412015728&w=219&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=4&psa=0&format=219x600&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063501&bpp=43&bdt=1354&idt=295&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280%2C666x399&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1057&ady=1189&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=iH17qFM3Pe&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=302
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 27 May 2021 13:11:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 1D01 3 KB
2 KB 144ms
46ms Script
application/x-javascript 185.29.133.199

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvT1RNME1UVmhOakF0WmpJNU1pMWpPV1JsTFRBd01EQXRNREF3TURBd01EQXdNREF3LzUwMDQxNjcwMzU3Mjc5ODkyNTAvODY3NTYwOC83MzI0NDE5LzQvcmhOUkdTaUktbWpPalQ3ek92U1ltTkRYS3VhTVB1Nk5ZRlA1STFnZjN2ay8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNzMxMDAxMDA0NDk0MTY4MzE4Ni96cmgvMC8zMzIvNjMvOTk5LzY2LzJhMDE6NGY4OjEyMTo6LzAuMDAwLzE2MjIxMjEwNjMvMTYyMjEzMzY2My80L3B1Yi0zMDAxOTY4ODA0NjU0Nzg1Lw/iQMOquNFpaVTINMNQ2b0KumAw9s&nodeid=2634&group=eu&auctionid=5004167035727989250&sid=7324419&cid=8675608&bp=a_ahdhbb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.162&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCwyTRZ5qvYLC4Moa0twfC_YH4Ds-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItMzAwMTk2ODgwNDY1NDc4NcgBCagDAaoEzQFP0JPADDvHI3fCv1P59cB-pD99DZ-qv3cDUkY0hlZsptA1KiampmcZfzM23LhAfmsADRUnAP0YRTm923mkuN0Ne5fLYQE6153_Luun_xXjhUt_bYI6pKCNxqYFB7aAm4lofkekv-MYO_TnnwfcX7jB9Y5daQrWfj34a9GFDObiPsEp9xlLwFahc2nVx7Fvz0jiRTGtaRvtaT8YqS1Zcz-AUCJuKTM_zrl3e66qraOoB0lRjovGZ9kItn4bAIS959HFIqTNpKjeA9F9UKnXgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0jAEbGdo6_X6QsVOAsCOwyYTUnnA%26client%3Dca-pub-3001968804654785%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=600&slotname=8412015728&adk=3975475001&adf=1919225299&pi=t.ma~as.8412015728&w=219&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=4&psa=0&format=219x600&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063501&bpp=43&bdt=1354&idt=295&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280%2C666x399&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1057&ady=1189&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=iH17qFM3Pe&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=302
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.133.199 , United Kingdom, ASN (),
Reverse DNS
Software: MMBD/3.199.0 /
Resource Hash: 170577c85e45e0480f5b6c9ae7870f547459efe808fff1d55f8cab5383a9c652

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 27 May 2021 13:11:07 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1622121063
Last-Modified: Thu, 27 May 2021 13:11:03 GMT
Server: MMBD/3.199.0
x-mm-latency: 1 (1)
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: zrh-router-x65, zrh-bidder-x148
Connection: close
Content-Type: application/x-javascript; charset=UTF-8
Expires: Thu, 27 May 2021 13:11:06 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 1D01 2 KB
1 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=600&slotname=8412015728&adk=3975475001&adf=1919225299&pi=t.ma~as.8412015728&w=219&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=4&psa=0&format=219x600&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063501&bpp=43&bdt=1354&idt=295&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280%2C666x399&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1057&ady=1189&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=iH17qFM3Pe&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=302

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:04:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 393
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 13:04:31 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1D01 121 KB
37 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:827::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1e45ca14bc59eff23fa77a56b5a047910b4bb21832fb69ef9308c3e16caabbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622028738751036"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37763
x-xss-protection: 0
expires: Thu, 27 May 2021 13:11:04 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 1D01 13 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:10:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1319581658596578636
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 13:10:34 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 1D01 0
0 15ms
15ms Image
text/html 2a00:1450:4001:809::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQh8ECs1hhsL9ff0pjnite7oiIzjVMcvYziIDUVuAMIjs9y8cd40ZlZO-VkfR1IXpC2BXKHVrbNVH-l6RZj7ECGhBN-sw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=600&slotname=8412015728&adk=3975475001&adf=1919225299&pi=t.ma~as.8412015728&w=219&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=4&psa=0&format=219x600&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063501&bpp=43&bdt=1354&idt=295&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280%2C666x399&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1057&ady=1189&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=iH17qFM3Pe&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=302
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 css
fonts.googleapis.com/ Frame C2FA 2 KB
640 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=3989722972&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063430&bpp=1&bdt=1283&idt=287&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=3460&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=62d10EtzU1&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=292

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

ESF /

Resource Hash

e89a316ebf1c63ea09e2b7b5889fb55e1ffb326c7b2b172027da0948f5709f6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 27 May 2021 12:35:53 GMT
server: ESF
date: Thu, 27 May 2021 13:11:04 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 27 May 2021 13:11:04 GMT

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame C2FA 1 KB
919 B 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 182
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 13:08:02 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/ Frame C2FA 17 KB
7 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

4cc755a99349527933df50f5338a02d972da947a4c25f4a5309f4545ddc40ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:08:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 125
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7025
x-xss-protection: 0
server: cafe
etag: 8821855511435206686
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 13:08:59 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame C2FA 2 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:10:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 13:10:13 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C2FA 121 KB
37 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:827::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1e45ca14bc59eff23fa77a56b5a047910b4bb21832fb69ef9308c3e16caabbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622028738751036"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37763
x-xss-protection: 0
expires: Thu, 27 May 2021 13:11:04 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame C2FA 13 KB
6 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:10:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1319581658596578636
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 13:10:34 GMT

GET
H2 200 7d9aee27bee51cf015d1b4a8dc2025e1.js Show response
www.gstatic.com/mysidia/ Frame C2FA 25 KB
10 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:831::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/7d9aee27bee51cf015d1b4a8dc2025e1.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

c6f0dd8206df9adfe84428c4f85f678b1a01270a8359bbeef265f69bd94560a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:13:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 19 May 2021 22:15:01 GMT
server: sffe
age: 7068
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10414
x-xss-protection: 0
expires: Wed, 25 Aug 2021 11:13:16 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame C2FA 0
0 54ms
50ms Fetch
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CJ_V7Z5qvYNGfLoyNtwfRkI2oCM2Hzvtiyd7U2_cNxM7yhMMbEAEgtamjBmCVAqABuf--7APIAQmpAo_rejQze7Q-qAMByAPLBKoEyQFP0HYy4M81_ZZZLn7w0rzHZCGXK9jpWu4YIyeeD5UOcT74sg4dnlmOkMGt8WlQeKFzIC4Lk2sna_3fg2LYKFCBP1KJmhZrMrRJyXsn3X7EmIquNRdITrcmEW-Be44_RlEEht5qNCRUzfMSQtU2Ab6feDcn_F4uGsdYFafzilVR2F5evEO3K9lZjVWoUblm_baux81QY-RGJtSPnXeyy7-HUefa_swYwsIE_CQRwb7izXtZmdUnmIKI82VyXiDblztASC6RkwhwVXzABNzLntH-ApIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAf6socWqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBCT3gXSCAkIgOGAEBABGB-ACgHICwHYEwuIFATQFQGAFwGyFxoKGAgAEhRwdWItMzAwMTk2ODgwNDY1NDc4NQ&sigh=UFouOyA2T6I&template_id=494

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=3989722972&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063430&bpp=1&bdt=1283&idt=287&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=3460&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=62d10EtzU1&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=292
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 27 May 2021 13:11:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame C2FA 28 KB
28 KB 34ms
7ms Image
image/jpeg 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcS6lAzr-xEnmG7EnXS-fBjSLhYHBHacrYx4G8kyEnHPb0RkkL5BMP6a9d6lbbQ&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e2f416a5766bd2c223b867900f3431fcfcbf2ff497bad3a1fe866ccfc9a00701

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 05:13:19 GMT
x-content-type-options: nosniff
last-modified: Sun, 08 Nov 2020 02:22:18 GMT
server: sffe
age: 287865
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28803
x-xss-protection: 0
expires: Tue, 24 May 2022 05:13:19 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame C2FA 39 KB
39 KB 9ms
6ms Image
image/jpeg 2a00:1450:4001:80e::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcSzA139qX5REH3bLKPODQlXMDk1bHqdrsaLRHw5wSh8lRntZYOQ&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1847d18f1fdfb8e4e57f215c821399cfdf680f2f1e90b5049cd12f33bf23db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 13:17:15 GMT
x-content-type-options: nosniff
last-modified: Thu, 14 Jan 2021 00:58:45 GMT
server: sffe
age: 86029
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39576
x-xss-protection: 0
expires: Thu, 26 May 2022 13:17:15 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame C2FA 10 KB
10 KB 33ms
6ms Image
image/jpeg 2a00:1450:4001:800::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQGnepoed8crY_alJK52Wvb2CwntfqBCxSXLXwF_tPGvTFCbZA&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ea7d78206c963a79532e3fd4b12a1ca83a7e323237525f6009aa920598d1f5a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 14:10:07 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Jan 2021 00:52:44 GMT
server: sffe
age: 514857
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10266
x-xss-protection: 0
expires: Sat, 21 May 2022 14:10:07 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame C2FA 12 KB
12 KB 37ms
11ms Image
image/jpeg 2a00:1450:4001:800::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcTHFZObaI0ySVzN4FuKX_qXwuaPSums7A34QqEUPIk88wfy3XUZ7di9OK_6wg&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

896ef6a7b20a41d51c5ecdff06b13f4bda3f9c3d13f5279fa8208f3bf7ccfdc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 18:33:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 25 Apr 2021 23:13:54 GMT
server: sffe
age: 153455
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12451
x-xss-protection: 0
expires: Wed, 25 May 2022 18:33:29 GMT

GET
H3-29

200

6390794388280864672
tpc.googlesyndication.com/simgad/ Frame C2FA
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDrw7O6IhCwCRisAjII9947V29w5qI
https://tpc.googlesyndication.com/simgad/6390794388280864672

33 KB
33 KB

6ms
6ms

Image
image/png

2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6390794388280864672

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

15a61e52f7d97cf3cbbf8d52207f7eea402f643db44b38e02110f894f0a65492

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 10:13:30 GMT
x-content-type-options: nosniff
age: 529054
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33901
x-xss-protection: 0
last-modified: Wed, 15 Jan 2020 07:54:28 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 May 2022 10:13:30 GMT

Redirect headers

timing-allow-origin: *
date: Wed, 26 May 2021 14:37:07 GMT
x-content-type-options: nosniff
server: cafe
age: 81237
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/6390794388280864672
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 25 Jun 2021 14:37:07 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/ Frame D582 79 KB
18 KB 7ms
6ms Document
text/html 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/index.html

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

89a979f9f9c8408f52c9390b1533ef41ca0e8f2541b02abdb56bf7386475a4a0

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/15114128110379568047/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Wed, 26 May 2021 11:06:51 GMT
expires: Thu, 26 May 2022 11:06:51 GMT
last-modified: Wed, 27 Jan 2021 11:48:38 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 18019
age: 93853
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 54EB 0
0 46ms
43ms Fetch
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CvoIyZ5qvYJuRK9iKtwelupqYB5mlto5iv6nH6_sMrs3mrYkCEAEgtamjBmCVAqAB5rC9vwPIAQmpAo_rejQze7Q-qAMByANIqgTVAU_QANkGmqw4kJpOQZl4MN_XXu2ThdOfUTdDtKlHqVcJcc9yoA4KShW_jPdEqFxPkgrJzcX0My03ge8dTMHn81-PVtX0Y2M420PRfXqYvUCZzq3lShEQ7Z7-uhkt5RLLGkLrYLOmJLV6KLj4KMFTTxbyuxtJZPxLc6xnohX7JYcYfJQF_N1PCar2tVTIrRaYQx62bk4VO0AJ7F_m1Ubm019IFL-gzH3bzCayEz1mIAbXMvsQsxFgM6BIGFsDFVZwtEgCe3gp0GD5xJp2RRUOMqPsPXLhC8AEqd6vxMEDkgUECAQYAZIFBAgFGASgBi6AB4LPwkCoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQyPEK0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBgBcBshcaChgIABIUcHViLTMwMDE5Njg4MDQ2NTQ3ODU&sigh=PNe_PBTvlA8&template_id=419

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=3227892732&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063427&bpp=2&bdt=1280&idt=248&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=985&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=2U8N8CkQ5I&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=258
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 27 May 2021 13:11:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/ Frame 54EB 17 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=3227892732&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063427&bpp=2&bdt=1280&idt=248&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=985&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=2U8N8CkQ5I&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=258

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

4cc755a99349527933df50f5338a02d972da947a4c25f4a5309f4545ddc40ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:08:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 125
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7025
x-xss-protection: 0
server: cafe
etag: 8821855511435206686
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 13:08:59 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 54EB 2 KB
1 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=3227892732&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063427&bpp=2&bdt=1280&idt=248&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=985&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=2U8N8CkQ5I&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=258

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:10:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 13:10:13 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 54EB 121 KB
37 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:827::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=3227892732&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063427&bpp=2&bdt=1280&idt=248&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=985&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=2U8N8CkQ5I&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=258

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1e45ca14bc59eff23fa77a56b5a047910b4bb21832fb69ef9308c3e16caabbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622028738751036"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37763
x-xss-protection: 0
expires: Thu, 27 May 2021 13:11:04 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 54EB 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=3227892732&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063427&bpp=2&bdt=1280&idt=248&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=985&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=2U8N8CkQ5I&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=258

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:10:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1319581658596578636
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 13:10:34 GMT

GET
DATA 200
OK truncated
/ Frame C2FA 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 93f7db9f4affea338b27775f3d5d1b667a609482229be16881751f3ad75a5490

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v15/ Frame C2FA 20 KB
21 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:809::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v15/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

475700259e64d480d1a70023e14741bb298a025e338bb608552e2472d4505a65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 03:57:13 GMT
x-content-type-options: nosniff
last-modified: Mon, 19 Apr 2021 22:53:16 GMT
server: sffe
age: 551631
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20900
x-xss-protection: 0
expires: Sat, 21 May 2022 03:57:13 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0E20 143 B
163 B 6ms
5ms Document
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=3227892732&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063427&bpp=2&bdt=1280&idt=248&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=985&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=2U8N8CkQ5I&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=258

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=3227892732&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063427&bpp=2&bdt=1280&idt=248&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=985&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=2U8N8CkQ5I&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=258
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=3227892732&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063427&bpp=2&bdt=1280&idt=248&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=985&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=2U8N8CkQ5I&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=258

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 27 May 2021 12:57:10 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 834
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 54EB 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a49e6dc60c4b5070a82733ab756e2e50d8b12a32ced75a56f07e8c0738337fc9

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 HZvw8QdJrJJXuJ48IXlV8VF-H8RHnxePCtakS6ABBeA.js Show response
pagead2.googlesyndication.com/bg/ Frame 21B5 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HZvw8QdJrJJXuJ48IXlV8VF-H8RHnxePCtakS6ABBeA.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d9bf0f10749ac9257b89e3c217955f1517e1fc4479f178f0ad6a44ba00105e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:11:56 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 11:28:00 GMT
server: sffe
age: 212348
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
expires: Wed, 25 May 2022 02:11:56 GMT

GET
H/1.1 200
OK tweet_button.06c6ee58c3810956b7509218508c7b56.ja.html Show response
platform.twitter.com/widgets/ Frame 6E6A 33 KB
13 KB 8ms
7ms Document
text/html 2606:2800:234:59:254c:406:2366:268c

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.06c6ee58c3810956b7509218508c7b56.ja.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN (),
Reverse DNS
Software: ECS (frb/67F3) /
Resource Hash: 251283aeee079f4a9e5527b8ca613be54c4b36d755a1a44a99a7c9aa073613a8

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://xn--m9jp9mi8fra1016gid0b.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 53391
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 27 May 2021 13:11:04 GMT
Etag: "10aaf3066f6a5d94f105077f7f07a1c8+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:48 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67F3)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 12655

GET
H/1.1 200
OK tweet_button.06c6ee58c3810956b7509218508c7b56.ja.html Show response
platform.twitter.com/widgets/ Frame 7A64 33 KB
13 KB 15ms
7ms Document
text/html 2606:2800:234:59:254c:406:2366:268c

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.06c6ee58c3810956b7509218508c7b56.ja.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN (),
Reverse DNS
Software: ECS (frb/67F3) /
Resource Hash: 251283aeee079f4a9e5527b8ca613be54c4b36d755a1a44a99a7c9aa073613a8

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://xn--m9jp9mi8fra1016gid0b.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 53391
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 27 May 2021 13:11:04 GMT
Etag: "10aaf3066f6a5d94f105077f7f07a1c8+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:48 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67F3)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 12655

GET
H/1.1 200
OK tweet_button.06c6ee58c3810956b7509218508c7b56.ja.html Show response
platform.twitter.com/widgets/ Frame C7CA 33 KB
13 KB 31ms
16ms Document
text/html 2606:2800:234:59:254c:406:2366:268c

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.06c6ee58c3810956b7509218508c7b56.ja.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN (),
Reverse DNS
Software: ECS (frb/67F3) /
Resource Hash: 251283aeee079f4a9e5527b8ca613be54c4b36d755a1a44a99a7c9aa073613a8

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://xn--m9jp9mi8fra1016gid0b.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 53391
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 27 May 2021 13:11:04 GMT
Etag: "10aaf3066f6a5d94f105077f7f07a1c8+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:48 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67F3)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 12655

GET
H2 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame D582 16 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 03:56:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33251
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 28 May 2021 03:56:53 GMT

GET
H2 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame D582 26 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 18:54:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65784
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 27 May 2021 18:54:40 GMT

GET
H/1.1 200
OK tojuhhm84f1g Show response
hal9000.redintelligence.net/zone/ Frame 1D01 11 KB
4 KB 106ms
35ms Script
text/html 136.243.149.243

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/tojuhhm84f1g?subid=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&rnd=5004167035727989250&extVar[]=DOUBLEBORDER:1&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D5004167035727989250%26mt_id%3D8675608%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D429a60af-9a67-4801-a6d5-859c91b877f0%26mt_cid%3D429a60af-9a67-4801-a6d5-859c91b877f0%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCwyTRZ5qvYLC4Moa0twfC_YH4Ds-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItMzAwMTk2ODgwNDY1NDc4NcgBCagDAaoEzQFP0JPADDvHI3fCv1P59cB-pD99DZ-qv3cDUkY0hlZsptA1KiampmcZfzM23LhAfmsADRUnAP0YRTm923mkuN0Ne5fLYQE6153_Luun_xXjhUt_bYI6pKCNxqYFB7aAm4lofkekv-MYO_TnnwfcX7jB9Y5daQrWfj34a9GFDObiPsEp9xlLwFahc2nVx7Fvz0jiRTGtaRvtaT8YqS1Zcz-AUCJuKTM_zrl3e66qraOoB0lRjovGZ9kItn4bAIS959HFIqTNpKjeA9F9UKnXgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0jAEbGdo6_X6QsVOAsCOwyYTUnnA%2526client%253Dca-pub-3001968804654785%2526adurl%253D%26redirect%3D
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN (),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 8c7f19bc022cba6dcb91b345cbca1da09dc02899609304c871282b68eb0de13a

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 27 May 2021 13:11:04 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3409
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 1D01 49 B
330 B 137ms
47ms Image
image/gif 185.29.133.199

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=5004167035727989250&node_id=2634&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvT1RNME1UVmhOakF0WmpJNU1pMWpPV1JsTFRBd01EQXRNREF3TURBd01EQXdNREF3LzUwMDQxNjcwMzU3Mjc5ODkyNTAvODY3NTYwOC83MzI0NDE5LzQvcmhOUkdTaUktbWpPalQ3ek92U1ltTkRYS3VhTVB1Nk5ZRlA1STFnZjN2ay8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNzMxMDAxMDA0NDk0MTY4MzE4Ni96cmgvMC8zMzIvNjMvOTk5LzY2LzJhMDE6NGY4OjEyMTo6LzAuMDAwLzE2MjIxMjEwNjMvMTYyMjEzMzY2My80L3B1Yi0zMDAxOTY4ODA0NjU0Nzg1Lw/iQMOquNFpaVTINMNQ2b0KumAw9s&nodeid=2634&group=eu&auctionid=5004167035727989250&sid=7324419&cid=8675608&bp=a_ahdhbb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.162&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCwyTRZ5qvYLC4Moa0twfC_YH4Ds-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItMzAwMTk2ODgwNDY1NDc4NcgBCagDAaoEzQFP0JPADDvHI3fCv1P59cB-pD99DZ-qv3cDUkY0hlZsptA1KiampmcZfzM23LhAfmsADRUnAP0YRTm923mkuN0Ne5fLYQE6153_Luun_xXjhUt_bYI6pKCNxqYFB7aAm4lofkekv-MYO_TnnwfcX7jB9Y5daQrWfj34a9GFDObiPsEp9xlLwFahc2nVx7Fvz0jiRTGtaRvtaT8YqS1Zcz-AUCJuKTM_zrl3e66qraOoB0lRjovGZ9kItn4bAIS959HFIqTNpKjeA9F9UKnXgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0jAEbGdo6_X6QsVOAsCOwyYTUnnA%26client%3Dca-pub-3001968804654785%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.133.199 , United Kingdom, ASN (),
Reverse DNS
Software: MMBD/3.199.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 27 May 2021 13:11:07 GMT
Server: MMBD/3.199.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x74, zrh-bidder-x148
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Thu, 27 May 2021 13:11:06 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 1D01 43 B
359 B 123ms
58ms Image
image/gif 2.18.233.201

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=5004167035727989250&v3=863182&v4=7324419&v5=8675608&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvT1RNME1UVmhOakF0WmpJNU1pMWpPV1JsTFRBd01EQXRNREF3TURBd01EQXdNREF3LzUwMDQxNjcwMzU3Mjc5ODkyNTAvODY3NTYwOC83MzI0NDE5LzQvcmhOUkdTaUktbWpPalQ3ek92U1ltTkRYS3VhTVB1Nk5ZRlA1STFnZjN2ay8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNzMxMDAxMDA0NDk0MTY4MzE4Ni96cmgvMC8zMzIvNjMvOTk5LzY2LzJhMDE6NGY4OjEyMTo6LzAuMDAwLzE2MjIxMjEwNjMvMTYyMjEzMzY2My80L3B1Yi0zMDAxOTY4ODA0NjU0Nzg1Lw/iQMOquNFpaVTINMNQ2b0KumAw9s&nodeid=2634&group=eu&auctionid=5004167035727989250&sid=7324419&cid=8675608&bp=a_ahdhbb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.162&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCwyTRZ5qvYLC4Moa0twfC_YH4Ds-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItMzAwMTk2ODgwNDY1NDc4NcgBCagDAaoEzQFP0JPADDvHI3fCv1P59cB-pD99DZ-qv3cDUkY0hlZsptA1KiampmcZfzM23LhAfmsADRUnAP0YRTm923mkuN0Ne5fLYQE6153_Luun_xXjhUt_bYI6pKCNxqYFB7aAm4lofkekv-MYO_TnnwfcX7jB9Y5daQrWfj34a9GFDObiPsEp9xlLwFahc2nVx7Fvz0jiRTGtaRvtaT8YqS1Zcz-AUCJuKTM_zrl3e66qraOoB0lRjovGZ9kItn4bAIS959HFIqTNpKjeA9F9UKnXgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0jAEbGdo6_X6QsVOAsCOwyYTUnnA%26client%3Dca-pub-3001968804654785%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN (),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3736 915c305 master zrh-pixel-x5 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 27 May 2021 13:11:04 GMT
Server: MT3 3736 915c305 master zrh-pixel-x5
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 27 May 2021 13:11:02 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 1D01 49 B
330 B 137ms
46ms Image
image/gif 185.29.133.199

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=5004167035727989250&st=7324419&time=1622121063&nodeid=2634
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvT1RNME1UVmhOakF0WmpJNU1pMWpPV1JsTFRBd01EQXRNREF3TURBd01EQXdNREF3LzUwMDQxNjcwMzU3Mjc5ODkyNTAvODY3NTYwOC83MzI0NDE5LzQvcmhOUkdTaUktbWpPalQ3ek92U1ltTkRYS3VhTVB1Nk5ZRlA1STFnZjN2ay8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNzMxMDAxMDA0NDk0MTY4MzE4Ni96cmgvMC8zMzIvNjMvOTk5LzY2LzJhMDE6NGY4OjEyMTo6LzAuMDAwLzE2MjIxMjEwNjMvMTYyMjEzMzY2My80L3B1Yi0zMDAxOTY4ODA0NjU0Nzg1Lw/iQMOquNFpaVTINMNQ2b0KumAw9s&nodeid=2634&group=eu&auctionid=5004167035727989250&sid=7324419&cid=8675608&bp=a_ahdhbb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.162&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCwyTRZ5qvYLC4Moa0twfC_YH4Ds-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItMzAwMTk2ODgwNDY1NDc4NcgBCagDAaoEzQFP0JPADDvHI3fCv1P59cB-pD99DZ-qv3cDUkY0hlZsptA1KiampmcZfzM23LhAfmsADRUnAP0YRTm923mkuN0Ne5fLYQE6153_Luun_xXjhUt_bYI6pKCNxqYFB7aAm4lofkekv-MYO_TnnwfcX7jB9Y5daQrWfj34a9GFDObiPsEp9xlLwFahc2nVx7Fvz0jiRTGtaRvtaT8YqS1Zcz-AUCJuKTM_zrl3e66qraOoB0lRjovGZ9kItn4bAIS959HFIqTNpKjeA9F9UKnXgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0jAEbGdo6_X6QsVOAsCOwyYTUnnA%26client%3Dca-pub-3001968804654785%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.133.199 , United Kingdom, ASN (),
Reverse DNS
Software: MMBD/3.199.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 27 May 2021 13:11:07 GMT
Server: MMBD/3.199.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x64, zrh-bidder-x148
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Thu, 27 May 2021 13:11:06 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8440874748895933971/ Frame 17DC 76 KB
18 KB 7ms
7ms Document
text/html 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8440874748895933971/index.html

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

cdedf25cf1c0cebc928b7c8740ebee87b139eb531d1fca6454c8d5cc328dcb62

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/8440874748895933971/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Mon, 24 May 2021 13:15:15 GMT
expires: Tue, 24 May 2022 13:15:15 GMT
last-modified: Wed, 12 May 2021 08:21:06 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 17992
age: 258949
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5DB3 0
0 44ms
42ms Fetch
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Csbm3Z5qvYMvuLIHGtwfCx5fICYvT_fxirYTujtMN6_D-gMckEAEgtamjBmCVAqAB4J7E-APIAQmpAo_rejQze7Q-qAMByANIqgTQAU_QQAa2odOWPuftspmwj081koy4FMcKGsL5zxKV2zhndZNVAl4OscNU2Q21H9Oic3Xc_LblWjIifqqloSO1WKdQYN0bpLRZvyws3VztWkcIFGpQGo25n-soLPcI_mtgjV794ASRbffnywFLfnD56Tne4Vp6Gclxm-p9AVv4SrA2PxGBP1u9CcEdEmA2y6jttY56092uHzB6KwTThFnFST75ysu_k5kiGA2N_HLwMQvR9QEg5IsnAPT8BVEwv_dC6QC9rtg6OmB4TiA4iWXlHWjABOChmpbAA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfHwPYCqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEIXRCtIICQiA4YAQEAEYH4AKAcgLAdgTDNAVAZgWAYAXAbIXGgoYCAASFHB1Yi0zMDAxOTY4ODA0NjU0Nzg1&sigh=pCsoQK1jLk0&template_id=419

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=604988848&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063429&bpp=1&bdt=1282&idt=276&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=2268&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=QZhJw0wwEI&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=280
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 27 May 2021 13:11:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/ Frame 5DB3 17 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=604988848&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063429&bpp=1&bdt=1282&idt=276&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=2268&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=QZhJw0wwEI&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=280

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

4cc755a99349527933df50f5338a02d972da947a4c25f4a5309f4545ddc40ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:08:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 125
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7025
x-xss-protection: 0
server: cafe
etag: 8821855511435206686
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 13:08:59 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 5DB3 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=604988848&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063429&bpp=1&bdt=1282&idt=276&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=2268&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=QZhJw0wwEI&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=280

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:10:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 13:10:13 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5DB3 121 KB
37 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=604988848&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063429&bpp=1&bdt=1282&idt=276&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=2268&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=QZhJw0wwEI&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=280

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1e45ca14bc59eff23fa77a56b5a047910b4bb21832fb69ef9308c3e16caabbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622028738751036"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37763
x-xss-protection: 0
expires: Thu, 27 May 2021 13:11:04 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 5DB3 13 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=604988848&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063429&bpp=1&bdt=1282&idt=276&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=2268&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=QZhJw0wwEI&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=280

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:10:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1319581658596578636
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 13:10:34 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 90CC 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=604988848&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063429&bpp=1&bdt=1282&idt=276&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=2268&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=QZhJw0wwEI&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=280

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=604988848&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063429&bpp=1&bdt=1282&idt=276&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=2268&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=QZhJw0wwEI&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=280
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlKy1bkEI4kWWSwbNIpSFTq6K7sZCrXz6Jzo9493_74e8rfMxBnmex92V8PmXM
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=604988848&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063429&bpp=1&bdt=1282&idt=276&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=2268&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=QZhJw0wwEI&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=280

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 27 May 2021 12:57:10 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 834
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 fe40d081d0f0a30a365fc04b58169149.js Show response
www.gstatic.com/mysidia/ Frame 66BB 6 KB
3 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:831::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fe40d081d0f0a30a365fc04b58169149.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=399&slotname=1250160123&adk=4098457666&adf=2106242515&pi=t.ma~as.1250160123&w=666&cr_col=4&cr_row=2&fwrn=2&lmt=1622121063&rafmt=9&psa=0&format=666x399&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063456&bpp=1&bdt=1309&idt=316&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=4387&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wVt5N0xkDt&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=321

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f0c6eea8eb9d725d46ac2bf600e1a6318358881b990a332fb7b1225c7e15a851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 18:57:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 19 May 2021 22:15:01 GMT
server: sffe
age: 497596
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2729
x-xss-protection: 0
expires: Thu, 19 Aug 2021 18:57:48 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 66BB 874 B
691 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Noto%20Sans%20JP%3A400%2C700&text=%E3%81%AA%E3%81%8F%E3%81%91%E3%81%88%E3%82%A2%E6%A4%8D%E7%90%86%E8%8A%B1%E3%81%AE3%E6%96%B9%E5%92%B2%E3%81%AF%E3%81%A6%E9%89%A2%E3%82%93%E3%81%8B%E3%81%9F%E3%81%84%E3%81%8D%E3%82%8C%E5%A4%A7%E6%9E%AF%20%E5%93%81%E3%81%AB%E5%BA%AD%E6%9C%88%E5%86%AC%E3%81%99%E3%81%9B%E7%A8%AE%E9%99%BD%E3%82%B5%E3%82%89%E3%82%92%E3%82%A4%E3%81%95%E7%B4%AB%EF%BC%9F%E3%82%8B%E7%94%B1%E3%82%B8%E8%82%B2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

ESF /

Resource Hash

4f1ccc875370d854805f723592efc096334bde9a459e26e819c76673c8495421

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 27 May 2021 13:11:04 GMT
server: ESF
date: Thu, 27 May 2021 13:11:04 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 27 May 2021 13:11:04 GMT

GET
DATA 200
OK truncated
/ Frame 6E6A 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 7A64 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 5DB3 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 63b95f30f7acca927b8b311d787664106af1f08f628d39f100e6b41438f80dd4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0E20
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
18 B

18ms
16ms

Document
text/html

2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=3227892732&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063427&bpp=2&bdt=1280&idt=248&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=985&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=2U8N8CkQ5I&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=258

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlKy1bkEI4kWWSwbNIpSFTq6K7sZCrXz6Jzo9493_74e8rfMxBnmex92V8PmXM
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 27 May 2021 13:11:04 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Thu, 27-May-2021 14:11:04 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 27 May 2021 13:11:04 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 27 May 2021 13:11:04 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 66BB 1 KB
919 B 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 182
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 13:08:02 GMT

GET
H3-29 200 de885542b4ef2d41dfb01ff6aa37f46c.js Show response
www.gstatic.com/mysidia/ Frame 66BB 17 KB
7 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:831::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/de885542b4ef2d41dfb01ff6aa37f46c.js?tag=exit_2019

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

75ccdf55dd7914e78df9b777b2e46b78bec1f105b00aff7d8d95eacd759279b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 22:36:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 26 May 2021 17:49:14 GMT
server: sffe
age: 52476
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7411
x-xss-protection: 0
expires: Tue, 24 Aug 2021 22:36:28 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/ Frame 66BB 17 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

4cc755a99349527933df50f5338a02d972da947a4c25f4a5309f4545ddc40ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:08:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 125
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7025
x-xss-protection: 0
server: cafe
etag: 8821855511435206686
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 13:08:59 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 66BB 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:10:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 13:10:13 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 66BB 121 KB
37 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:827::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1e45ca14bc59eff23fa77a56b5a047910b4bb21832fb69ef9308c3e16caabbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622028738751036"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37763
x-xss-protection: 0
expires: Thu, 27 May 2021 13:11:04 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 66BB 13 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:10:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1319581658596578636
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 13:10:34 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 66BB 0
0 16ms
16ms Image
text/html 2a00:1450:4001:809::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTp2pdlww8kUEF1X1k20sMIsbCLFTi2b-yX5YVxEL0cBh-gWAUEqqsBZaJNiCT1GTltQiBSPRv4FuE2aeQetylerLQGMg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=399&slotname=1250160123&adk=4098457666&adf=2106242515&pi=t.ma~as.1250160123&w=666&cr_col=4&cr_row=2&fwrn=2&lmt=1622121063&rafmt=9&psa=0&format=666x399&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063456&bpp=1&bdt=1309&idt=316&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=4387&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wVt5N0xkDt&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=321
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame C7CA 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 17DC 16 KB
6 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8440874748895933971/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 03:56:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33251
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 28 May 2021 03:56:53 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 17DC 26 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8440874748895933971/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 18:54:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65784
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 27 May 2021 18:54:40 GMT

GET
H3-29 200 HZvw8QdJrJJXuJ48IXlV8VF-H8RHnxePCtakS6ABBeA.js Show response
pagead2.googlesyndication.com/bg/ Frame D582 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HZvw8QdJrJJXuJ48IXlV8VF-H8RHnxePCtakS6ABBeA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1d9bf0f10749ac9257b89e3c217955f1517e1fc4479f178f0ad6a44ba00105e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:11:56 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 11:28:00 GMT
server: sffe
age: 212348
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
expires: Wed, 25 May 2022 02:11:56 GMT

GET
H3-29 200 Element_24.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/ Frame D582 13 KB
4 KB 9ms
8ms Image
image/svg+xml 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/Element_24.svg

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

c6961a4d4296ec402fe593fad1dc613d2a4afe369e19b245a1139e8addeef035

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 370663
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4012
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 11:48:38 GMT
server: sffe
date: Sun, 23 May 2021 06:13:21 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 23 May 2022 06:13:21 GMT

GET
H3-29 200 Element_18.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/ Frame D582 3 KB
1 KB 9ms
8ms Image
image/svg+xml 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/Element_18.svg

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

bea8ca18fc59dd9efc69075b87febbe8dfd2a4819e600cd6fd9b5da0df604e44

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 370663
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1235
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 11:48:38 GMT
server: sffe
date: Sun, 23 May 2021 06:13:21 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 23 May 2022 06:13:21 GMT

GET
H3-29 200 Element_16.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/ Frame D582 246 B
231 B 11ms
10ms Image
image/svg+xml 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/Element_16.svg

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d82367742a789f0618bd00083354a3df851fc894683e6a94e41123268ee99254

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 370663
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 195
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 11:48:38 GMT
server: sffe
date: Sun, 23 May 2021 06:13:21 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 23 May 2022 06:13:21 GMT

GET
H3-29 200 Element_15.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/ Frame D582 5 KB
2 KB 10ms
9ms Image
image/svg+xml 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/Element_15.svg

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ddbe53fbdf228359ca0cbce287c93bd5d381dc271605ae88635204eec016aa98

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 370663
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1760
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 11:48:38 GMT
server: sffe
date: Sun, 23 May 2021 06:13:21 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 23 May 2022 06:13:21 GMT

GET
H3-29 200 Element_19.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/ Frame D582 473 B
305 B 9ms
8ms Image
image/svg+xml 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/Element_19.svg

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4a3fa995039579e0ecb5ee278f9bad4dca2b2f4fa34ddefd7c12e17e14fa018e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 370663
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 269
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 11:48:38 GMT
server: sffe
date: Sun, 23 May 2021 06:13:21 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 23 May 2022 06:13:21 GMT

GET
H3-29 200 Element_13.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/ Frame D582 10 KB
2 KB 11ms
10ms Image
image/svg+xml 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/Element_13.svg

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f5e3a2c67fa809ff28e25a52dfa078a0b3bb3f7431a564c64d88f3dd1ee5ca62

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 370663
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2515
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 11:48:38 GMT
server: sffe
date: Sun, 23 May 2021 06:13:21 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 23 May 2022 06:13:21 GMT

GET
H/1.1

200
OK

request.php Show response
hal90009.redintelligence.net/ Frame 1D01
Redirect Chain

https://hal90009.redintelligence.net/request.php?zone=tojuhhm84f1g&nw=20&renderingType=javascript&namespace=4bbc9124e9&subid=&uid=6b29fce8fa1bb1f9&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90009.redintelligence.net/request.php?zone=tojuhhm84f1g&nw=20&renderingType=javascript&namespace=4bbc9124e9&subid=&uid=6b29fce8fa1bb1f9&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

2 KB
1 KB

172ms
97ms

Script
application/x-javascript

138.201.63.149

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90009.redintelligence.net/request.php?zone=tojuhhm84f1g&nw=20&renderingType=javascript&namespace=4bbc9124e9&subid=&uid=6b29fce8fa1bb1f9&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D5004167035727989250%26mt_id%3D8675608%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D429a60af-9a67-4801-a6d5-859c91b877f0%26mt_cid%3D429a60af-9a67-4801-a6d5-859c91b877f0%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCwyTRZ5qvYLC4Moa0twfC_YH4Ds-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItMzAwMTk2ODgwNDY1NDc4NcgBCagDAaoEzQFP0JPADDvHI3fCv1P59cB-pD99DZ-qv3cDUkY0hlZsptA1KiampmcZfzM23LhAfmsADRUnAP0YRTm923mkuN0Ne5fLYQE6153_Luun_xXjhUt_bYI6pKCNxqYFB7aAm4lofkekv-MYO_TnnwfcX7jB9Y5daQrWfj34a9GFDObiPsEp9xlLwFahc2nVx7Fvz0jiRTGtaRvtaT8YqS1Zcz-AUCJuKTM_zrl3e66qraOoB0lRjovGZ9kItn4bAIS959HFIqTNpKjeA9F9UKnXgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0jAEbGdo6_X6QsVOAsCOwyYTUnnA%2526client%253Dca-pub-3001968804654785%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-3001968804654785%26output%3Dhtml%26h%3D600%26slotname%3D8412015728%26adk%3D3975475001%26adf%3D1919225299%26pi%3Dt.ma~as.8412015728%26w%3D219%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1622121063%26rafmt%3D4%26psa%3D0%26format%3D219x600%26url%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252F%26flash%3D0%26fwr%3D0%26rpe%3D1%26resp_fmts%3D4%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdXQ..%26dt%3D1622121063501%26bpp%3D43%26bdt%3D1354%26idt%3D295%26shv%3Dr20210524%26cbv%3D%252Fr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C666x280%252C666x280%252C666x280%252C666x399%26nras%3D1%26correlator%3D7377409692150%26frm%3D20%26pv%3D1%26ga_vid%3D838000433.1622121063%26ga_sid%3D1622121064%26ga_hid%3D15458963%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D1057%26ady%3D1189%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D42530671%252C31060957%26oid%3D3%26pvsid%3D3394013324203522%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CoeE%257C%26abl%3DCS%26pfx%3D0%26cms%3D2%26fu%3D128%26bc%3D31%26ifi%3D6%26uci%3Da!6%26fsb%3D1%26xpc%3DiH17qFM3Pe%26p%3Dhttps%253A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%26dtd%3D302&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net&random=2682362970106&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=600&slotname=8412015728&adk=3975475001&adf=1919225299&pi=t.ma~as.8412015728&w=219&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=4&psa=0&format=219x600&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063501&bpp=43&bdt=1354&idt=295&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280%2C666x399&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1057&ady=1189&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=iH17qFM3Pe&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=302
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.149 Lingenfeld, Germany, ASN (),
Reverse DNS: static.149.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: d16f204114d443f2c2de71364d97d0d2ccaba7c5ecbb03c36d9fa0d99771fa71

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 27 May 2021 13:11:04 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 16121600137314902179201011607009
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 723
Expires: Thu, 27 May 2021 14:11:04 +0200

Redirect headers

Pragma: no-cache
Date: Thu, 27 May 2021 13:11:04 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=tojuhhm84f1g&nw=20&renderingType=javascript&namespace=4bbc9124e9&subid=&uid=6b29fce8fa1bb1f9&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D5004167035727989250%26mt_id%3D8675608%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D429a60af-9a67-4801-a6d5-859c91b877f0%26mt_cid%3D429a60af-9a67-4801-a6d5-859c91b877f0%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCwyTRZ5qvYLC4Moa0twfC_YH4Ds-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItMzAwMTk2ODgwNDY1NDc4NcgBCagDAaoEzQFP0JPADDvHI3fCv1P59cB-pD99DZ-qv3cDUkY0hlZsptA1KiampmcZfzM23LhAfmsADRUnAP0YRTm923mkuN0Ne5fLYQE6153_Luun_xXjhUt_bYI6pKCNxqYFB7aAm4lofkekv-MYO_TnnwfcX7jB9Y5daQrWfj34a9GFDObiPsEp9xlLwFahc2nVx7Fvz0jiRTGtaRvtaT8YqS1Zcz-AUCJuKTM_zrl3e66qraOoB0lRjovGZ9kItn4bAIS959HFIqTNpKjeA9F9UKnXgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0jAEbGdo6_X6QsVOAsCOwyYTUnnA%2526client%253Dca-pub-3001968804654785%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-3001968804654785%26output%3Dhtml%26h%3D600%26slotname%3D8412015728%26adk%3D3975475001%26adf%3D1919225299%26pi%3Dt.ma~as.8412015728%26w%3D219%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1622121063%26rafmt%3D4%26psa%3D0%26format%3D219x600%26url%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252F%26flash%3D0%26fwr%3D0%26rpe%3D1%26resp_fmts%3D4%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdXQ..%26dt%3D1622121063501%26bpp%3D43%26bdt%3D1354%26idt%3D295%26shv%3Dr20210524%26cbv%3D%252Fr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C666x280%252C666x280%252C666x280%252C666x399%26nras%3D1%26correlator%3D7377409692150%26frm%3D20%26pv%3D1%26ga_vid%3D838000433.1622121063%26ga_sid%3D1622121064%26ga_hid%3D15458963%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D1057%26ady%3D1189%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D42530671%252C31060957%26oid%3D3%26pvsid%3D3394013324203522%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CoeE%257C%26abl%3DCS%26pfx%3D0%26cms%3D2%26fu%3D128%26bc%3D31%26ifi%3D6%26uci%3Da!6%26fsb%3D1%26xpc%3DiH17qFM3Pe%26p%3Dhttps%253A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%26dtd%3D302&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net&random=2682362970106&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Thu, 27 May 2021 14:11:04 +0200

GET
H3-29 200 4997898321273172335
tpc.googlesyndication.com/icore_images/ Frame 66BB 33 KB
33 KB 16ms
7ms Image
image/jpeg 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/icore_images/4997898321273172335

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1f5c6d02fc76fb03a20344484b5f6f7f2d46926ee6fb5bd42e46fdb9c8651c5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 19:47:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 04 May 2021 16:07:05 GMT
server: sffe
age: 494625
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33514
x-xss-protection: 0
expires: Sat, 21 May 2022 19:47:19 GMT

GET
H3-29 200 16114843243089217562
tpc.googlesyndication.com/icore_images/ Frame 66BB 28 KB
28 KB 16ms
8ms Image
image/jpeg 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/icore_images/16114843243089217562

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

7d9b20df67e4fdb335a4e220496f6ed865678ad8a9528de7f4a03dc0561c7d72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 May 2021 12:26:56 GMT
x-content-type-options: nosniff
last-modified: Sat, 01 May 2021 15:19:21 GMT
server: sffe
age: 434648
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29105
x-xss-protection: 0
expires: Sun, 22 May 2022 12:26:56 GMT

GET
H3-29 200 16550421126234128213
tpc.googlesyndication.com/icore_images/ Frame 66BB 19 KB
19 KB 24ms
16ms Image
image/jpeg 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/icore_images/16550421126234128213

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

eed8bbef503babc3cfd6bab171469830c476510a5c792363768cf4b9ec26718e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 23:58:01 GMT
x-content-type-options: nosniff
last-modified: Mon, 19 Apr 2021 15:52:29 GMT
server: sffe
age: 133983
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19074
x-xss-protection: 0
expires: Wed, 25 May 2022 23:58:01 GMT

GET
H3-29 200 17031205495551198434
tpc.googlesyndication.com/icore_images/ Frame 66BB 17 KB
17 KB 46ms
38ms Image
image/jpeg 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/icore_images/17031205495551198434

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d1f4e4630b8d4801abc1ca32d1baf694bd570ee94a1c462fa2cd03dc0c95e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:04 GMT
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 17:11:26 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17763
x-xss-protection: 0
expires: Fri, 27 May 2022 13:11:04 GMT

GET
H3-29 200 16851581137417419659
tpc.googlesyndication.com/icore_images/ Frame 66BB 22 KB
22 KB 20ms
12ms Image
image/jpeg 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/icore_images/16851581137417419659

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f01903b3070c311bb1d7b0368466b6138411ca2e876dba98b6ddc8501e359517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 23:58:01 GMT
x-content-type-options: nosniff
last-modified: Wed, 19 Dec 2018 17:37:27 GMT
server: sffe
age: 133983
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22026
x-xss-protection: 0
expires: Wed, 25 May 2022 23:58:01 GMT

GET
H3-29 200 4169477227190675863
tpc.googlesyndication.com/icore_images/ Frame 66BB 32 KB
32 KB 18ms
11ms Image
image/jpeg 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/icore_images/4169477227190675863

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

557a28b6b96a9d0122ccd963ef7f244b3af6137079e76f13e5a3f8def76f5324

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 04:43:19 GMT
x-content-type-options: nosniff
last-modified: Sat, 15 Dec 2018 17:39:17 GMT
server: sffe
age: 203265
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32601
x-xss-protection: 0
expires: Wed, 25 May 2022 04:43:19 GMT

GET
H3-29 200 15262885589546723768
tpc.googlesyndication.com/icore_images/ Frame 66BB 18 KB
18 KB 16ms
9ms Image
image/jpeg 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/icore_images/15262885589546723768

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1389685bdb948b61ef7659b666a95f3d9d6180f1bd6275ffd0245fc2b09fe64d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 23:58:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 24 May 2020 21:48:41 GMT
server: sffe
age: 133983
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18000
x-xss-protection: 0
expires: Wed, 25 May 2022 23:58:01 GMT

GET
H3-29 200 14413581566702291388
tpc.googlesyndication.com/icore_images/ Frame 66BB 13 KB
13 KB 15ms
9ms Image
image/jpeg 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/icore_images/14413581566702291388

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f5f389a626c93903925ea1ad5dfb0d1770efd8dc7abaece35dda70ee34533e1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 May 2021 20:58:40 GMT
x-content-type-options: nosniff
last-modified: Thu, 19 Mar 2020 09:24:13 GMT
server: sffe
age: 490344
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13558
x-xss-protection: 0
expires: Sat, 21 May 2022 20:58:40 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 66BB 0
0 51ms
44ms Fetch
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cq5Z6Z5qvYLzwML-AwuIPp6C2CKXVnbEFjdzCup8Cpp6tjWsQASC1qaMGKAhglQLIAQGoAwHIA8EEqgSsAU_QXko6_2Q0N_UL6Bvq9mI5TSzMjjRtxV7aGTvPXYhgOH56DZihnhMe_yvsrW2sylHYW_9fhBKTFZreauMu_jbfwqATVTRcVn9e9E63tHeyyp3C2gYKEuVpepvuz8oXZA8-ulRaxr5SIpbN7HqhM94KxuFzOdMWmaOh5iE7UHI68sC_BUg6Hr4V8wSaFluXaGxgj7vPFvZlFk7Ap9Gm891Mv6u_gVnrg2yuzW7ABKXAy4o0kgUECBoYBKAGRcAGC4AH5ffiNagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAdIICQiA4YAQEAEYH4AKAcgLAdAVAYAXAbIXGgoYCAASFHB1Yi0zMDAxOTY4ODA0NjU0Nzg1&sigh=EEhCmyitQug

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=399&slotname=1250160123&adk=4098457666&adf=2106242515&pi=t.ma~as.1250160123&w=666&cr_col=4&cr_row=2&fwrn=2&lmt=1622121063&rafmt=9&psa=0&format=666x399&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063456&bpp=1&bdt=1309&idt=316&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=4387&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wVt5N0xkDt&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=321
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 27 May 2021 13:11:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 66BB 0
0 53ms
47ms Fetch
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=ChP_mZ5qvYLzwML-AwuIPp6C2CKXVnbEFjdzCup8Cpp6tjWsQAiC1qaMGKAhglQLIAQGoAwHIA8EEqgSsAU_QXko5_2Q0N_UL6Bvq9mI5TSzMjjRtxV7aGTvPXYhgOH56DZihnhMe_yvsrW2sylHYW_9fhBKTFZreauMu_jbfwqATVTRcVn9e9E63tHeyyp3C2gYKEuVpepvuz8oXZA8-ulRaxr5SIpbN7HqhM94KxuFzOdMWmaOh5iE7UHI68sC_BUg6Hr4V8wSaFluXaGxgj7vPFvZlFk7Ap9Gm891Mv6u_gVnrg2yuzW7ABKXAy4o0kgUECBoYBKAGRcAGC4AH5ffiNagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAdIICQiA4YAQEAEYH4AKAcgLAdAVAYAXAbIXGgoYCAASFHB1Yi0zMDAxOTY4ODA0NjU0Nzg1&sigh=CF03Y6MwVxM

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=399&slotname=1250160123&adk=4098457666&adf=2106242515&pi=t.ma~as.1250160123&w=666&cr_col=4&cr_row=2&fwrn=2&lmt=1622121063&rafmt=9&psa=0&format=666x399&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063456&bpp=1&bdt=1309&idt=316&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=4387&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wVt5N0xkDt&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=321
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 27 May 2021 13:11:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 66BB 0
0 80ms
75ms Fetch
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cnq3hZ5qvYLzwML-AwuIPp6C2CKXVnbEFjdzCup8Cpp6tjWsQAyC1qaMGKAhglQLIAQGoAwHIA8EEqgSsAU_QXko4_2Q0N_UL6Bvq9mI5TSzMjjRtxV7aGTvPXYhgOH56DZihnhMe_yvsrW2sylHYW_9fhBKTFZreauMu_jbfwqATVTRcVn9e9E63tHeyyp3C2gYKEuVpepvuz8oXZA8-ulRaxr5SIpbN7HqhM94KxuFzOdMWmaOh5iE7UHI68sC_BUg6Hr4V8wSaFluXaGxgj7vPFvZlFk7Ap9Gm891Mv6u_gVnrg2yuzW7ABKXAy4o0kgUECBoYBKAGRcAGC4AH5ffiNagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAdIICQiA4YAQEAEYH4AKAcgLAdAVAYAXAbIXGgoYCAASFHB1Yi0zMDAxOTY4ODA0NjU0Nzg1&sigh=Gyck4cdHak0

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=399&slotname=1250160123&adk=4098457666&adf=2106242515&pi=t.ma~as.1250160123&w=666&cr_col=4&cr_row=2&fwrn=2&lmt=1622121063&rafmt=9&psa=0&format=666x399&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063456&bpp=1&bdt=1309&idt=316&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=4387&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wVt5N0xkDt&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=321
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 27 May 2021 13:11:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 66BB 0
0 81ms
74ms Fetch
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CbEjAZ5qvYLzwML-AwuIPp6C2CKXVnbEFjdzCup8Cpp6tjWsQBCC1qaMGKAhglQLIAQGoAwHIA8EEqgSsAU_QXko__2Q0N_UL6Bvq9mI5TSzMjjRtxV7aGTvPXYhgOH56DZihnhMe_yvsrW2sylHYW_9fhBKTFZreauMu_jbfwqATVTRcVn9e9E63tHeyyp3C2gYKEuVpepvuz8oXZA8-ulRaxr5SIpbN7HqhM94KxuFzOdMWmaOh5iE7UHI68sC_BUg6Hr4V8wSaFluXaGxgj7vPFvZlFk7Ap9Gm891Mv6u_gVnrg2yuzW7ABKXAy4o0kgUECBoYBKAGRcAGC4AH5ffiNagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAdIICQiA4YAQEAEYH4AKAcgLAdAVAYAXAbIXGgoYCAASFHB1Yi0zMDAxOTY4ODA0NjU0Nzg1&sigh=-SYMgxFDXDw

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=399&slotname=1250160123&adk=4098457666&adf=2106242515&pi=t.ma~as.1250160123&w=666&cr_col=4&cr_row=2&fwrn=2&lmt=1622121063&rafmt=9&psa=0&format=666x399&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063456&bpp=1&bdt=1309&idt=316&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=4387&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wVt5N0xkDt&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=321
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 27 May 2021 13:11:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 66BB 0
0 23ms
17ms Fetch
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CrA4yZ5qvYLzwML-AwuIPp6C2CKXVnbEFjdzCup8Cpp6tjWsQBSC1qaMGKAhglQLIAQGoAwHIA8EEqgSsAU_QXko-_2Q0N_UL6Bvq9mI5TSzMjjRtxV7aGTvPXYhgOH56DZihnhMe_yvsrW2sylHYW_9fhBKTFZreauMu_jbfwqATVTRcVn9e9E63tHeyyp3C2gYKEuVpepvuz8oXZA8-ulRaxr5SIpbN7HqhM94KxuFzOdMWmaOh5iE7UHI68sC_BUg6Hr4V8wSaFluXaGxgj7vPFvZlFk7Ap9Gm891Mv6u_gVnrg2yuzW7ABKXAy4o0kgUECBoYBKAGRcAGC4AH5ffiNagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAdIICQiA4YAQEAEYH4AKAcgLAdAVAYAXAbIXGgoYCAASFHB1Yi0zMDAxOTY4ODA0NjU0Nzg1&sigh=hZRg_nl29jw

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=399&slotname=1250160123&adk=4098457666&adf=2106242515&pi=t.ma~as.1250160123&w=666&cr_col=4&cr_row=2&fwrn=2&lmt=1622121063&rafmt=9&psa=0&format=666x399&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063456&bpp=1&bdt=1309&idt=316&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=4387&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wVt5N0xkDt&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=321
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 27 May 2021 13:11:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 66BB 0
0 79ms
74ms Fetch
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CLYnwZ5qvYLzwML-AwuIPp6C2CKXVnbEFjdzCup8Cpp6tjWsQBiC1qaMGKAhglQLIAQGoAwHIA8EEqgSsAU_QXko9_2Q0N_UL6Bvq9mI5TSzMjjRtxV7aGTvPXYhgOH56DZihnhMe_yvsrW2sylHYW_9fhBKTFZreauMu_jbfwqATVTRcVn9e9E63tHeyyp3C2gYKEuVpepvuz8oXZA8-ulRaxr5SIpbN7HqhM94KxuFzOdMWmaOh5iE7UHI68sC_BUg6Hr4V8wSaFluXaGxgj7vPFvZlFk7Ap9Gm891Mv6u_gVnrg2yuzW7ABKXAy4o0kgUECBoYBKAGRcAGC4AH5ffiNagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAdIICQiA4YAQEAEYH4AKAcgLAdAVAYAXAbIXGgoYCAASFHB1Yi0zMDAxOTY4ODA0NjU0Nzg1&sigh=ymbn17aVH94

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=399&slotname=1250160123&adk=4098457666&adf=2106242515&pi=t.ma~as.1250160123&w=666&cr_col=4&cr_row=2&fwrn=2&lmt=1622121063&rafmt=9&psa=0&format=666x399&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063456&bpp=1&bdt=1309&idt=316&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=4387&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wVt5N0xkDt&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=321
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 27 May 2021 13:11:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 66BB 0
0 79ms
74ms Fetch
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CBRTGZ5qvYLzwML-AwuIPp6C2CKXVnbEFjdzCup8Cpp6tjWsQByC1qaMGKAhglQLIAQGoAwHIA8EEqgSsAU_QXko8_2Q0N_UL6Bvq9mI5TSzMjjRtxV7aGTvPXYhgOH56DZihnhMe_yvsrW2sylHYW_9fhBKTFZreauMu_jbfwqATVTRcVn9e9E63tHeyyp3C2gYKEuVpepvuz8oXZA8-ulRaxr5SIpbN7HqhM94KxuFzOdMWmaOh5iE7UHI68sC_BUg6Hr4V8wSaFluXaGxgj7vPFvZlFk7Ap9Gm891Mv6u_gVnrg2yuzW7ABKXAy4o0kgUECBoYBKAGRcAGC4AH5ffiNagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAdIICQiA4YAQEAEYH4AKAcgLAdAVAYAXAbIXGgoYCAASFHB1Yi0zMDAxOTY4ODA0NjU0Nzg1&sigh=Uky2prFbM9U

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=399&slotname=1250160123&adk=4098457666&adf=2106242515&pi=t.ma~as.1250160123&w=666&cr_col=4&cr_row=2&fwrn=2&lmt=1622121063&rafmt=9&psa=0&format=666x399&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063456&bpp=1&bdt=1309&idt=316&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=4387&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wVt5N0xkDt&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=321
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 27 May 2021 13:11:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 66BB 0
0 79ms
75ms Fetch
text/html 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C1uVIZ5qvYLzwML-AwuIPp6C2CKXVnbEFjdzCup8Cpp6tjWsQCCC1qaMGKAhglQLIAQGoAwHIA8EEqgSsAU_QXkoz_2Q0N_UL6Bvq9mI5TSzMjjRtxV7aGTvPXYhgOH56DZihnhMe_yvsrW2sylHYW_9fhBKTFZreauMu_jbfwqATVTRcVn9e9E63tHeyyp3C2gYKEuVpepvuz8oXZA8-ulRaxr5SIpbN7HqhM94KxuFzOdMWmaOh5iE7UHI68sC_BUg6Hr4V8wSaFluXaGxgj7vPFvZlFk7Ap9Gm891Mv6u_gVnrg2yuzW7ABKXAy4o0kgUECBoYBKAGRcAGC4AH5ffiNagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAdIICQiA4YAQEAEYH4AKAcgLAdAVAYAXAbIXGgoYCAASFHB1Yi0zMDAxOTY4ODA0NjU0Nzg1&sigh=MElYiyxFO2w

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=399&slotname=1250160123&adk=4098457666&adf=2106242515&pi=t.ma~as.1250160123&w=666&cr_col=4&cr_row=2&fwrn=2&lmt=1622121063&rafmt=9&psa=0&format=666x399&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063456&bpp=1&bdt=1309&idt=316&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280%2C666x280%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=4387&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wVt5N0xkDt&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=321
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 27 May 2021 13:11:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5A23 1 KB
749 B 9ms
5ms Document
text/html 2a00:1450:4001:809::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 27 May 2021 03:14:09 GMT
expires: Fri, 28 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 35815
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 66BB 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 12875314ee2ddcc4d2a2fb04123d58952d2a04175805709e9a217ef87009c5e4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 90CC
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
18 B

18ms
17ms

Document
text/html

2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3001968804654785&output=html&h=280&slotname=6935282521&adk=3709907325&adf=604988848&pi=t.ma~as.6935282521&w=666&fwrn=4&fwrnh=100&lmt=1622121063&rafmt=1&psa=0&format=666x280&url=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622121063429&bpp=1&bdt=1282&idt=276&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C666x280&nras=1&correlator=7377409692150&frm=20&pv=1&ga_vid=838000433.1622121063&ga_sid=1622121064&ga_hid=15458963&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=336&ady=2268&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31060957&oid=3&pvsid=3394013324203522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=QZhJw0wwEI&p=https%3A//xn--m9jp9mi8fra1016gid0b.net&dtd=280

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlKy1bkEI4kWWSwbNIpSFTq6K7sZCrXz6Jzo9493_74e8rfMxBnmex92V8PmXM; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 27 May 2021 13:11:04 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Thu, 27-May-2021 14:11:04 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 27 May 2021 13:11:04 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 27 May 2021 13:11:04 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 font
fonts.gstatic.com/l/ Frame 66BB 21 KB
21 KB 49ms
49ms Font
font/woff2 2a00:1450:4001:829::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/l/font?kit=-F6pfjtqLzI2JPCgQBnw7HFQei0q12XChsom91jkLBp6NTW0W0Ebgj_rpibDw92fv-3eHvqxJED-7D7zXdz96VjxthJZrcozTXwuWDBY-aEyn8SFDPIE3tpRoljkshtJoZZSpmz-4p8D_-4Mm_9mAkdCUaBvxbtUh9_QXhwH_Qh2D1ZS4rI2_cpwVbDlxqRcHsyaPJw09MpB0wZTfTwtQUezzCtO-6RF6_nbkyiqg9vBZyLuaSV_Py-8glsTA5KV&skey=b1468649b9c42538&v=v28

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto%20Sans%20JP%3A400%2C700&text=%E3%81%AA%E3%81%8F%E3%81%91%E3%81%88%E3%82%A2%E6%A4%8D%E7%90%86%E8%8A%B1%E3%81%AE3%E6%96%B9%E5%92%B2%E3%81%AF%E3%81%A6%E9%89%A2%E3%82%93%E3%81%8B%E3%81%9F%E3%81%84%E3%81%8D%E3%82%8C%E5%A4%A7%E6%9E%AF%20%E5%93%81%E3%81%AB%E5%BA%AD%E6%9C%88%E5%86%AC%E3%81%99%E3%81%9B%E7%A8%AE%E9%99%BD%E3%82%B5%E3%82%89%E3%82%92%E3%82%A4%E3%81%95%E7%B4%AB%EF%BC%9F%E3%82%8B%E7%94%B1%E3%82%B8%E8%82%B2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

ESF /

Resource Hash

5be820a03fa6c936ada8f591e9ba5a9d42a8b7ac20209c3a7f8e27de397c6719

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:04 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 Nov 2020 17:37:04 GMT
server: ESF
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="font.woff2"; filename*=UTF-8''font.woff2
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21952
x-xss-protection: 0
expires: Fri, 28 May 2021 13:11:04 GMT

GET
H3-29 200 HZvw8QdJrJJXuJ48IXlV8VF-H8RHnxePCtakS6ABBeA.js Show response
pagead2.googlesyndication.com/bg/ Frame 17DC 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HZvw8QdJrJJXuJ48IXlV8VF-H8RHnxePCtakS6ABBeA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1d9bf0f10749ac9257b89e3c217955f1517e1fc4479f178f0ad6a44ba00105e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:11:56 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 11:28:00 GMT
server: sffe
age: 212348
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
expires: Wed, 25 May 2022 02:11:56 GMT

GET
H3-29 200 BM_Logo_RGB_3.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8440874748895933971/ Frame 17DC 22 KB
22 KB 9ms
9ms Image
image/png 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8440874748895933971/BM_Logo_RGB_3.png

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

af80c5f740d87f23a4dfba032163da333d0726400e3e466498ec6db371cccbeb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 258931
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22623
x-xss-protection: 0
last-modified: Wed, 12 May 2021 08:21:06 GMT
server: sffe
date: Mon, 24 May 2021 13:15:33 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 24 May 2022 13:15:33 GMT

GET
H3-29 200 Jetzt_buchen__.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8440874748895933971/ Frame 17DC 2 KB
2 KB 9ms
8ms Image
image/png 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8440874748895933971/Jetzt_buchen__.png

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

98b503e561abd8bd6f36e99d52a42baddf76b0f07f50d5a1d916c7595a4a5125

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 258931
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1783
x-xss-protection: 0
last-modified: Wed, 12 May 2021 08:21:06 GMT
server: sffe
date: Mon, 24 May 2021 13:15:33 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 24 May 2022 13:15:33 GMT

GET
H3-29 200 970x250.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8440874748895933971/ Frame 17DC 99 KB
100 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8440874748895933971/970x250.jpg

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

85de04645b7b002937768e0fbad655103c8b53794d092c26a1e121886794a9af

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 258931
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101880
x-xss-protection: 0
last-modified: Wed, 12 May 2021 08:21:06 GMT
server: sffe
date: Mon, 24 May 2021 13:15:33 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 24 May 2022 13:15:33 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 5A23 35 B
462 B 17ms
8ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEO18NQekIp_XBPB54QA8MZc&google_cver=1&google_push=AQvitUKQerl2cvyq2gdXAa6TIWaflD5cbKB_De9eIgQKkL9d9FNImBUy3RF1HqVTw8Q8l1YtP-4w8UnDDk7Hvj2liLWkCHtl6zeB

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN (),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:04 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5A23
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUIqN0cBuGRO8QrgjmQ-c-nY-66cF_N96CsaPcD...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtAYWFBQUFCZUtyMkduLQ&google_push=AQvitUIqN0cBuGRO8QrgjmQ-c-nY-66cF_N96CsaPcDtK9b9wVYa-xW5N9sY3Q0BGjLmHWSUpI7qNSijI1Y3hPAvCrHqsl3cHoyY

170 B
188 B

47ms
47ms

Image
image/png

172.217.23.98

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtAYWFBQUFCZUtyMkduLQ&google_push=AQvitUIqN0cBuGRO8QrgjmQ-c-nY-66cF_N96CsaPcDtK9b9wVYa-xW5N9sY3Q0BGjLmHWSUpI7qNSijI1Y3hPAvCrHqsl3cHoyY

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtAYWFBQUFCZUtyMkduLQ&google_push=AQvitUIqN0cBuGRO8QrgjmQ-c-nY-66cF_N96CsaPcDtK9b9wVYa-xW5N9sY3Q0BGjLmHWSUpI7qNSijI1Y3hPAvCrHqsl3cHoyY
Date: Thu, 27 May 2021 13:11:04 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5A23
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEMGB0P1pywv2iRwbIJ-6dKM&google_cver=1&google_push=AQvitUIyKrCd-vW5l71wchJusjM7jvI7SmbKAPlrZ10Oz45lSB8A19yphLz91IkuXfGsr1OMmbDVFHgtwOB1LHuCas-dxDl835Ee
https://rtb.openx.net/sync/dds?google_gid=CAESEMGB0P1pywv2iRwbIJ-6dKM&google_cver=1&google_push=AQvitUIyKrCd-vW5l71wchJusjM7jvI7SmbKAPlrZ10Oz45lSB8A19yphLz91IkuXfGsr1OMmbDVFHgtwOB1LHuCas-dxDl835Ee&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIyKrCd-vW5l71wchJusjM7jvI7SmbKAPlrZ10Oz45lSB8A19yphLz91IkuXfGsr1OMmbDVFHgtwOB1LHuCas-dxDl835Ee&google_hm=lCb76YrCwuMdC0Ei0A1OfQ==

170 B
188 B

39ms
39ms

Image
image/png

172.217.23.98

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIyKrCd-vW5l71wchJusjM7jvI7SmbKAPlrZ10Oz45lSB8A19yphLz91IkuXfGsr1OMmbDVFHgtwOB1LHuCas-dxDl835Ee&google_hm=lCb76YrCwuMdC0Ei0A1OfQ==

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:03 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIyKrCd-vW5l71wchJusjM7jvI7SmbKAPlrZ10Oz45lSB8A19yphLz91IkuXfGsr1OMmbDVFHgtwOB1LHuCas-dxDl835Ee&google_hm=lCb76YrCwuMdC0Ei0A1OfQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: a9jejl2tbu82iiksvcl51svjk0ur1e07

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5A23
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1ANmh1iYRxCja2FVI2UF-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

40ms
39ms

Image
image/png

172.217.23.98

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1ANmh1iYRxCja2FVI2UF-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUInjUdmKMB-VTP1hAQPYOuwqAvamRr8TUTrKWcHZ2SqoGJ_CIdf0P-l6r-E6WZIECb_lfxUjAPDa-vEK9Q3_9dG0xCijGI

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1ANmh1iYRxCja2FVI2UF-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUInjUdmKMB-VTP1hAQPYOuwqAvamRr8TUTrKWcHZ2SqoGJ_CIdf0P-l6r-E6WZIECb_lfxUjAPDa-vEK9Q3_9dG0xCijGI
date: Thu, 27 May 2021 13:11:03 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5A23
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAD1QzOVkf2B5OaLbjKUKa8&google_cver=1&google_push=AQvitUKuYpGNQu7nUlOn8QHt-KJl-n9vgOjBSPoB4VSaOY7SteFcwJ_j3qDw9O3Bh8lSYwefXCC...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A2WDAwMEQtWC00SDVB&google_push=AQvitUKuYpGNQu7nUlOn8QHt-KJl-n9vgOjBSPoB4VSaOY7SteFcwJ_j3qDw9O3Bh8lSYwefXCCp2nI3dU7gGw5mrnRUwlYYp8M

170 B
188 B

39ms
39ms

Image
image/png

172.217.23.98

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A2WDAwMEQtWC00SDVB&google_push=AQvitUKuYpGNQu7nUlOn8QHt-KJl-n9vgOjBSPoB4VSaOY7SteFcwJ_j3qDw9O3Bh8lSYwefXCCp2nI3dU7gGw5mrnRUwlYYp8M

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A2WDAwMEQtWC00SDVB&google_push=AQvitUKuYpGNQu7nUlOn8QHt-KJl-n9vgOjBSPoB4VSaOY7SteFcwJ_j3qDw9O3Bh8lSYwefXCCp2nI3dU7gGw5mrnRUwlYYp8M
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 5A23
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw&google_push=AQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5A23
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEKE2Flzct8DzNIRBKtPAYTE&google_cver=1&google_push=AQvitULqO9Jr0e4JNwCFua6Y...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitULqO9Jr0e4JNwCFua6Y8G9AkCuqE0XyxgHRBLCZKHH4OhPjKXq_ygmGQppWrtNtrQYQ44_ieYciOAZlY-G27PIFCS7gLGVkRA&google_hm=

170 B
188 B

39ms
39ms

Image
image/png

172.217.23.98

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitULqO9Jr0e4JNwCFua6Y8G9AkCuqE0XyxgHRBLCZKHH4OhPjKXq_ygmGQppWrtNtrQYQ44_ieYciOAZlY-G27PIFCS7gLGVkRA&google_hm=

Requested by

Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:04 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitULqO9Jr0e4JNwCFua6Y8G9AkCuqE0XyxgHRBLCZKHH4OhPjKXq_ygmGQppWrtNtrQYQ44_ieYciOAZlY-G27PIFCS7gLGVkRA&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Wed, 26 May 2021 13:11:04 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 5A23 0
236 B 118ms
37ms Image
text/html 172.217.23.98

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IhitUZp4DIMnapohSKqYGzw2WU8bQhOSbGJ6JNtK5a-yjYS9xTj2Lsf8UAQ9NM8pFPa7LiQw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:04 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1

200
OK

jot.html Show response
platform.twitter.com/ Frame 9FC5
Redirect Chain

https://syndication.twitter.com/i/jot
https://platform.twitter.com/jot.html

80 B
570 B

6ms
6ms

Document
text/html

2606:2800:234:59:254c:406:2366:268c

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/jot.html
Requested by: Host: xn--m9jp9mi8fra1016gid0b.net
URL: https://xn--m9jp9mi8fra1016gid0b.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN (),
Reverse DNS
Software: ECS (frb/67F3) /
Resource Hash: 90214d135602962e47ea9587a7eeb62fac1c64a541e373ea76e2b4e8b33e3f88

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
Origin: https://xn--m9jp9mi8fra1016gid0b.net
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 53398
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 27 May 2021 13:11:04 GMT
Etag: "d9592a6c704736fa4da218d4357976dd"
Last-Modified: Wed, 28 Apr 2021 17:57:32 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67F3)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 80

Redirect headers

date: Thu, 27 May 2021 13:11:04 GMT
pragma: no-cache
server: tsa_o
status: 302 Found
expires: Tue, 31 Mar 1981 05:00:00 GMT
location: https://platform.twitter.com/jot.html
content-type: text/html;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Thu, 27 May 2021 13:11:04 GMT
x-transaction: f1235011114a2477
content-length: 0
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
x-connection-hash: 7bb280339711b11d568a2881511f0d89df18b4389addada4f6dc89096481bf22

GET
H3-29 200 HZvw8QdJrJJXuJ48IXlV8VF-H8RHnxePCtakS6ABBeA.js Show response
pagead2.googlesyndication.com/bg/ Frame 3E18 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HZvw8QdJrJJXuJ48IXlV8VF-H8RHnxePCtakS6ABBeA.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1d9bf0f10749ac9257b89e3c217955f1517e1fc4479f178f0ad6a44ba00105e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:11:56 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 11:28:00 GMT
server: sffe
age: 212348
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
expires: Wed, 25 May 2022 02:11:56 GMT

GET
H/1.1 200
OK request_content.php Show response
hal90009.redintelligence.net/ Frame BCFE 3 KB
2 KB 103ms
35ms Document
text/html 138.201.63.149

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90009.redintelligence.net/request_content.php?s=16121600137314902179201011607009&a=c6a1e9dd
Requested by: Host: hal90009.redintelligence.net
URL: https://hal90009.redintelligence.net/request.php?zone=tojuhhm84f1g&nw=20&renderingType=javascript&namespace=4bbc9124e9&subid=&uid=6b29fce8fa1bb1f9&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D5004167035727989250%26mt_id%3D8675608%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D429a60af-9a67-4801-a6d5-859c91b877f0%26mt_cid%3D429a60af-9a67-4801-a6d5-859c91b877f0%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCwyTRZ5qvYLC4Moa0twfC_YH4Ds-HjptcwIbZgsYCwI23ARABIABglQKCARdjYS1wdWItMzAwMTk2ODgwNDY1NDc4NcgBCagDAaoEzQFP0JPADDvHI3fCv1P59cB-pD99DZ-qv3cDUkY0hlZsptA1KiampmcZfzM23LhAfmsADRUnAP0YRTm923mkuN0Ne5fLYQE6153_Luun_xXjhUt_bYI6pKCNxqYFB7aAm4lofkekv-MYO_TnnwfcX7jB9Y5daQrWfj34a9GFDObiPsEp9xlLwFahc2nVx7Fvz0jiRTGtaRvtaT8YqS1Zcz-AUCJuKTM_zrl3e66qraOoB0lRjovGZ9kItn4bAIS959HFIqTNpKjeA9F9UKnXgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0jAEbGdo6_X6QsVOAsCOwyYTUnnA%2526client%253Dca-pub-3001968804654785%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-3001968804654785%26output%3Dhtml%26h%3D600%26slotname%3D8412015728%26adk%3D3975475001%26adf%3D1919225299%26pi%3Dt.ma~as.8412015728%26w%3D219%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1622121063%26rafmt%3D4%26psa%3D0%26format%3D219x600%26url%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252F%26flash%3D0%26fwr%3D0%26rpe%3D1%26resp_fmts%3D4%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdXQ..%26dt%3D1622121063501%26bpp%3D43%26bdt%3D1354%26idt%3D295%26shv%3Dr20210524%26cbv%3D%252Fr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C666x280%252C666x280%252C666x280%252C666x399%26nras%3D1%26correlator%3D7377409692150%26frm%3D20%26pv%3D1%26ga_vid%3D838000433.1622121063%26ga_sid%3D1622121064%26ga_hid%3D15458963%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D1057%26ady%3D1189%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D42530671%252C31060957%26oid%3D3%26pvsid%3D3394013324203522%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CoeE%257C%26abl%3DCS%26pfx%3D0%26cms%3D2%26fu%3D128%26bc%3D31%26ifi%3D6%26uci%3Da!6%26fsb%3D1%26xpc%3DiH17qFM3Pe%26p%3Dhttps%253A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%26dtd%3D302&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net&random=2682362970106&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.149 Lingenfeld, Germany, ASN (),
Reverse DNS: static.149.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 6b96df0c917064c393e7f758d86018e313a013590c77ecb81af56df2988cb87b

Request headers

Host: hal90009.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 8lcfmzhxc8d6_uid=c5a9f70b854db52b
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

Date: Thu, 27 May 2021 13:11:04 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Thu, 27 May 2021 14:11:04 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1337
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 1D01 43 B
704 B 132ms
67ms Image
image/gif 104.111.239.217

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2846679&v=14098&q=409715&r=296283&pref1=16121600137314902179201011607009&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN (),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 27 May 2021 13:11:04 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2955 1 KB
749 B 6ms
5ms Document
text/html 2a00:1450:4001:809::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 27 May 2021 03:14:09 GMT
expires: Fri, 28 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 35815
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 1D01 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cbed4a513f9060a4f85a9b709937a8831da0331958984fc0ceb7d1232391cec7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame 2955 35 B
210 B 13ms
9ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEONdOMJ7Um65qk-s9IAso0E&google_cver=1&google_push=AQvitUJPGwVwLl2G9k2NqT1pHnv__s5WyfpqyZ0nqjcSq0L1ksAjieqbS5t8Y1pT7nOwUeAeI-Hff_PudqzxkSes1P53Jf2IHe-C

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN (),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:04 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2955
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUL5KLMTpmsMeKKoPjDVWgz3NV5x1J49MPFJLKM...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtAYWFBQUFCQ3pXWG5DUQ&google_push=AQvitUL5KLMTpmsMeKKoPjDVWgz3NV5x1J49MPFJLKMER_DWzg_rYlVpraDMxeNvd1AjxsXzEJ1VNtm2lUGGoEE4zqR6S9-0G0MM

170 B
188 B

38ms
38ms

Image
image/png

172.217.23.98

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtAYWFBQUFCQ3pXWG5DUQ&google_push=AQvitUL5KLMTpmsMeKKoPjDVWgz3NV5x1J49MPFJLKMER_DWzg_rYlVpraDMxeNvd1AjxsXzEJ1VNtm2lUGGoEE4zqR6S9-0G0MM

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtAYWFBQUFCQ3pXWG5DUQ&google_push=AQvitUL5KLMTpmsMeKKoPjDVWgz3NV5x1J49MPFJLKMER_DWzg_rYlVpraDMxeNvd1AjxsXzEJ1VNtm2lUGGoEE4zqR6S9-0G0MM
Date: Thu, 27 May 2021 13:11:04 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2955
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEN15AulxAUQCeGNIEU-3UmI&google_cver=1&google_push=AQvitUKVqHXSrI5RkyxPAI_MxqR4NOjkkDIJfuRm3kelYyIYQjU3DbB8TDUvnZPgCM9Ny0lDkOdxPZsa0m3PIZBE4lZET4IKj3m2
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUKVqHXSrI5RkyxPAI_MxqR4NOjkkDIJfuRm3kelYyIYQjU3DbB8TDUvnZPgCM9Ny0lDkOdxPZsa0m3PIZBE4lZET4IKj3m2&google_hm=Q0FFU0VOMTVBdWx4QVVRQ...

170 B
188 B

39ms
38ms

Image
image/png

172.217.23.98

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUKVqHXSrI5RkyxPAI_MxqR4NOjkkDIJfuRm3kelYyIYQjU3DbB8TDUvnZPgCM9Ny0lDkOdxPZsa0m3PIZBE4lZET4IKj3m2&google_hm=Q0FFU0VOMTVBdWx4QVVRQ2VHTklFVS0zVW1J

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 27 May 2021 13:11:04 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUKVqHXSrI5RkyxPAI_MxqR4NOjkkDIJfuRm3kelYyIYQjU3DbB8TDUvnZPgCM9Ny0lDkOdxPZsa0m3PIZBE4lZET4IKj3m2&google_hm=Q0FFU0VOMTVBdWx4QVVRQ2VHTklFVS0zVW1J
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2955
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESECHjJ6sPDTXGyWu5Sl-yUYg&google_cver=1&google_push=AQvitUIzVYYooN7jI4u67ySeCChNCeXNl5Mfb5gVE2BxZVlgHgAzlcfinmSylpcBpMlakD8Bh5d9JqLQ3KUNL9zwqHI3ih889Xs5
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIzVYYooN7jI4u67ySeCChNCeXNl5Mfb5gVE2BxZVlgHgAzlcfinmSylpcBpMlakD8Bh5d9JqLQ3KUNL9zwqHI3ih889Xs5&google_hm=lCb76YrCwuMdC0Ei0A1OfQ==

170 B
188 B

42ms
40ms

Image
image/png

172.217.23.98

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIzVYYooN7jI4u67ySeCChNCeXNl5Mfb5gVE2BxZVlgHgAzlcfinmSylpcBpMlakD8Bh5d9JqLQ3KUNL9zwqHI3ih889Xs5&google_hm=lCb76YrCwuMdC0Ei0A1OfQ==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:04 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIzVYYooN7jI4u67ySeCChNCeXNl5Mfb5gVE2BxZVlgHgAzlcfinmSylpcBpMlakD8Bh5d9JqLQ3KUNL9zwqHI3ih889Xs5&google_hm=lCb76YrCwuMdC0Ei0A1OfQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 3jp22baeg1srpnad66l35f1p44l5m23s

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2955
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1ANmh1iYRxCja2FVI2UF-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

43ms
43ms

Image
image/png

172.217.23.98

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1ANmh1iYRxCja2FVI2UF-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUI-hKWU3uEE54PYgs8ac-VjI18S400G1EkyGqtq3O5OgMlc_BmFMsX2BjjSN4Aoh8nswcIhuVvyusrv4mO7KD96aUl9uMNP

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1ANmh1iYRxCja2FVI2UF-w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUI-hKWU3uEE54PYgs8ac-VjI18S400G1EkyGqtq3O5OgMlc_BmFMsX2BjjSN4Aoh8nswcIhuVvyusrv4mO7KD96aUl9uMNP
date: Thu, 27 May 2021 13:11:04 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2955
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBhQXofN8uuTgX5yyx-9_n4&google_cver=1&google_push=AQvitUIeTV4zNkna-8r66os09T4gcC1ZHWFAoQ5H9WmKrXUvjyQ7atX6JcryN0iSqX759Sry9Ou...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A2WDAwMkktMUEtRjNBSw==&google_push=AQvitUIeTV4zNkna-8r66os09T4gcC1ZHWFAoQ5H9WmKrXUvjyQ7atX6JcryN0iSqX759Sry9Ou1_TZpQ906swd3p3dqKhYa7zBt

170 B
188 B

39ms
39ms

Image
image/png

172.217.23.98

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A2WDAwMkktMUEtRjNBSw==&google_push=AQvitUIeTV4zNkna-8r66os09T4gcC1ZHWFAoQ5H9WmKrXUvjyQ7atX6JcryN0iSqX759Sry9Ou1_TZpQ906swd3p3dqKhYa7zBt

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A2WDAwMkktMUEtRjNBSw==&google_push=AQvitUIeTV4zNkna-8r66os09T4gcC1ZHWFAoQ5H9WmKrXUvjyQ7atX6JcryN0iSqX759Sry9Ou1_TZpQ906swd3p3dqKhYa7zBt
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 2955
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc...

0
0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 2955 0
12 B 38ms
36ms Image
text/html 172.217.23.98

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JSdRvg1019pnmXZknqrAa_NDVhHHeI6yPu5na6s4Q8VSK6ALUuL9KgsV6tw4KivLSwJwtK

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN (),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:04 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1

200
OK

kl_kis_160x600px.jpg
cdn.contentspread.net/24i/advertiser/3839/creativesup/ Frame BCFE
Redirect Chain

https://www.awin1.com/cshow.php?s=2846679&v=14098&q=409715&r=296283&pref1=16121600137314902179201011607009&pv=0
https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kis_160x600px.jpg

37 KB
37 KB

146ms
51ms

Image
image/jpeg

54.36.108.3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kis_160x600px.jpg
Requested by: Host: hal90009.redintelligence.net
URL: https://hal90009.redintelligence.net/request_content.php?s=16121600137314902179201011607009&a=c6a1e9dd
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 54.36.108.3 , France, ASN (),
Reverse DNS: ns3112796.ip-54-36-108.eu
Software: nginx /
Resource Hash: fd5b911c1009c6ac2de1c897afe02381a0b7aacbca10d70c589239c03f03e0cf

Request headers

Referer: https://hal90009.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 27 May 2021 13:06:00 GMT
Last-Modified: Mon, 29 Mar 2021 07:44:27 GMT
Server: nginx
ETag: "6061855b-936d"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 37741

Redirect headers

Date: Thu, 27 May 2021 13:11:04 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kis_160x600px.jpg
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK viewability Show response
hal90009.redintelligence.net/ Frame BCFE 0
150 B 112ms
38ms Script
text/html 138.201.63.149

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90009.redintelligence.net/viewability?s=16121600137314902179201011607009&a=258c15ac&vb=m
Requested by: Host: hal90009.redintelligence.net
URL: https://hal90009.redintelligence.net/request_content.php?s=16121600137314902179201011607009&a=c6a1e9dd
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.149 Lingenfeld, Germany, ASN (),
Reverse DNS: static.149.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal90009.redintelligence.net/request_content.php?s=16121600137314902179201011607009&a=c6a1e9dd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 27 May 2021 13:11:04 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame BCFE 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/24i/tools/js/ Frame BCFE 851 B
1 KB 128ms
30ms Script
application/javascript 54.36.108.3

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/24i/tools/js/addDoubleBorder.js
Requested by: Host: hal90009.redintelligence.net
URL: https://hal90009.redintelligence.net/request_content.php?s=16121600137314902179201011607009&a=c6a1e9dd
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 54.36.108.3 , France, ASN (),
Reverse DNS: ns3112796.ip-54-36-108.eu
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

Referer: https://hal90009.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 27 May 2021 13:06:00 GMT
Last-Modified: Tue, 03 May 2016 20:54:50 GMT
Server: nginx
ETag: "5729101a-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 19ms
19ms XHR
application/json 2a00:1450:4001:809::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210524&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

73e77109e52b8c4f943cbf277375e551cc62d04b45237c943a1ccd295242311f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 27 May 2021 13:11:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8244
x-xss-protection: 0

GET
H2 200 like.php Show response
www.facebook.com/plugins/ Frame B079 44 KB
16 KB 107ms
106ms Document
text/html 2a03:2880:f130:83:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df300f6c3cc656b4%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e3%2583%2581%25e3%2583%25a7%25e3%2582%25b3%25e3%2583%2581%25e3%2583%2583%25e3%2582%25af%25e3%2583%259b%25e3%2583%25af%25e3%2582%25a4%25e3%2583%2588.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/ja_JP/all.js?hash=dec8c7babd099aee209dfe36f9b7df8f&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN (),

Reverse DNS

Software

Resource Hash

1bee1fae2e966f496709f3248680a938d74e76314a6d5d88454dfcc1296a51c3

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df300f6c3cc656b4%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e3%2583%2581%25e3%2583%25a7%25e3%2582%25b3%25e3%2583%2581%25e3%2583%2583%25e3%2582%25af%25e3%2583%259b%25e3%2583%25af%25e3%2582%25a4%25e3%2583%2588.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

cache-control: private, no-cache, no-store, must-revalidate
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
cross-origin-opener-policy-report-only: same-origin-allow-popups;report-to="coop_report"
x-xss-protection: 0
content-encoding: br
x-content-type-options: nosniff
report-to: {"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}
strict-transport-security: max-age=15552000; preload
expires: Sat, 01 Jan 2000 00:00:00 GMT
vary: Accept-Encoding
pragma: no-cache
x-fb-rlafr: 0
content-type: text/html; charset="utf-8"
x-fb-debug: anE07VEro6z1VPAbvrCofkzw4NVmggMNVphXPy3xcz2QL/DOJ5g+GicBx2S5yVn3GylTmwRMNLkHX3/dNtn7/Q==
date: Thu, 27 May 2021 13:11:05 GMT
priority: u=3,i
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H2 200 like.php Show response
www.facebook.com/plugins/ Frame 6EAD 44 KB
15 KB 119ms
118ms Document
text/html 2a03:2880:f130:83:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df18037ce209179c%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e6%25a0%25bd%25e5%259f%25b9-qa%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4-%25e8%2582%25b2%25e3%2581%25a6%25e3%2582%2584%25e3%2581%2599%25e3%2581%2584%25ef%25bc%259f.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/ja_JP/all.js?hash=dec8c7babd099aee209dfe36f9b7df8f&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN (),

Reverse DNS

Software

Resource Hash

be73b2dd626d35a48ff1b6de35ab7851ed407e8f4aa492938ff4b2dc77d5f35a

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df18037ce209179c%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e6%25a0%25bd%25e5%259f%25b9-qa%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4-%25e8%2582%25b2%25e3%2581%25a6%25e3%2582%2584%25e3%2581%2599%25e3%2581%2584%25ef%25bc%259f.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

cache-control: private, no-cache, no-store, must-revalidate
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
cross-origin-opener-policy-report-only: same-origin-allow-popups;report-to="coop_report"
x-xss-protection: 0
content-encoding: br
x-content-type-options: nosniff
report-to: {"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}
strict-transport-security: max-age=15552000; preload
expires: Sat, 01 Jan 2000 00:00:00 GMT
vary: Accept-Encoding
pragma: no-cache
x-fb-rlafr: 0
content-type: text/html; charset="utf-8"
x-fb-debug: JwAJlyto9SyrtfJtNkHAoo2GPJE/Ve4EDsOEvsuzD127ds+8sY1X4/Z3sxtepAntZp7wgm++PCQ7/9RGyCw5og==
date: Thu, 27 May 2021 13:11:05 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H2 200 like.php Show response
www.facebook.com/plugins/ Frame 03FB 43 KB
15 KB 122ms
121ms Document
text/html 2a03:2880:f130:83:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df29e6c80311207%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e5%2588%259d%25e6%2581%258b.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/ja_JP/all.js?hash=dec8c7babd099aee209dfe36f9b7df8f&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN (),

Reverse DNS

Software

Resource Hash

8a93dee8cd669ae3e4110e2ece5d12ee452f3c8a6a1ca7bfa1220ecddc9b3f05

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df29e6c80311207%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e5%2588%259d%25e6%2581%258b.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

cache-control: private, no-cache, no-store, must-revalidate
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
cross-origin-opener-policy-report-only: same-origin-allow-popups;report-to="coop_report"
x-xss-protection: 0
content-encoding: br
x-content-type-options: nosniff
report-to: {"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}
strict-transport-security: max-age=15552000; preload
expires: Sat, 01 Jan 2000 00:00:00 GMT
vary: Accept-Encoding
pragma: no-cache
x-fb-rlafr: 0
content-type: text/html; charset="utf-8"
x-fb-debug: DFVw2SQXipKqZGj60sq4yeDKKKBm6DBhSVFCHCFv1fo+LLCTdqk9xiodSnXAFKECmLLQwiK5PWLJBc9vZWpP+w==
date: Thu, 27 May 2021 13:11:05 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:11:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Thu, 27 May 2021 13:11:05 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame A221 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Thu, 27 May 2021 13:04:01 GMT
expires: Fri, 27 May 2022 13:04:01 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 424
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E186 783 B
536 B 17ms
16ms Document
text/html 2a00:1450:4001:809::2004

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

GSE /

Resource Hash

0bfdf00408c65458ac0943e44299ec00545b1a8a0fec9dfd43ac770ef15af32d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-LcTjv4txx9bOcBQiD7U6kA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://xn--m9jp9mi8fra1016gid0b.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://xn--m9jp9mi8fra1016gid0b.net/

Response headers

expires: Thu, 27 May 2021 13:11:05 GMT
date: Thu, 27 May 2021 13:11:05 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-LcTjv4txx9bOcBQiD7U6kA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 HZvw8QdJrJJXuJ48IXlV8VF-H8RHnxePCtakS6ABBeA.js Show response
pagead2.googlesyndication.com/bg/ Frame A221 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HZvw8QdJrJJXuJ48IXlV8VF-H8RHnxePCtakS6ABBeA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1d9bf0f10749ac9257b89e3c217955f1517e1fc4479f178f0ad6a44ba00105e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 02:11:56 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 11:28:00 GMT
server: sffe
age: 212349
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
expires: Wed, 25 May 2022 02:11:56 GMT

GET
H3-29 200 OqOE21UvWe3.png
www.facebook.com/rsrc.php/v3/y5/r/ Frame B079 400 B
449 B 16ms
15ms Image
image/png 2a03:2880:f130:83:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/rsrc.php/v3/y5/r/OqOE21UvWe3.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df300f6c3cc656b4%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e3%2583%2581%25e3%2583%25a7%25e3%2582%25b3%25e3%2583%2581%25e3%2583%2583%25e3%2582%25af%25e3%2583%259b%25e3%2583%25af%25e3%2582%25a4%25e3%2583%2588.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN (),

Reverse DNS

Software

Resource Hash

ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df300f6c3cc656b4%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e3%2583%2581%25e3%2583%25a7%25e3%2582%25b3%25e3%2583%2581%25e3%2583%2583%25e3%2582%25af%25e3%2583%259b%25e3%2583%25af%25e3%2582%25a4%25e3%2583%2588.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fb-debug: aQEf/nGcYNWQto3FbuE6japJp8guod4Sg0UiojLEQPaFi2Copyc42yH+wgUrToU1TZGPBM1Gy+sQmebFEIBx4g==
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: uF0RL4E+h23ClLQmPOTTMw==
date: Wed, 26 May 2021 01:53:26 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
priority: u=3,i
timing-allow-origin: *
content-length: 400
x-fb-rlafr: 0
expires: Thu, 26 May 2022 01:53:26 GMT

GET
H3-29 200 CjyJI7Lxy_o.js Show response
www.facebook.com/rsrc.php/v3irB34/yJ/l/ja_JP/ Frame B079 505 KB
132 KB 18ms
17ms XHR
application/x-javascript 2a03:2880:f130:83:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3irB34/yJ/l/ja_JP/CjyJI7Lxy_o.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN (),

Reverse DNS

Software

Resource Hash

2bae2a8543180f3bd963c0f0c7acddfb931c00e18243d4171af4131bdb7191b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df300f6c3cc656b4%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e3%2583%2581%25e3%2583%25a7%25e3%2582%25b3%25e3%2583%2581%25e3%2583%2583%25e3%2582%25af%25e3%2583%259b%25e3%2583%25af%25e3%2582%25a4%25e3%2583%2588.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 01:26:27 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: lvct8VVLadBD9d15MzBQ1g==
cross-origin-resource-policy: cross-origin
content-length: 135334
x-fb-rlafr: 0
x-fb-debug: Y05yc5u6b5RTw9RbfLSJepj44v6Fx9QFhWE9DPAHges5Dgg4YxFw1NWLnKxVFqU4vqeKTZ5h/HUfGFfd9leXww==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 27 May 2022 01:26:27 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 54EB 42 B
64 B 41ms
40ms Fetch
image/gif 2a00:1450:4001:809::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsta1RCdzrMI7FnL9gNm0zFoxoE1TDsn8jJnrAucqSU3PtxBuabjLKtWEL2jYIVskymKMlTvSoJk2TAOkyRk2dUvNJnlUH_6asGjbx8cC8KLojhALImiugCQVLUzvg&sai=AMfl-YQala3Ffmv984F7qJwtFp1uXKmxrlkGKrZV-9uRGHV68b4kToqid0sLeG2SzCAmN5S4uophuuLclSMf&sig=Cg0ArKJSzBrO98GOvArBEAE&id=lidar2&mcvt=1004&p=985,336,1157,1002&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20210526&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=3709907325&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1622121063688&dlt=395&rpt=70&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 OqOE21UvWe3.png
www.facebook.com/rsrc.php/v3/y5/r/ Frame 6EAD 400 B
449 B 15ms
15ms Image
image/png 2a03:2880:f130:83:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/rsrc.php/v3/y5/r/OqOE21UvWe3.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df18037ce209179c%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e6%25a0%25bd%25e5%259f%25b9-qa%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4-%25e8%2582%25b2%25e3%2581%25a6%25e3%2582%2584%25e3%2581%2599%25e3%2581%2584%25ef%25bc%259f.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN (),

Reverse DNS

Software

Resource Hash

ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df18037ce209179c%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e6%25a0%25bd%25e5%259f%25b9-qa%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4-%25e8%2582%25b2%25e3%2581%25a6%25e3%2582%2584%25e3%2581%2599%25e3%2581%2584%25ef%25bc%259f.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fb-debug: aQEf/nGcYNWQto3FbuE6japJp8guod4Sg0UiojLEQPaFi2Copyc42yH+wgUrToU1TZGPBM1Gy+sQmebFEIBx4g==
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: uF0RL4E+h23ClLQmPOTTMw==
date: Wed, 26 May 2021 01:53:26 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
priority: u=3,i
timing-allow-origin: *
content-length: 400
x-fb-rlafr: 0
expires: Thu, 26 May 2022 01:53:26 GMT

GET
H3-29 200 CjyJI7Lxy_o.js Show response
www.facebook.com/rsrc.php/v3irB34/yJ/l/ja_JP/ Frame 6EAD 505 KB
132 KB 16ms
15ms XHR
application/x-javascript 2a03:2880:f130:83:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3irB34/yJ/l/ja_JP/CjyJI7Lxy_o.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df18037ce209179c%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e6%25a0%25bd%25e5%259f%25b9-qa%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4-%25e8%2582%25b2%25e3%2581%25a6%25e3%2582%2584%25e3%2581%2599%25e3%2581%2584%25ef%25bc%259f.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN (),

Reverse DNS

Software

Resource Hash

2bae2a8543180f3bd963c0f0c7acddfb931c00e18243d4171af4131bdb7191b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df18037ce209179c%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e6%25a0%25bd%25e5%259f%25b9-qa%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4-%25e8%2582%25b2%25e3%2581%25a6%25e3%2582%2584%25e3%2581%2599%25e3%2581%2584%25ef%25bc%259f.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 01:26:27 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: lvct8VVLadBD9d15MzBQ1g==
cross-origin-resource-policy: cross-origin
content-length: 135334
x-fb-rlafr: 0
x-fb-debug: Y05yc5u6b5RTw9RbfLSJepj44v6Fx9QFhWE9DPAHges5Dgg4YxFw1NWLnKxVFqU4vqeKTZ5h/HUfGFfd9leXww==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 27 May 2022 01:26:27 GMT

GET
H3-29 200 OqOE21UvWe3.png
www.facebook.com/rsrc.php/v3/y5/r/ Frame 03FB 400 B
449 B 15ms
15ms Image
image/png 2a03:2880:f130:83:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/rsrc.php/v3/y5/r/OqOE21UvWe3.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df29e6c80311207%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e5%2588%259d%25e6%2581%258b.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN (),

Reverse DNS

Software

Resource Hash

ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df29e6c80311207%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e5%2588%259d%25e6%2581%258b.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fb-debug: aQEf/nGcYNWQto3FbuE6japJp8guod4Sg0UiojLEQPaFi2Copyc42yH+wgUrToU1TZGPBM1Gy+sQmebFEIBx4g==
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: uF0RL4E+h23ClLQmPOTTMw==
date: Wed, 26 May 2021 01:53:26 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
priority: u=3,i
timing-allow-origin: *
content-length: 400
x-fb-rlafr: 0
expires: Thu, 26 May 2022 01:53:26 GMT

GET
H3-29 200 CjyJI7Lxy_o.js Show response
www.facebook.com/rsrc.php/v3irB34/yJ/l/ja_JP/ Frame 03FB 505 KB
132 KB 16ms
15ms XHR
application/x-javascript 2a03:2880:f130:83:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3irB34/yJ/l/ja_JP/CjyJI7Lxy_o.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df29e6c80311207%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e5%2588%259d%25e6%2581%258b.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN (),

Reverse DNS

Software

Resource Hash

2bae2a8543180f3bd963c0f0c7acddfb931c00e18243d4171af4131bdb7191b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df29e6c80311207%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e5%2588%259d%25e6%2581%258b.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 01:26:27 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: lvct8VVLadBD9d15MzBQ1g==
cross-origin-resource-policy: cross-origin
content-length: 135334
x-fb-rlafr: 0
x-fb-debug: Y05yc5u6b5RTw9RbfLSJepj44v6Fx9QFhWE9DPAHges5Dgg4YxFw1NWLnKxVFqU4vqeKTZ5h/HUfGFfd9leXww==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 27 May 2022 01:26:27 GMT

GET
H3-29 200 cavalry_endpoint.php
www.facebook.com/common/ Frame B079 67 B
97 B 48ms
48ms Image
image/png 2a03:2880:f130:83:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/common/cavalry_endpoint.php?t_cstart=1622121065247&t_start=1622121065247&t_domcontent=1622121065285&t_layout=1622121065316&t_onload=1622121065316&t_paint=1622121065316&t_creport=1622121065316&t_tti=1622121065285&lid=6966956925896907664-0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN (),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com data: blob: 'self';script-src .facebook.com .fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com: attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df300f6c3cc656b4%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e3%2583%2581%25e3%2583%25a7%25e3%2582%25b3%25e3%2583%2581%25e3%2583%2583%25e3%2582%25af%25e3%2583%259b%25e3%2583%25af%25e3%2582%25a4%25e3%2583%2588.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: br
x-content-type-options: nosniff
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: i83HLv21R1S8MiCuQGs1yW6sTqwA/iY2PdZUTbe2OphPPYaXUurm4beCGZzqCkSUz4uRaKI7IQ3xeQYQzxz3QA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 27 May 2021 13:11:05 GMT
strict-transport-security: max-age=15552000; preload
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: image/png
vary: Accept-Encoding
cache-control: private, no-store, no-cache, must-revalidate
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:809::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210524&jk=3394013324203522&bg=!YGOlYyfNAAaMan2LjGo7ACkAdvg8WjpPL5PDQ50Yd0dYUTdeMNtbmkUxdDCngYf8THactiiiQDLYiQIAAABpUgAAAA5oAQcKALKwvIRZcVIZPSk0CW1pB2CFVmnPS-iLdoI1ewBo0Jw_o_iWOm37dbVsDTOKRW4Iwn-HlqKAwbtSH-UXCvn-0oX3Z7s9peUnNnR3rwGpztKxYnAlreL5rTx16WknNFSAX_Nwcsml9m2pOsNCtzYK7uKnkz0PX7poi62hoUlX-L968gK1puo28KAYtXwjONByt-CwR0iOAcHIGCkURo0vmwTgQlyhqOMJTeKVeFgHwhWsH1-imQJQO1ytc__rFN1y5C4vYzFLq8jz_OQVXl121vXZHz_DB3-2x1ubrkSUhVSetaPnmj14vKW51x8E9XEjObcYgoBV-zO3Zo9BB-ALMjlDwmRfPhigK80D7qZeTUyJ7yFRh82znrj6F8Zi6KHXFyK9JZhOoEj20sUCSHpzwVVQcDB6NYeKmo1p6z44b-p6nbUH-R_aiEIJ2F7sX86JHlVfPq4_I7TKKD6HI1pFcL4tmoXyiuJQQ-ppXLDwc9aX15n0iMjTh3DaxwnTVHY_XBtBSb_iFlrYwJenVMPMJF0zyyPYT29Emultdod-JTMujxDduurowLCiE50tyZdo84EwxXEwynHQa4F80xhVbsWG4XEHDFbEmSQ1rnZAhHbP5OPZp9hCUNke-Rb0ljkRwKohFbX8502iXRMQ31Rw5wU6yAUPzMfhszPLh2AH3Ewh6M-aNVdMYqLi7E_hvy48Fz6FS-fLCKlUg5FpvisAbPERh6QF5wBII7p--CmgMEercNGdoAMhIe11hf7sa_Ur_7Ifnm9l4C40QC5d44MQAHZGzyoPq6DZFo4mkQ5lMjcI2txbBpP7i_vDqGoOfUhXkdLPBYpw-8Pk4dPRyQckcm8QGPFn5BJj1sDSHowkleppc4wZWu0xOjdVoNk3fDlQwPjcGLvB3dCMnn_RufaAaNBRWXn9N4NHMOVEdFOjbIGEXcAfjvOpqtYeEuJ-M8I5MAvdF484GtmPfPmhNJ0py0gEzXZ9dfsqKfoiq3hX2J47btI3k154cWwV44M6s9ulZ1y32zxU2A

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn--m9jp9mi8fra1016gid0b.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 13:11:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 cavalry_endpoint.php
www.facebook.com/common/ Frame 6EAD 67 B
97 B 45ms
45ms Image
image/png 2a03:2880:f130:83:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/common/cavalry_endpoint.php?t_cstart=1622121065289&t_start=1622121065289&t_domcontent=1622121065303&t_layout=1622121065329&t_onload=1622121065329&t_paint=1622121065329&t_creport=1622121065329&t_tti=1622121065303&lid=6966956925278525502-0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN (),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com data: blob: 'self';script-src .facebook.com .fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com: attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df18037ce209179c%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e6%25a0%25bd%25e5%259f%25b9-qa%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4-%25e8%2582%25b2%25e3%2581%25a6%25e3%2582%2584%25e3%2581%2599%25e3%2581%2584%25ef%25bc%259f.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: br
x-content-type-options: nosniff
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: v/wj3L/1NluQOEem1/fMQV6q0b3POULtD/QJMoRVP0wzRfGTv/s7CXcWiJwn1QuqLK83I9uSnn9jdPjD93zVlg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 27 May 2021 13:11:05 GMT
strict-transport-security: max-age=15552000; preload
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: image/png
vary: Accept-Encoding
cache-control: private, no-store, no-cache, must-revalidate
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 cavalry_endpoint.php
www.facebook.com/common/ Frame 03FB 67 B
97 B 46ms
46ms Image
image/png 2a03:2880:f130:83:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/common/cavalry_endpoint.php?t_cstart=1622121065292&t_start=1622121065292&t_domcontent=1622121065307&t_layout=1622121065331&t_onload=1622121065331&t_paint=1622121065331&t_creport=1622121065331&t_tti=1622121065307&lid=6966956924729468970-0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN (),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com data: blob: 'self';script-src .facebook.com .fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com: attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df29e6c80311207%26domain%3Dxn--m9jp9mi8fra1016gid0b.net%26origin%3Dhttps%253A%252F%252Fxn--m9jp9mi8fra1016gid0b.net%252Ff26b918dd23ba4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fxn--m9jp9mi8fra1016gid0b.net%2F%25e3%2582%25a2%25e3%2582%25b8%25e3%2582%25b5%25e3%2582%25a4%25e3%2581%25ae%25e7%25a8%25ae%25e9%25a1%259e%2F%25e5%2588%259d%25e6%2581%258b.html&layout=button_count&locale=ja_JP&sdk=joey&send=false&show_faces=false&width=200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: br
x-content-type-options: nosniff
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: oo1hBM3yTq/sCnUTOrjZiDrEf7UKMfOTacMkr0+DQn+yLZCNsGRBwbICtOqjmzEMrlpZql3geUUuj+ZkXNGuNQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 27 May 2021 13:11:05 GMT
strict-transport-security: max-age=15552000; preload
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: image/png
vary: Accept-Encoding
cache-control: private, no-store, no-cache, must-revalidate
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUJDHkr1V9hPK7dNII63NBHjFhUPTXbvbI5ZGuv4ip0S5JQAS0Zmyx0fShGVGL2e8kZUJO8xYtlTTl5XoPHzNp-_DXABZNOT&google_cver=1&google_gid=CAESEAx0scEKxGOAzF8_q-FjvSw

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YK-aaImywDKFZmDC605VMQAABLsAAAAB&google_push=AQvitUK36ZJVulxexrJTVs-q_ToNon0UHZbbPZ5Rll2vhdgAEuI738mlsWoeoFFqX6tfpFpDgs_i2JJtNZYiyIA-Pc-QW2NxCHjF&google_cver=1&google_gid=CAESECsVBAa6FAW6lcuduGxlsEo

Verdicts & Comments Add Verdict or Comment

111 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.redintelligence.net/	1970-01-19 20:44:57	Name: 8lcfmzhxc8d6_uid Value: c5a9f70b854db52b
.doubleclick.net/	1970-01-19 18:35:24	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 03:56:57	Name: IDE Value: AHWqTUlKy1bkEI4kWWSwbNIpSFTq6K7sZCrXz6Jzo9493_74e8rfMxBnmex92V8PmXM

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://xn--m9jp9mi8fra1016gid0b.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
apis.google.com
b.blogmura.com
b.hatena.ne.jp
b.st-hatena.com
blog.with2.net
cdn.contentspread.net
cm.g.doubleclick.net
cms.quantserve.com
code.jquery.com
connect.facebook.net
d.agkn.com
encrypted-tbn1.gstatic.com
encrypted-tbn2.gstatic.com
encrypted-tbn3.gstatic.com
flower.blogmura.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
hal9000.redintelligence.net
hal90009.redintelligence.net
i0.wp.com
i1.wp.com
i2.wp.com
image6.pubmatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.mathtag.com
pixel.rubiconproject.com
pixel.wp.com
platform.twitter.com
rtb.openx.net
s0.wp.com
ssl.gstatic.com
stats.g.doubleclick.net
stats.wp.com
syndication.twitter.com
tags.mathtag.com
tpc.googlesyndication.com
www.awin1.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.gstatic.com
xn--m9jp9mi8fra1016gid0b.net
cm.g.doubleclick.net
104.111.239.217
104.244.42.136
13.224.195.17
13.226.159.42
13.226.159.91
136.243.149.243
138.201.63.149
142.250.181.226
153.120.49.76
172.217.23.98
18.195.172.136
183.90.238.38
185.29.133.199
185.64.190.78
192.0.76.3
192.0.77.2
192.0.77.32
2.18.233.201
2001:4de0:ac18::1:a:3b
2606:2800:234:59:254c:406:2366:268c
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1450:4001:800::200e
2a00:1450:4001:801::2002
2a00:1450:4001:801::200a
2a00:1450:4001:808::2002
2a00:1450:4001:809::2002
2a00:1450:4001:809::2003
2a00:1450:4001:809::2004
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::2003
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:812::200e
2a00:1450:4001:813::2001
2a00:1450:4001:827::2002
2a00:1450:4001:827::200e
2a00:1450:4001:829::2003
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::200d
2a00:1450:4001:830::2002
2a00:1450:4001:831::2003
2a00:1450:4001:831::200a
2a00:1450:4001:831::200e
2a00:1450:400c:c00::9a
2a03:2880:f030:13:face:b00c:0:3
2a03:2880:f130:83:face:b00c:0:25de
35.227.252.103
54.238.149.14
54.36.108.3
69.173.144.139
79.137.69.120
99.80.199.35
041cd8409312005124f459ea808587d620cdaeabd70bf272d6998555b0edb4fa
06c13db744463f6c195418a62a7f219a2f7fb02610627cced7d12caaa1f08463
06da78a3e63fff3af51db5988fdb0a2d605936612822d8edcb0815bee28cd80a
086afeb157771a7275f4f8d7be68e67011fb030b35eccc6ff9de2121291e3ddb
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0becb16a0f6308c6eb7e41a88febe3017500ed2ad403d8d3c1370d5f93bdc423
0bfdf00408c65458ac0943e44299ec00545b1a8a0fec9dfd43ac770ef15af32d
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0fda122942f39c62ebd2d1ac9de0cf6c6e4cefefb31eb86e39777f46c7ed5064
12875314ee2ddcc4d2a2fb04123d58952d2a04175805709e9a217ef87009c5e4
1389685bdb948b61ef7659b666a95f3d9d6180f1bd6275ffd0245fc2b09fe64d
15a61e52f7d97cf3cbbf8d52207f7eea402f643db44b38e02110f894f0a65492
170577c85e45e0480f5b6c9ae7870f547459efe808fff1d55f8cab5383a9c652
17860451b7c34c18fa957f1c282809bf1ddfd4315680d4816fcc15a08062650e
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1827c1f5a5efdb274086bf7e0aaa0d7f8baba8a793edec11c24afb7c0d24f1a3
1847d18f1fdfb8e4e57f215c821399cfdf680f2f1e90b5049cd12f33bf23db7e
187e5ab1d37aaa4779205fddec1d0bd632c73ba09db7590c8f79bc238557932f
1bee1fae2e966f496709f3248680a938d74e76314a6d5d88454dfcc1296a51c3
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1d9bf0f10749ac9257b89e3c217955f1517e1fc4479f178f0ad6a44ba00105e0
1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650
1e45ca14bc59eff23fa77a56b5a047910b4bb21832fb69ef9308c3e16caabbe4
1f5c6d02fc76fb03a20344484b5f6f7f2d46926ee6fb5bd42e46fdb9c8651c5b
230143c7f608c219bf74c4b298c1b7e548eb4e2b177354a354ca3458420a14cf
24361adc71aaade43c12ed409b98e263a08170fec8f948d9f4aa8a638f6db240
251283aeee079f4a9e5527b8ca613be54c4b36d755a1a44a99a7c9aa073613a8
26a80fc7a0273f9b1dc9654286a0cb955391a828b09eb04541c13ad6f235f998
2a52cb777fcdc19803ae6e1f2b3116abee1d4bd5d1a20099ef1c4cdc16227bf2
2bae2a8543180f3bd963c0f0c7acddfb931c00e18243d4171af4131bdb7191b5
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2d91679789e8dd39cea52232a4de3cb5ac3a45e882b310e844ef2ab0546e1363
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2fd86087ffe96e1c8d6602817635a56e8de6069ba16fdb9c76af8ec23def8dab
32691cdd576bc9ef3a500e0de9b468fd8638cd89d978fab7912cbc864a306b74
33baeb718e9e7702ced289cf7b741dce725669aaa897f11638fe824e89cd2b91
3ed7961b640cad3efd4a453277533d8f8c87368d0b46fde38fd5d8d7d9a7dea8
40e054e66bd00544bbe94f84ab2cb916beccbb74115d9412a31815427b8ac15f
419ed38c05ae1faa42723b80a53b7441984cecb4fa1eec819e11e29ad08b6d16
42a8c96eb6ee70d610080405c855a78b19fb7eef807a753681567afe3b91f16c
43fb0402bedc54f7d48e83bf34ebd376b4662dd9d79c8f28bfc89c79ad6a527c
4673ebe70a556c4cc907cc87271b8cfa491c397fcc8785a6da52ed03f4ad7b1b
475700259e64d480d1a70023e14741bb298a025e338bb608552e2472d4505a65
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
493c774a343778ffd0dd16e715f0c639cf1ccacdd8be1c10dc6d41efb5241043
49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381
4a3fa995039579e0ecb5ee278f9bad4dca2b2f4fa34ddefd7c12e17e14fa018e
4cc755a99349527933df50f5338a02d972da947a4c25f4a5309f4545ddc40ee1
4d097a0116293da844fdeeaa11f41dd941e511e6df699ff2195e8499de8a42fd
4f1ccc875370d854805f723592efc096334bde9a459e26e819c76673c8495421
5138d39633dc69fcd0ed7f33a5e38dc339123f682fa7f5242066879c2bbc8c9b
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
557a28b6b96a9d0122ccd963ef7f244b3af6137079e76f13e5a3f8def76f5324
5bc833e41fe24dd85a458b24cbf1b5924ab53530454c0cc7f730f3d5bf1c0ba7
5bd9ca2f57b6c388332dd095d8c9be87dc71c2e1b78b843515ae758fe05a1223
5be820a03fa6c936ada8f591e9ba5a9d42a8b7ac20209c3a7f8e27de397c6719
5df66831e6042706636f0229e278d8bb956ae50e09e1b7c49130a08733b61436
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3
61403f586e03ca26a4920ac368ecf4973ad46def79a1b46532f6bfc3d5573125
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
63b95f30f7acca927b8b311d787664106af1f08f628d39f100e6b41438f80dd4
647a6b36f3fd1f21bae171270111096b4613c23a47e6621628a51bae9c82b0b7
66503281fdad2cec090b988eb755fc220e78cd05f9681c79ae5da4601f05ebc0
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a
6b96df0c917064c393e7f758d86018e313a013590c77ecb81af56df2988cb87b
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
73e77109e52b8c4f943cbf277375e551cc62d04b45237c943a1ccd295242311f
75ccdf55dd7914e78df9b777b2e46b78bec1f105b00aff7d8d95eacd759279b8
77760d7f202b6173b466dbfffe1b9a36cdd3a1bdda38c289832a564f169abbe4
7d9b20df67e4fdb335a4e220496f6ed865678ad8a9528de7f4a03dc0561c7d72
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8592ee430b6c99b8c06872734c0a92008de5aa7c72ae58c44a4769ae2171aa91
85de04645b7b002937768e0fbad655103c8b53794d092c26a1e121886794a9af
896ef6a7b20a41d51c5ecdff06b13f4bda3f9c3d13f5279fa8208f3bf7ccfdc8
899dcf7138f61a53ca5f3efc0faa08eeb9f26c928f2535ee107f06edb0b7ddc8
89a979f9f9c8408f52c9390b1533ef41ca0e8f2541b02abdb56bf7386475a4a0
8a93dee8cd669ae3e4110e2ece5d12ee452f3c8a6a1ca7bfa1220ecddc9b3f05
8ac8403b25bd046c25821ac494770d24d884f3e196627c7c23e374ecda9c6a78
8bf46177550049608c87a277d04e58041d3e4896947ee05e5cff34e32682946c
8c7f19bc022cba6dcb91b345cbca1da09dc02899609304c871282b68eb0de13a
8d7401bef80e31a1aa3a2d1daab189dfba7f02a21e7cfef216e011f0c05a74da
8f359cea41f7e97a585f44c7c318c4f2314b2981060da1623e39d8d348ff9150
8ff47eb1f953376d34de66f8e75b913034a9ed88ca290bcff2b3c943e8ad821d
9010e5a841cf0acfb13facfaa2c3318bc8118020ec071d15de099eb9a628fd01
90214d135602962e47ea9587a7eeb62fac1c64a541e373ea76e2b4e8b33e3f88
93f7db9f4affea338b27775f3d5d1b667a609482229be16881751f3ad75a5490
9535a88a3e3d1cfae3cbcb5e511f4e2cc09d80c6e312708af388d18ff7c3d190
98b503e561abd8bd6f36e99d52a42baddf76b0f07f50d5a1d916c7595a4a5125
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c72c6fa4cc5eae9e3ccb121bb7586390b975fd9289345f1287c4c879b3f7689
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19
a4250e56da12e803b43d293e01604101acada973563c7c7ec7810a353ff7dd13
a49e6dc60c4b5070a82733ab756e2e50d8b12a32ced75a56f07e8c0738337fc9
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6cef3848ae7f5956dcab36c6fd62af7e2f3dcc0dc537b1fd1237f4603868393
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab3f982a1a88a14ca563f14cdea36500351db129dfe91fc4e134285d129cbd5a
abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107
ac7447dbe84475daef4044da17c5effe6b719390fe5823995e0182fdaf6a16db
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af80c5f740d87f23a4dfba032163da333d0726400e3e466498ec6db371cccbeb
b0e86f0faffad7b12833cd7c0222893e2b3a887a0c41fd864a5557ab1646d3ea
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1d498e3e12268c6a8b066ddb3468f90be4471748e97e4cebdd4d11d5dc55f2a
b22afdbbbfcf73cd99ffe6d477ab57e4d5061e4d06e5d6739bc19b99511e26b5
b38910ea1ebed994e063b4ccc8f851b7c74ab510ce95829840df90e7ae18d72b
b772252dd0fbf5ab9125fb8701b51227e7a13da7fed00a6f9faf4a9bd242eed7
be73b2dd626d35a48ff1b6de35ab7851ed407e8f4aa492938ff4b2dc77d5f35a
bea8ca18fc59dd9efc69075b87febbe8dfd2a4819e600cd6fd9b5da0df604e44
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c6961a4d4296ec402fe593fad1dc613d2a4afe369e19b245a1139e8addeef035
c6f0dd8206df9adfe84428c4f85f678b1a01270a8359bbeef265f69bd94560a4
c91eb84c03f861486dccd5c911f53732a9249b2a38c68bef09e1dcda1d073686
c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916
c9e035838df6f34590522efdc1c7eea18db61e1d0ad554831bf9014141d87e24
cbed4a513f9060a4f85a9b709937a8831da0331958984fc0ceb7d1232391cec7
cdedf25cf1c0cebc928b7c8740ebee87b139eb531d1fca6454c8d5cc328dcb62
cecced3759ead676c01a7fa67745175f258e1cf40bac53e54a958236c65180ed
cf34e1b87bbfd9d9b185dec994924a496e279d8dc9387ad8d35bc0110134c4d3
d16f204114d443f2c2de71364d97d0d2ccaba7c5ecbb03c36d9fa0d99771fa71
d1f4e4630b8d4801abc1ca32d1baf694bd570ee94a1c462fa2cd03dc0c95e016
d82367742a789f0618bd00083354a3df851fc894683e6a94e41123268ee99254
d92264da65d318e658fc1b2d8210382089ab290c8bade5b45e0a5b979ccc1374
dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139
dcd36419da7937e52754772f60380387c49f3243240a21f41ca6d87346f72a0e
ddbe53fbdf228359ca0cbce287c93bd5d381dc271605ae88635204eec016aa98
df401b0b87a9287a304dbef19b59a0abd05941a7346822ffde41475a1b4745e4
df6068c3f6c9e2b0636aab93e76e970992232b16720340cbaf021686b6b91e13
e05edf2ae58e3a9f1d2a84d32a8b216fd0aece46f527b58dcbce75255989ea88
e1da9a546b794dbbbe152839024bd4d82e5e93aad6ea737e1e10d5879f70ae46
e2f416a5766bd2c223b867900f3431fcfcbf2ff497bad3a1fe866ccfc9a00701
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e60c50fa59646d7f3f5f388c0ab2cf2bee2597780437470133f42fc8d5240425
e89a316ebf1c63ea09e2b7b5889fb55e1ffb326c7b2b172027da0948f5709f6a
e8ca9742cc9592619de7ebfd700d8c40a5c3cab2d1b16ca1a4d157b853176a5d
ea7d78206c963a79532e3fd4b12a1ca83a7e323237525f6009aa920598d1f5a0
ec2a96acb07f2aeded27bb5f70c80631535b7460526e371d8d0a1427a96a810a
ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b
eed8bbef503babc3cfd6bab171469830c476510a5c792363768cf4b9ec26718e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f01903b3070c311bb1d7b0368466b6138411ca2e876dba98b6ddc8501e359517
f0c6eea8eb9d725d46ac2bf600e1a6318358881b990a332fb7b1225c7e15a851
f32d41f2099a0be20e6b57c5e0d1b71c079d3e1345827b0f5c5b97c6e5e3f78d
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f5533dc1e890e99b74930d8f462d013ad2aeff9a6fb7f673ce6eba3deb107ae7
f5e3a2c67fa809ff28e25a52dfa078a0b3bb3f7431a564c64d88f3dd1ee5ca62
f5f389a626c93903925ea1ad5dfb0d1770efd8dc7abaece35dda70ee34533e1d
f5fa487416676288b5e92b1530f85fbc61d2875f4a74926affa77be11223cfe9
fa03170fd683d0784207a08315cfa8a9f83401c4fa6abfccc72a7cc02ee3dfab
fc184f96dd18794e204c41075a00923be7e8e568744231d74f2fdf8921f78d29
fd5454d70f20662294b9cd2fa1e7cd1e6bebf7e5ea4426259f6f538fa012753b
fd5b911c1009c6ac2de1c897afe02381a0b7aacbca10d70c589239c03f03e0cf
fdb7665251ed2d54963505f180dad86b307613ef25f1c63f6f896b22141562f8

xn--m9jp9mi8fra1016gid0b.net Open in urlscan Pro Puny アジサイの育て方.net IDN 183.90.238.38 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

227 Requests

99 %HTTPS

54 %IPv6

30 Domains

52 Subdomains

46 IPs

8 Countries

2617 kBTransfer

6450 kBSize

3 Cookies

13 Outgoing links

Page URL History

Redirected requests

227 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

xn--m9jp9mi8fra1016gid0b.net Open in urlscan Pro Puny
アジサイの育て方.net IDN
183.90.238.38 Public Scan

Screenshot
Live screenshot

Full Image

227
Requests

99 %
HTTPS

54 %
IPv6

30
Domains

52
Subdomains

46
IPs

8
Countries

2617 kB
Transfer

6450 kB
Size

3
Cookies

227 HTTP transactions
9 data transactions