timedopovo.tk Open in urlscan Pro
31.22.4.81 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://timedopovo.tk/
Submission Tags: krdtest
Submission: On June 25 via api (June 25th 2021, 11:53:13 am UTC) from JP

Summary HTTP 141 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 24 IPs in 3 countries across 18 domains to perform 141 HTTP transactions. The main IP is 31.22.4.81, located in Houghton-Le-Spring, United Kingdom and belongs to WILDCARD-AS Wildcard UK Limited, GB. The main domain is timedopovo.tk.
TLS certificate: Issued by R3 on June 20th 2021. Valid for: 3 months.

This is the only time timedopovo.tk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
28	31.22.4.81 31.22.4.81	34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited)
2	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
16 16	185.59.220.198 185.59.220.198	60068 (CDN77 (^_^)/) (CDN77 (^_^)/)
1	178.62.123.45 178.62.123.45	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
10	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
12	31.22.4.94 31.22.4.94	34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
9	13.225.87.106 13.225.87.106	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
29	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
1 2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
141	24

28 31.22.4.81 (Houghton-Le-Spring, United Kingdom)

ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
PTR: sv46.byethost46.org

timedopovo.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.timedopovo.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 185.59.220.198 (Frankfurt am Main, Germany) 16 redirects

ASN60068 (CDN77 (^_^)/, GB)
PTR: edge-723.bunnyinfra.net

cdn.shortpixel.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.62.123.45 (London, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN, US)

panel.clickwise.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 31.22.4.94 (Houghton-Le-Spring, United Kingdom)

ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
PTR: sv23.byethost23.org

adds.livreuso.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 13.225.87.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-106.fra2.r.cloudfront.net

ad.lomadee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
41	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	530 KB
28	timedopovo.tk timedopovo.tk www.timedopovo.tk	555 KB
16	shortpixel.ai 16 redirects cdn.shortpixel.ai	11 KB
13	doubleclick.net googleads.g.doubleclick.net	84 KB
12	livreuso.tk adds.livreuso.tk	5 KB
9	lomadee.com ad.lomadee.com	109 KB
7	google.com www.google.com Failed adservice.google.com	2 KB
6	gstatic.com www.gstatic.com fonts.gstatic.com	104 KB
5	google-analytics.com ssl.google-analytics.com www.google-analytics.com	75 KB
4	googletagservices.com www.googletagservices.com	141 KB
3	google.de adservice.google.de	1 KB
2	facebook.com 1 redirects www.facebook.com	1 KB
2	googleapis.com fonts.googleapis.com	1 KB
2	facebook.net connect.facebook.net	75 KB
1	googleadservices.com partner.googleadservices.com	657 B
1	clickwise.net panel.clickwise.net	82 KB
0	statistcdn.com Failed statistcdn.com Failed
0	google.com.br Failed www.google.com.br Failed
141	18

	Domain	Requested by
29	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com timedopovo.tk pagead2.googlesyndication.com
24	timedopovo.tk	timedopovo.tk
16	cdn.shortpixel.ai	16 redirects
13	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
12	adds.livreuso.tk	timedopovo.tk adds.livreuso.tk
12	pagead2.googlesyndication.com	timedopovo.tk pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
9	ad.lomadee.com	adds.livreuso.tk ad.lomadee.com
5	fonts.gstatic.com	fonts.googleapis.com
4	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
4	www.google.com	timedopovo.tk googleads.g.doubleclick.net tpc.googlesyndication.com
4	www.timedopovo.tk	timedopovo.tk
3	www.google-analytics.com	ad.lomadee.com
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
2	www.facebook.com	1 redirects connect.facebook.net
2	fonts.googleapis.com	googleads.g.doubleclick.net tpc.googlesyndication.com
2	connect.facebook.net	timedopovo.tk connect.facebook.net
2	ssl.google-analytics.com	timedopovo.tk
1	www.gstatic.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	panel.clickwise.net	timedopovo.tk
0	statistcdn.com Failed	ad.lomadee.com
0	www.google.com.br Failed	timedopovo.tk
141	23

This site contains links to these domains. Also see Links.

Domain
www.timedopovo.tk
www.facebook.com
twitter.com
feeds.feedburner.com
www.youtube.com
r.clickwise.net

Subject Issuer	Validity	Valid
timedopovo.tk R3	`2021-06-20` - `2021-09-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
panel.clickwise.net R3	`2021-05-21` - `2021-08-19`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-05-26` - `2021-08-24`	3 months	crt.sh
adds.livreuso.tk R3	`2021-06-05` - `2021-09-03`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.lomadee.com Amazon	`2021-03-31` - `2022-04-29`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh

This page contains 21 frames:

Primary Page: https://timedopovo.tk/
Frame ID: A6202B029C9A36DA75FE8F96B9269712
Requests: 59 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210623/r20190131/zrt_lookup.html
Frame ID: A8082930B17ADFB98BF2039105C7D36A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9397577970694762&output=html&h=60&slotname=3804470934&adk=3546454420&adf=2203149399&pi=t.ma~as.3804470934&w=468&lmt=1624621971&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624621971879&bpp=8&bdt=165&idt=74&shv=r20210623&cbv=%2Fr20110914&ptt=5&saldr=sa&abxe=1&correlator=3852904018217&frm=20&pv=2&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=577&ady=8&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=1024&bc=31&ifi=1&uci=a!1&fsb=1&xpc=wztnZv1LmI&p=https%3A//timedopovo.tk&dtd=90
Frame ID: 21F6533B78AA62D4D6AC998487B98DB3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9397577970694762&output=html&adk=1812271804&adf=3025194257&lmt=1624621971&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Ftimedopovo.tk%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624621971904&bpp=2&bdt=191&idt=74&shv=r20210623&cbv=%2Fr20110914&ptt=9&saldr=aa&abxe=1&prev_slotnames=3804470934&nras=1&correlator=3852904018217&frm=20&pv=1&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=33792&bc=31&ifi=2&uci=a!2&fsb=1&dtd=78
Frame ID: A97E9CE3B771A39DDEDC7B294854DD83
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3432341997211165&output=html&h=280&slotname=8825380003&adk=3290701847&adf=215310249&pi=t.ma~as.8825380003&w=1000&fwrn=4&fwrnh=100&lmt=1624621971&rafmt=1&psa=0&format=1000x280&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624621971908&bpp=3&bdt=195&idt=76&shv=r20210623&cbv=%2Fr20110914&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=3804470934&nras=1&correlator=3852904018217&frm=20&pv=2&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=308&ady=131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=3&uci=a!3&fsb=1&xpc=KnTKHAgluR&p=https%3A//timedopovo.tk&dtd=80
Frame ID: 8E40E6C4A98C4BD08D8DB2C14B1EEF81
Requests: 16 HTTP requests in this frame

Frame: https://adds.livreuso.tk/anuncios//show_i.php?a=559&z=5&c=1&adurl=12462&target=_blank
Frame ID: DE79DE5236708AD76729DD98EED0606B
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3432341997211165&output=html&h=600&slotname=0023709217&adk=208576126&adf=3656672136&pi=t.ma~as.0023709217&w=120&lmt=1624621972&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624621972049&bpp=9&bdt=336&idt=9&shv=r20210623&cbv=%2Fr20110914&ptt=5&saldr=sa&abxe=1&prev_fmts=0x0%2C1000x280&prev_slotnames=3804470934&nras=1&correlator=3852904018217&frm=20&pv=1&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=315&ady=1047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=1024&bc=31&ifi=4&uci=a!4&fsb=1&xpc=yoEklnrNYV&p=https%3A//timedopovo.tk&dtd=14
Frame ID: D9D0BEBF005DE894972A6976F89156A2
Requests: 7 HTTP requests in this frame

Frame: https://adds.livreuso.tk/anuncios//show_i.php?a=559&z=5&c=1&adurl=12462&target=_blank
Frame ID: 9F60A09AEF5CA2F6399A925ECD40420B
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3432341997211165&output=html&h=600&slotname=4618836511&adk=2751928702&adf=4244182132&pi=t.ma~as.4618836511&w=300&fwrn=4&fwrnh=100&lmt=1624621972&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1624621972127&bpp=17&bdt=414&idt=18&shv=r20210623&cbv=%2Fr20110914&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db1c433b0e6fb91cb-228ff22432c900c0%3AT%3D1624621972%3ART%3D1624621972%3AS%3DALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg&prev_fmts=0x0%2C1000x280&prev_slotnames=3804470934%2C0023709217&nras=1&correlator=3852904018217&frm=20&pv=1&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=705&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ViQdQvncoz&p=https%3A//timedopovo.tk&dtd=38
Frame ID: FB67585791C156C0B3B37C13949AEE52
Requests: 9 HTTP requests in this frame

Frame: https://ad.lomadee.com/banner/view?sourceId=35923256&dimension=3&width=120&height=600&method=0&advertisers=&tags=
Frame ID: BABEC1660E14ADEE43B1EBE2198F97F7
Requests: 4 HTTP requests in this frame

Frame: https://ad.lomadee.com/banner/view?sourceId=35923256&dimension=3&width=120&height=600&method=0&advertisers=&tags=
Frame ID: D574A206DCA75013C24A377CF03E6451
Requests: 4 HTTP requests in this frame

Frame: https://adds.livreuso.tk/anuncios//show_i.php?a=529&z=29&c=1&adurl=12461&target=_blank
Frame ID: CDE80C27EFACC503CB13A6AAD2DD1C3C
Requests: 3 HTTP requests in this frame

Frame: https://ad.lomadee.com/banner/view?sourceId=35923256&dimension=1&width=728&height=90&method=0&advertisers=&tags=
Frame ID: 60440A30EA504C8F07ED304BAEC8E99E
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/index.html
Frame ID: 69A15D4B8CBA466B712941FBAF967734
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: BD5D21387B7A30023239B4700D29A6DC
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/mGzIkP9MbilhhXayH-4FXVj5Hth0Auc0RFP8Od1UZbs.js
Frame ID: BB5912AF247EEA589FF8E7BB33BA73E5
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html
Frame ID: 264E82A98A23F062F716FB39901C3F98
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 4BD314D8D9AD2DF520A7D150332CE46F
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df107d1fff1b29ec%2526domain%253Dtimedopovo.tk%2526origin%253Dhttps%25253A%25252F%25252Ftimedopovo.tk%25252Ffcc447de292d98%2526relation%253Dparent.parent%26color_scheme%3Dlight%26container_width%3D300%26header%3Dtrue%26height%3D300%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Ftimedopovonews%253Fref%253Dhl%26locale%3Dpt_BR%26sdk%3Djoey%26show_border%3Dtrue%26show_faces%3Dtrue%26stream%3Dfalse%26width%3D300
Frame ID: F7BED4972BAC5DAF22BDC97CF06C3DC2
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: AB9DC638B9A1DECD4EA89A6ED45D063D
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 991C2DD28F434495CE05BD0327CDC5AE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

141
Requests

94 %
HTTPS

75 %
IPv6

18
Domains

23
Subdomains

24
IPs

3
Countries

1764 kB
Transfer

3621 kB
Size

0
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: http://www.timedopovo.tk/category/ultimasnoticias/
Title: Últimas notícias

Search URL Search Domain Scan URL

URL: https://www.facebook.com/timedopovonews

Search URL Search Domain Scan URL

URL: http://twitter.com/#!/time_do_povo

Search URL Search Domain Scan URL

URL: http://feeds.feedburner.com/TimeDoPovo

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/TimeDoPovoCom

Search URL Search Domain Scan URL

URL: https://r.clickwise.net/click/bd514a64/5d89528c97168

Search URL Search Domain Scan URL

URL: http://www.timedopovo.tk/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_64,h_64/https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/facebook.png HTTP 302
https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/facebook.png

Request Chain 9

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_64,h_64/https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/twitter.png HTTP 302
https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/twitter.png

Request Chain 10

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_64,h_64/https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/rss.png HTTP 302
https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/rss.png

Request Chain 11

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_64,h_64/https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/youtube.png HTTP 302
https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/youtube.png

Request Chain 24

https://cdn.shortpixel.ai/client/q_glossy,ret_img/https://timedopovo.tk/wp-content/themes/crystalhosting/images/sidebarup.png HTTP 302
https://timedopovo.tk/wp-content/themes/crystalhosting/images/sidebarup.png

Request Chain 48

https://cdn.shortpixel.ai/client/q_glossy,ret_img/https://timedopovo.tk/wp-content/themes/crystalhosting/images/postindex.png HTTP 302
https://timedopovo.tk/wp-content/themes/crystalhosting/images/postindex.png

Request Chain 49

https://cdn.shortpixel.ai/client/q_glossy,ret_img/https://timedopovo.tk/wp-content/themes/crystalhosting/images/postfim-2.png HTTP 302
https://timedopovo.tk/wp-content/themes/crystalhosting/images/postfim-2.png

Request Chain 50

https://cdn.shortpixel.ai/client/q_glossy,ret_img/https://timedopovo.tk/wp-content/themes/crystalhosting/images/sidebaruppp.png HTTP 302
https://timedopovo.tk/wp-content/themes/crystalhosting/images/sidebaruppp.png

Request Chain 55

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_145/https://timedopovo.tk/wp-content/uploads/2021/06/004-145x100.jpg HTTP 302
https://timedopovo.tk/wp-content/uploads/2021/06/004-145x100.jpg

Request Chain 56

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_144/https://timedopovo.tk/wp-content/uploads/2021/06/003-144x100.jpg HTTP 302
https://timedopovo.tk/wp-content/uploads/2021/06/003-144x100.jpg

Request Chain 57

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_147/https://timedopovo.tk/wp-content/uploads/2021/06/agenciacorinthians-foto-180450-1-1024x695-1-147x100.jpg HTTP 302
https://timedopovo.tk/wp-content/uploads/2021/06/agenciacorinthians-foto-180450-1-1024x695-1-147x100.jpg

Request Chain 58

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_147/https://timedopovo.tk/wp-content/uploads/2021/06/Se-entrar-em-campo-Ramiro-vai-completar-100-jogos-pelo-Corinthians-147x100.jpg HTTP 302
https://timedopovo.tk/wp-content/uploads/2021/06/Se-entrar-em-campo-Ramiro-vai-completar-100-jogos-pelo-Corinthians-147x100.jpg

Request Chain 59

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_133/https://timedopovo.tk/wp-content/uploads/2021/06/E2zqBvVXEAABR5D-133x100.jpg HTTP 302
https://timedopovo.tk/wp-content/uploads/2021/06/E2zqBvVXEAABR5D-133x100.jpg

Request Chain 60

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_148/https://timedopovo.tk/wp-content/uploads/2021/06/agenciacorinthians-foto-180367-1-1024x690-1-148x100.jpg HTTP 302
https://timedopovo.tk/wp-content/uploads/2021/06/agenciacorinthians-foto-180367-1-1024x690-1-148x100.jpg

Request Chain 61

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_145/https://timedopovo.tk/wp-content/uploads/2021/06/Corinthians-comemora-49-anos-da-estreia-do-idolo-Wladimir-145x100.jpg HTTP 302
https://timedopovo.tk/wp-content/uploads/2021/06/Corinthians-comemora-49-anos-da-estreia-do-idolo-Wladimir-145x100.jpg

Request Chain 62

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_177/https://timedopovo.tk/wp-content/uploads/2021/06/001-177x100.png HTTP 302
https://timedopovo.tk/wp-content/uploads/2021/06/001-177x100.png

Request Chain 85

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 126

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 137

https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df107d1fff1b29ec%26domain%3Dtimedopovo.tk%26origin%3Dhttps%253A%252F%252Ftimedopovo.tk%252Ffcc447de292d98%26relation%3Dparent.parent&color_scheme=light&container_width=300&header=true&height=300&href=https%3A%2F%2Fwww.facebook.com%2Ftimedopovonews%3Fref%3Dhl&locale=pt_BR&sdk=joey&show_border=true&show_faces=true&stream=false&width=300 HTTP 302
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df107d1fff1b29ec%2526domain%253Dtimedopovo.tk%2526origin%253Dhttps%25253A%25252F%25252Ftimedopovo.tk%25252Ffcc447de292d98%2526relation%253Dparent.parent%26color_scheme%3Dlight%26container_width%3D300%26header%3Dtrue%26height%3D300%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Ftimedopovonews%253Fref%253Dhl%26locale%3Dpt_BR%26sdk%3Djoey%26show_border%3Dtrue%26show_faces%3Dtrue%26stream%3Dfalse%26width%3D300

141 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
timedopovo.tk/ 46 KB
10 KB 2995ms
2907ms Document
text/html 31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL

https://timedopovo.tk/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),

Reverse DNS

sv46.byethost46.org

Software

nginx /

Resource Hash

33d23a496250a3264a8ece5bac570df13921457f2e281f897f5696e9a9558281

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: timedopovo.tk
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx
date: Fri, 25 Jun 2021 11:52:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://timedopovo.tk/wp-json/>; rel="https://api.w.org/"
cache-control: max-age=0
expires: Fri, 25 Jun 2021 11:52:48 GMT
content-encoding: br

GET
H2 200 autoptimize_b29b1f69340b6254e65047bbb2ef974d.css
timedopovo.tk/wp-content/cache/autoptimize/css/ 17 KB
3 KB 104ms
103ms Stylesheet
text/css 31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: https://timedopovo.tk/wp-content/cache/autoptimize/css/autoptimize_b29b1f69340b6254e65047bbb2ef974d.css
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: f356c1330b17335df99dda5bb53bfd858ff27b903d555e9edb775b2c08d0b357

Request headers

:path: /wp-content/cache/autoptimize/css/autoptimize_b29b1f69340b6254e65047bbb2ef974d.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
content-encoding: gzip
last-modified: Tue, 23 Mar 2021 15:58:14 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=30672000, public, immutable, public, proxy-revalidate
accept-ranges: bytes
content-length: 3012
expires: Wed, 15 Jun 2022 11:52:51 GMT

GET
H2 200 autoptimize_f94ea748099c9df4dd02b3c685044b15.css
timedopovo.tk/wp-content/cache/autoptimize/css/ 88 KB
14 KB 104ms
103ms Stylesheet
text/css 31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: https://timedopovo.tk/wp-content/cache/autoptimize/css/autoptimize_f94ea748099c9df4dd02b3c685044b15.css
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: 1e0b105463e87ccc5220d9aba7dc76cbd4ff9acab31d23f2bfcaaa81f869a702

Request headers

:path: /wp-content/cache/autoptimize/css/autoptimize_f94ea748099c9df4dd02b3c685044b15.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
content-encoding: gzip
last-modified: Thu, 15 Apr 2021 05:11:37 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=30672000, public, immutable, public, proxy-revalidate
accept-ranges: bytes
content-length: 14229
expires: Wed, 15 Jun 2022 11:52:51 GMT

GET
H2 200 jquery.js Show response
timedopovo.tk/wp-includes/js/jquery/ 281 KB
84 KB 62ms
61ms Script
application/javascript 31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: https://timedopovo.tk/wp-includes/js/jquery/jquery.js?ver=3.5.1
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: 86f937a29eaee70aaf9935799a414bea46c62fb136cc0465f63f9d6820cf4982

Request headers

:path: /wp-includes/js/jquery/jquery.js?ver=3.5.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
content-encoding: br
last-modified: Tue, 23 Feb 2021 22:25:34 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate
expires: Sun, 25 Jul 2021 11:52:51 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 136 KB
48 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: timedopovo.tk
URL: https://timedopovo.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aa62551ffb9f4f300d58b68cf6d4fddb7fc49ce1ed40d05fd4064156b0dc5837

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49149
x-xss-protection: 0
server: cafe
etag: 14916098970332087282
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 25 Jun 2021 11:52:51 GMT

GET
H2 200 logotdp.png
www.timedopovo.tk/ 31 KB
31 KB 96ms
69ms Image
image/png 31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.timedopovo.tk/logotdp.png
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: fc08809552becc11633f8ae84e133f62f1ee23689f6aa71d532ed5ab3ac3d821

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Fri, 06 Apr 2018 00:39:56 GMT
server: nginx
content-type: image/png
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 31497
expires: Sun, 25 Jul 2021 11:52:51 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ 92 KB
33 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: timedopovo.tk
URL: https://timedopovo.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

404bc899022fdc0513b0c7a19b696320f893f305d9950f64ad8b51fcb2edb598

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33453
x-xss-protection: 0
server: cafe
etag: 16622256412939770913
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 25 Jun 2021 11:52:51 GMT

GET
H2 200 vercompleto.png
www.timedopovo.tk/wp-content/themes/crystalhosting/images/ 9 KB
9 KB 82ms
55ms Image
image/png 31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.timedopovo.tk/wp-content/themes/crystalhosting/images/vercompleto.png
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: 986037628ef2f713282cdf6658e45f2d778e374635e2b7b6ec0f3e2fd9281ba3

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Fri, 06 Apr 2018 00:41:57 GMT
server: nginx
content-type: image/png
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 9074
expires: Sun, 25 Jul 2021 11:52:51 GMT

GET
H2 200 escudo.png
www.timedopovo.tk/ 46 KB
46 KB 85ms
58ms Image
image/png 31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.timedopovo.tk/escudo.png
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: ce2c2f487561a1e72f77b2c28bdf121fef04e9c7d3189f5affd499a3a8a77db5

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Fri, 06 Apr 2018 00:46:34 GMT
server: nginx
content-type: image/png
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 46795
expires: Sun, 25 Jul 2021 11:52:51 GMT

GET
H2

200

facebook.png
timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/
Redirect Chain

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_64,h_64/https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/facebook.png
https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/facebook.png

763 B
957 B

69ms
69ms

Image
image/png

31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/facebook.png
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: b8e86c44c2f2cc0f6d192de5b6a94b23e3c60db1117bed35701ae1e7ec6cfe5a

Request headers

:path: /wp-content/plugins/social-media-widget/images/default/64/facebook.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: cross-site
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Fri, 06 Apr 2018 00:40:17 GMT
server: nginx
content-type: image/png
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 763
expires: Sun, 25 Jul 2021 11:52:51 GMT

Redirect headers

date: Fri, 25 Jun 2021 11:52:51 GMT
cdn-edgestorageid: 601, 602
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-tag: Domain:timedopovo.tk
cdn-cachedat: 2021-06-24 23:48:37
cdn-pullzone: 257218
content-length: 0
pragma: cache
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
server: BunnyCDN-DE1-723
cdn-requestpullcode: 302
x-purge: 1
location: https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/facebook.png
content-type: text/html; charset=UTF-8
cdn-cache: HIT
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cache-control: public, max-age=86400
cdn-requestid: 411d537245f66219dba43d5dc1f69540
cdn-requestcountrycode: FR
cdn-requestpullsuccess: True

GET
H2

200

twitter.png
timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/
Redirect Chain

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_64,h_64/https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/twitter.png
https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/twitter.png

1 KB
2 KB

94ms
93ms

Image
image/png

31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/twitter.png
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: 7961fb8e2c56c456004b8621329bcc73e2030785eb88be511bec404c80a659b7

Request headers

:path: /wp-content/plugins/social-media-widget/images/default/64/twitter.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: cross-site
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Fri, 06 Apr 2018 00:40:17 GMT
server: nginx
content-type: image/png
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 1342
expires: Sun, 25 Jul 2021 11:52:51 GMT

Redirect headers

date: Fri, 25 Jun 2021 11:52:51 GMT
cdn-edgestorageid: 756, 602
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-tag: Domain:timedopovo.tk
cdn-cachedat: 2021-06-25 13:52:51
cdn-pullzone: 257218
content-length: 0
pragma: cache
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
server: BunnyCDN-DE1-723
cdn-requestpullcode: 302
x-purge: 1
location: https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/twitter.png
content-type: text/html; charset=UTF-8
cdn-cache: EXPIRED
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cache-control: public, max-age=86400
cdn-requestid: 2454fa172e239919225b34c4c1b3218b
cdn-requestcountrycode: FR
cdn-requestpullsuccess: True

GET
H2

200

rss.png
timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/
Redirect Chain

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_64,h_64/https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/rss.png
https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/rss.png

3 KB
3 KB

64ms
64ms

Image
image/png

31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/rss.png
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: 6bd760dc672e6d692fd30cca41e3629ab4c67d24fde1d13d2b3d5744fd06f351

Request headers

:path: /wp-content/plugins/social-media-widget/images/default/64/rss.png
pragma: no-cache
cookie: __utmc=204431381; __utmz=204431381.1624621972.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utma=204431381.1723328054.1624621972.1624621972.1624621972.1; __utmb=204431381.1.10.1624621972
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: cross-site
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Fri, 06 Apr 2018 00:40:17 GMT
server: nginx
content-type: image/png
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 2746
expires: Sun, 25 Jul 2021 11:52:51 GMT

Redirect headers

date: Fri, 25 Jun 2021 11:52:51 GMT
cdn-edgestorageid: 752, 602
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-tag: Domain:timedopovo.tk
cdn-cachedat: 2021-06-25 13:52:51
cdn-pullzone: 257218
content-length: 0
pragma: cache
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
server: BunnyCDN-DE1-723
cdn-requestpullcode: 302
x-purge: 1
location: https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/rss.png
content-type: text/html; charset=UTF-8
cdn-cache: EXPIRED
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cache-control: public, max-age=86400
cdn-requestid: a9d4c9cb87bb23d4b337807102bd48bf
cdn-requestcountrycode: FR
cdn-requestpullsuccess: True

GET
H2

200

youtube.png
timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/
Redirect Chain

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_64,h_64/https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/youtube.png
https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/youtube.png

3 KB
3 KB

82ms
79ms

Image
image/png

31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/youtube.png
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: 70026657c87a5132b6a431dff968771873d699737fb63c32af45f5790a1a38c3

Request headers

:path: /wp-content/plugins/social-media-widget/images/default/64/youtube.png
pragma: no-cache
cookie: __utmc=204431381; __utmz=204431381.1624621972.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utma=204431381.1723328054.1624621972.1624621972.1624621972.1; __utmb=204431381.1.10.1624621972
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: cross-site
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Fri, 06 Apr 2018 00:40:17 GMT
server: nginx
content-type: image/png
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 3229
expires: Sun, 25 Jul 2021 11:52:51 GMT

Redirect headers

date: Fri, 25 Jun 2021 11:52:51 GMT
cdn-edgestorageid: 756, 602
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-tag: Domain:timedopovo.tk
cdn-cachedat: 2021-06-25 13:52:51
cdn-pullzone: 257218
content-length: 0
pragma: cache
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
server: BunnyCDN-DE1-723
cdn-requestpullcode: 302
x-purge: 1
location: https://timedopovo.tk/wp-content/plugins/social-media-widget/images/default/64/youtube.png
content-type: text/html; charset=UTF-8
cdn-cache: EXPIRED
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cache-control: public, max-age=86400
cdn-requestid: cb45f99077c6247dcbfa4c5ecd9a5839
cdn-requestcountrycode: FR
cdn-requestpullsuccess: True

GET
H/1.1 200
OK 032dc8fe26d84282b2bcb0f3865cbae7.png
panel.clickwise.net/media/banner/20210309/ 82 KB
82 KB 208ms
46ms Image
image/png 178.62.123.45
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://panel.clickwise.net/media/banner/20210309/032dc8fe26d84282b2bcb0f3865cbae7.png
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 178.62.123.45 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: openresty/1.17.8.2 /
Resource Hash: 9186533ba21799e1a451b35581408963a2bd352a157f1b194c0727fb68357558

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 25 Jun 2021 11:52:52 GMT
Last-Modified: Tue, 09 Mar 2021 23:29:52 GMT
Server: openresty/1.17.8.2
ETag: "604804f0-14743"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 83779

GET
H2 200 logo.gif
www.timedopovo.tk/ 259 KB
260 KB 90ms
64ms Image
image/gif 31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.timedopovo.tk/logo.gif
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: 74a14c3c9efff84398be5969f5ed596e76fd40786aa034907d67e2cafbf746d6

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Fri, 06 Apr 2018 00:46:39 GMT
server: nginx
content-type: image/gif
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 265726
expires: Sun, 25 Jul 2021 11:52:51 GMT

GET
H2 200 autoptimize_64369739fc755262d7d80c591d79ad24.js Show response
timedopovo.tk/wp-content/cache/autoptimize/js/ 20 KB
7 KB 73ms
71ms Script
application/javascript 31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: https://timedopovo.tk/wp-content/cache/autoptimize/js/autoptimize_64369739fc755262d7d80c591d79ad24.js
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: 4f2dab5366889ccb09deeff2e8530ddd50234a9ecf94bd021a7b5df566c4ab97

Request headers

:path: /wp-content/cache/autoptimize/js/autoptimize_64369739fc755262d7d80c591d79ad24.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
content-encoding: gzip
last-modified: Tue, 23 Mar 2021 15:58:14 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=30672000, public, immutable, public, proxy-revalidate, public, proxy-revalidate
accept-ranges: bytes
content-length: 6764
expires: Wed, 15 Jun 2022 11:52:51 GMT

GET
H2 200 twemoji.js Show response
timedopovo.tk/wp-includes/js/ 27 KB
8 KB 59ms
58ms Script
application/javascript 31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: https://timedopovo.tk/wp-includes/js/twemoji.js?ver=5.7.2
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: e98cd00e7be004c4360ad0c38471911312d74a117babcc29f239935afc80c8cb

Request headers

:path: /wp-includes/js/twemoji.js?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
content-encoding: br
last-modified: Tue, 23 Feb 2021 22:25:34 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate
expires: Sun, 25 Jul 2021 11:52:51 GMT

GET
H2 200 wp-emoji.js Show response
timedopovo.tk/wp-includes/js/ 9 KB
4 KB 60ms
58ms Script
application/javascript 31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: https://timedopovo.tk/wp-includes/js/wp-emoji.js?ver=5.7.2
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

:path: /wp-includes/js/wp-emoji.js?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
content-encoding: br
last-modified: Sun, 03 May 2020 16:41:02 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate
expires: Sun, 25 Jul 2021 11:52:51 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: timedopovo.tk
URL: https://timedopovo.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 5666
date: Fri, 25 Jun 2021 10:18:25 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Fri, 25 Jun 2021 12:18:25 GMT

GET
H2 200 all.js Show response
connect.facebook.net/pt_BR/ 3 KB
2 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/pt_BR/all.js

Requested by

Host: timedopovo.tk
URL: https://timedopovo.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b9feda3639f000413659bbf87dea176f85a6c97c020d1b12d1ca0eb7814a8931

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: hKdWApOLkbgF8XIbWqyoww==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: UsgOS6fTo2JREowoXhOw9nSDNnQfOlEU+gtGhlk1WNTO1z+UGVzArOrW8U4ZgvcXMaUi8rlm64WAA+sbZ4tucQ==
x-fb-trip-id: 686109401
x-fb-content-md5: b0be8890c23bf0faedc24b8dbcaf3129
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
date: Fri, 25 Jun 2021 11:52:51 GMT
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "641a15c0ec7eccf240d25edce14d31eb"
timing-allow-origin: *
priority: u=3,i
expires: Fri, 25 Jun 2021 11:53:13 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202106180101/ 233 KB
86 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202106180101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9397577970694762&plah=timedopovo.tk&amaexp=1&bust=exp%3D31060975

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a30a030d2650fb5761dc1744f8599efc50ff2abb6b72016ead3f8b320ec05a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 88139
x-xss-protection: 0
server: cafe
etag: 13607190200409470678
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 25 Jun 2021 11:52:51 GMT

GET query_renderer.js
www.google.com/cse/ 0
0

GET js
www.google.com/cse/api/partner-pub-3432341997211165/cse/6624308046/queries/ 0
0

GET show_afs_search.js
www.google.com/afsonline/ 0
0

GET
H2 200 show.php Show response
adds.livreuso.tk/anuncios// 482 B
490 B 139ms
48ms Script
text/html 31.22.4.94
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: https://adds.livreuso.tk/anuncios//show.php?ad_type=14&j=1&code=1624621971888
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.94 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv23.byethost23.org
Software: nginx /
Resource Hash: 83faf6d8e626b76e08febc472f9cf0bb9921a992ad61bc34b200930ad10e4602

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma: no-cache
date: Fri, 25 Jun 2021 11:52:51 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding
content-type: text/html
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2

200

sidebarup.png
timedopovo.tk/wp-content/themes/crystalhosting/images/
Redirect Chain

https://cdn.shortpixel.ai/client/q_glossy,ret_img/https://timedopovo.tk/wp-content/themes/crystalhosting/images/sidebarup.png
https://timedopovo.tk/wp-content/themes/crystalhosting/images/sidebarup.png

3 KB
3 KB

68ms
68ms

Image
image/png

31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://timedopovo.tk/wp-content/themes/crystalhosting/images/sidebarup.png
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/wp-content/cache/autoptimize/css/autoptimize_f94ea748099c9df4dd02b3c685044b15.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: cbd509669e176f744af1c69d7c339e14127f4be4c59185d6c5ba6fe448fca6f9

Request headers

:path: /wp-content/themes/crystalhosting/images/sidebarup.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: cross-site
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Fri, 06 Apr 2018 00:41:57 GMT
server: nginx
content-type: image/png
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 3225
expires: Sun, 25 Jul 2021 11:52:51 GMT

Redirect headers

date: Fri, 25 Jun 2021 11:52:51 GMT
cdn-edgestorageid: 601, 602
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-tag: Domain:timedopovo.tk
cdn-cachedat: 2021-06-24 23:48:37
cdn-pullzone: 257218
content-length: 0
pragma: cache
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
server: BunnyCDN-DE1-723
cdn-requestpullcode: 302
x-purge: 1
location: https://timedopovo.tk/wp-content/themes/crystalhosting/images/sidebarup.png
content-type: text/html; charset=UTF-8
cdn-cache: HIT
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cache-control: public, max-age=86400
cdn-requestid: 22086a99a196911cb8d62c6a806073fe
cdn-requestcountrycode: FR
cdn-requestpullsuccess: True

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210623/r20190131/ Frame A808 10 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210623/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

20b3bad1427e2212dd847357841f993f025b5061c4af1d382dcc727e102cc1e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210623/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://timedopovo.tk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://timedopovo.tk/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 25 Jun 2021 03:56:11 GMT
expires: Fri, 09 Jul 2021 03:56:11 GMT
content-type: text/html; charset=UTF-8
etag: 15579341980913220427
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4579
x-xss-protection: 0
age: 28600
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 203 B
657 B 102ms
37ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=timedopovo.tk&callback=_gfp_s_&client=ca-pub-9397577970694762

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202106180101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9397577970694762&plah=timedopovo.tk&amaexp=1&bust=exp%3D31060975

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

5c24b5096e88bef7c059e06450950e98d462c5bc7eee0e6b4cb7c0bfa16292eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 192
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 37ms
15ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=timedopovo.tk

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Jun 2021 11:52:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 38ms
15ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=timedopovo.tk

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Jun 2021 11:52:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 21F6 430 B
230 B 218ms
216ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9397577970694762&output=html&h=60&slotname=3804470934&adk=3546454420&adf=2203149399&pi=t.ma~as.3804470934&w=468&lmt=1624621971&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624621971879&bpp=8&bdt=165&idt=74&shv=r20210623&cbv=%2Fr20110914&ptt=5&saldr=sa&abxe=1&correlator=3852904018217&frm=20&pv=2&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=577&ady=8&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=1024&bc=31&ifi=1&uci=a!1&fsb=1&xpc=wztnZv1LmI&p=https%3A//timedopovo.tk&dtd=90

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2ebbe31951d75aaeea0e487bf5af399479ec0e4dabcc965d99cd203adf81bb8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9397577970694762&output=html&h=60&slotname=3804470934&adk=3546454420&adf=2203149399&pi=t.ma~as.3804470934&w=468&lmt=1624621971&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624621971879&bpp=8&bdt=165&idt=74&shv=r20210623&cbv=%2Fr20110914&ptt=5&saldr=sa&abxe=1&correlator=3852904018217&frm=20&pv=2&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=577&ady=8&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=1024&bc=31&ifi=1&uci=a!1&fsb=1&xpc=wztnZv1LmI&p=https%3A//timedopovo.tk&dtd=90
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://timedopovo.tk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://timedopovo.tk/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 25 Jun 2021 11:52:52 GMT
server: cafe
content-length: 207
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 25-Jun-2021 12:07:51 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 25 Jun 2021 11:52:52 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
28 KB 35ms
14ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92857904df325afe1f29a64b2382eb7df89626a03d79bd16be4dac1296c3aef1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:52 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624469958711216"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27719
x-xss-protection: 0
expires: Fri, 25 Jun 2021 11:52:52 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 39ms
38ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=adfil-imp&wp=ca-pub-9397577970694762&c=10&e=2570847921467975139&n=0&t=0&w=9&x=0

Requested by

Host: timedopovo.tk
URL: https://timedopovo.tk/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Jun 2021 11:52:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A97E 9 KB
926 B 92ms
91ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9397577970694762&output=html&adk=1812271804&adf=3025194257&lmt=1624621971&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Ftimedopovo.tk%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624621971904&bpp=2&bdt=191&idt=74&shv=r20210623&cbv=%2Fr20110914&ptt=9&saldr=aa&abxe=1&prev_slotnames=3804470934&nras=1&correlator=3852904018217&frm=20&pv=1&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=33792&bc=31&ifi=2&uci=a!2&fsb=1&dtd=78

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8228d4ad4a1422d98292b068635566925b4e6d35b1ce0b5e051acebaeadd1da2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9397577970694762&output=html&adk=1812271804&adf=3025194257&lmt=1624621971&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Ftimedopovo.tk%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624621971904&bpp=2&bdt=191&idt=74&shv=r20210623&cbv=%2Fr20110914&ptt=9&saldr=aa&abxe=1&prev_slotnames=3804470934&nras=1&correlator=3852904018217&frm=20&pv=1&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=33792&bc=31&ifi=2&uci=a!2&fsb=1&dtd=78
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://timedopovo.tk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://timedopovo.tk/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 25 Jun 2021 11:52:52 GMT
server: cafe
content-length: 903
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 25-Jun-2021 12:07:52 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 25 Jun 2021 11:52:52 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8E40 71 KB
24 KB 713ms
713ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3432341997211165&output=html&h=280&slotname=8825380003&adk=3290701847&adf=215310249&pi=t.ma~as.8825380003&w=1000&fwrn=4&fwrnh=100&lmt=1624621971&rafmt=1&psa=0&format=1000x280&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624621971908&bpp=3&bdt=195&idt=76&shv=r20210623&cbv=%2Fr20110914&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=3804470934&nras=1&correlator=3852904018217&frm=20&pv=2&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=308&ady=131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=3&uci=a!3&fsb=1&xpc=KnTKHAgluR&p=https%3A//timedopovo.tk&dtd=80

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b29021d6b75644a71b203ce02b73c3b58a3c68f371451179d0f720dc93dd95b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3432341997211165&output=html&h=280&slotname=8825380003&adk=3290701847&adf=215310249&pi=t.ma~as.8825380003&w=1000&fwrn=4&fwrnh=100&lmt=1624621971&rafmt=1&psa=0&format=1000x280&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624621971908&bpp=3&bdt=195&idt=76&shv=r20210623&cbv=%2Fr20110914&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=3804470934&nras=1&correlator=3852904018217&frm=20&pv=2&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=308&ady=131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=3&uci=a!3&fsb=1&xpc=KnTKHAgluR&p=https%3A//timedopovo.tk&dtd=80
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://timedopovo.tk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://timedopovo.tk/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 25 Jun 2021 11:52:52 GMT
server: cafe
content-length: 24521
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 25-Jun-2021 12:07:52 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 25 Jun 2021 11:52:52 GMT
cache-control: private

GET
H3-29 200 all.js Show response
connect.facebook.net/pt_BR/ 246 KB
73 KB 8ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/pt_BR/all.js?hash=5a3c4881cfcae8bbaa9be5600358d670

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/pt_BR/all.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

64e2e400b02e0d24811b5f5d83978931d8c8b7cea882398246c3bdd434a97c7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://timedopovo.tk
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 3SJ6VU2wTCp3aRJoP/4E3g==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 74284
x-fb-rlafr: 0
x-fb-debug: 3E/VbE45MWE5VB6/5UT06EsRWikp2ofCf14gh41cSwAAXCz8ZSTKMrTKHOjhkAnxvmxfQbA5qI76MgoscgmcEA==
x-fb-content-md5: 57c9d33c544e1f033ee0382e38b251a5
x-frame-options: DENY
date: Fri, 25 Jun 2021 11:52:51 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "f841868a418d9a071220a2e1f16258b6"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 25 Jun 2022 10:52:59 GMT

GET
H3-29 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
54 B 21ms
20ms Image
image/gif 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=772920934&utmhn=timedopovo.tk&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Time%20Do%20Povo&utmhid=1747522967&utmr=-&utmp=%2F&utmht=1624621971995&utmac=UA-23996175-16&utmcc=__utma%3D204431381.1723328054.1624621972.1624621972.1624621972.1%3B%2B__utmz%3D204431381.1624621972.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=40004896&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAQAAAAE~

Requested by

Host: timedopovo.tk
URL: https://timedopovo.tk/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Jun 2021 11:52:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 show_i.php Show response
adds.livreuso.tk/anuncios// Frame DE79 1 KB
733 B 48ms
47ms Document
text/html 31.22.4.94
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: https://adds.livreuso.tk/anuncios//show_i.php?a=559&z=5&c=1&adurl=12462&target=_blank
Requested by: Host: adds.livreuso.tk
URL: https://adds.livreuso.tk/anuncios//show.php?ad_type=14&j=1&code=1624621971888
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.94 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv23.byethost23.org
Software: nginx /
Resource Hash: 3e553b96d208383a7df644bc4ea5f9639fbdcf758a7b0e43f434a1a6cec7e06b

Request headers

:method: GET
:authority: adds.livreuso.tk
:scheme: https
:path: /anuncios//show_i.php?a=559&z=5&c=1&adurl=12462&target=_blank
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://timedopovo.tk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://timedopovo.tk/

Response headers

server: nginx
date: Fri, 25 Jun 2021 11:52:51 GMT
content-type: text/html
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: PHPSESSID=qh1miuis5dirn9g77vs7fogce7; path=/
content-encoding: br

GET
H2 200 blank.gif
adds.livreuso.tk/anuncios//images/ 43 B
236 B 47ms
46ms Image
image/gif 31.22.4.94
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adds.livreuso.tk/anuncios//images/blank.gif
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.94 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv23.byethost23.org
Software: nginx /
Resource Hash: 204e26ceed9d428095faf4121c5049f1e106116971865681001c2298f7cc5689

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Sun, 17 Dec 2017 15:19:14 GMT
server: nginx
content-type: image/gif
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 43
expires: Sun, 25 Jul 2021 11:52:51 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 28ms
14ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=timedopovo.tk

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Jun 2021 11:52:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 29ms
15ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=timedopovo.tk

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Jun 2021 11:52:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D9D0 90 KB
32 KB 509ms
507ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3432341997211165&output=html&h=600&slotname=0023709217&adk=208576126&adf=3656672136&pi=t.ma~as.0023709217&w=120&lmt=1624621972&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624621972049&bpp=9&bdt=336&idt=9&shv=r20210623&cbv=%2Fr20110914&ptt=5&saldr=sa&abxe=1&prev_fmts=0x0%2C1000x280&prev_slotnames=3804470934&nras=1&correlator=3852904018217&frm=20&pv=1&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=315&ady=1047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=1024&bc=31&ifi=4&uci=a!4&fsb=1&xpc=yoEklnrNYV&p=https%3A//timedopovo.tk&dtd=14

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3571fa17eabf7f4e4e6386305b040dfd1330e7a4cc3afc584d4f6c8b48cd7c1e

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJ6uqbzcsvECFanouwgdEYkABQ&gqi=lMPVYIe9BNrpgAfIl4jYAw&layout=/sadbundle/%24csp%253Der3%24/18440678300287635125/120x600/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3432341997211165&output=html&h=600&slotname=0023709217&adk=208576126&adf=3656672136&pi=t.ma~as.0023709217&w=120&lmt=1624621972&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624621972049&bpp=9&bdt=336&idt=9&shv=r20210623&cbv=%2Fr20110914&ptt=5&saldr=sa&abxe=1&prev_fmts=0x0%2C1000x280&prev_slotnames=3804470934&nras=1&correlator=3852904018217&frm=20&pv=1&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=315&ady=1047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=1024&bc=31&ifi=4&uci=a!4&fsb=1&xpc=yoEklnrNYV&p=https%3A//timedopovo.tk&dtd=14
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://timedopovo.tk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://timedopovo.tk/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJ6uqbzcsvECFanouwgdEYkABQ&gqi=lMPVYIe9BNrpgAfIl4jYAw&layout=/sadbundle/%24csp%253Der3%24/18440678300287635125/120x600/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 25 Jun 2021 11:52:52 GMT
server: cafe
content-length: 32521
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 25-Jun-2021 12:07:52 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 25 Jun 2021 11:52:52 GMT
cache-control: private

GET
H2 200 show.php Show response
adds.livreuso.tk/anuncios// 482 B
488 B 55ms
54ms Script
text/html 31.22.4.94
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: https://adds.livreuso.tk/anuncios//show.php?ad_type=14&j=1&code=1624621972067
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.94 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv23.byethost23.org
Software: nginx /
Resource Hash: 83faf6d8e626b76e08febc472f9cf0bb9921a992ad61bc34b200930ad10e4602

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma: no-cache
date: Fri, 25 Jun 2021 11:52:51 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding
content-type: text/html
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 script.js Show response
ad.lomadee.com/banners/ Frame DE79 432 B
586 B 116ms
33ms Script
text/html 13.225.87.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lomadee.com/banners/script.js?sourceId=35923256&dimension=3&height=600&width=120&method=0
Requested by: Host: adds.livreuso.tk
URL: https://adds.livreuso.tk/anuncios//show_i.php?a=559&z=5&c=1&adurl=12462&target=_blank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-106.fra2.r.cloudfront.net
Software: Apache-Coyote/1.1 /
Resource Hash: e984e3d18fdb5dcc9ac6ab02e069d5b78cf22c19681cd064541c49de98c731b2

Request headers

Referer: https://adds.livreuso.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 20 Jun 2021 18:02:10 GMT
via: 1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
server: Apache-Coyote/1.1
age: 409842
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-language: en-US
content-encoding: gzip
x-amz-cf-pop: FRA2-C2
content-type: text/html;charset=UTF-8
x-amz-cf-id: ohliieks3ajlF0QnHDpvX45IF44LxWux3KWmkn0e0Z1jSw96kIHAuQ==

GET
H2 200 blank.gif
adds.livreuso.tk/anuncios//images/ Frame DE79 43 B
236 B 40ms
40ms Image
image/gif 31.22.4.94
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adds.livreuso.tk/anuncios//images/blank.gif
Requested by: Host: adds.livreuso.tk
URL: https://adds.livreuso.tk/anuncios//show_i.php?a=559&z=5&c=1&adurl=12462&target=_blank
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.94 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv23.byethost23.org
Software: nginx /
Resource Hash: 204e26ceed9d428095faf4121c5049f1e106116971865681001c2298f7cc5689

Request headers

Referer: https://adds.livreuso.tk/anuncios//show_i.php?a=559&z=5&c=1&adurl=12462&target=_blank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Sun, 17 Dec 2017 15:19:14 GMT
server: nginx
content-type: image/gif
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 43
expires: Sun, 25 Jul 2021 11:52:51 GMT

GET
H2 200 show_i.php Show response
adds.livreuso.tk/anuncios// Frame 9F60 1 KB
733 B 47ms
47ms Document
text/html 31.22.4.94
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: https://adds.livreuso.tk/anuncios//show_i.php?a=559&z=5&c=1&adurl=12462&target=_blank
Requested by: Host: adds.livreuso.tk
URL: https://adds.livreuso.tk/anuncios//show.php?ad_type=14&j=1&code=1624621972067
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.94 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv23.byethost23.org
Software: nginx /
Resource Hash: 3e553b96d208383a7df644bc4ea5f9639fbdcf758a7b0e43f434a1a6cec7e06b

Request headers

:method: GET
:authority: adds.livreuso.tk
:scheme: https
:path: /anuncios//show_i.php?a=559&z=5&c=1&adurl=12462&target=_blank
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://timedopovo.tk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://timedopovo.tk/

Response headers

server: nginx
date: Fri, 25 Jun 2021 11:52:51 GMT
content-type: text/html
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: PHPSESSID=d0d67u4ja54k94ub7uehhuiam5; path=/
content-encoding: br

GET
H2 200 blank.gif
adds.livreuso.tk/anuncios//images/ 43 B
236 B 47ms
46ms Image
image/gif 31.22.4.94
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adds.livreuso.tk/anuncios//images/blank.gif
Requested by: Host: adds.livreuso.tk
URL: https://adds.livreuso.tk/anuncios//show.php?ad_type=14&j=1&code=1624621972067
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.94 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv23.byethost23.org
Software: nginx /
Resource Hash: 204e26ceed9d428095faf4121c5049f1e106116971865681001c2298f7cc5689

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Sun, 17 Dec 2017 15:19:14 GMT
server: nginx
content-type: image/gif
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 43
expires: Sun, 25 Jul 2021 11:52:51 GMT

GET show_ads.js
pagead2.googlesyndication.com/pagead/ 0
0

GET brand
www.google.com.br/coop/cse/ 0
0

GET
H2

200

postindex.png
timedopovo.tk/wp-content/themes/crystalhosting/images/
Redirect Chain

https://cdn.shortpixel.ai/client/q_glossy,ret_img/https://timedopovo.tk/wp-content/themes/crystalhosting/images/postindex.png
https://timedopovo.tk/wp-content/themes/crystalhosting/images/postindex.png

8 KB
8 KB

120ms
120ms

Image
image/png

31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://timedopovo.tk/wp-content/themes/crystalhosting/images/postindex.png
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/wp-content/cache/autoptimize/css/autoptimize_f94ea748099c9df4dd02b3c685044b15.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: 64ad2b889e573ea0f48d0c21a22e7dbc47d08ca54dff2091e418e9b4b418be14

Request headers

:path: /wp-content/themes/crystalhosting/images/postindex.png
pragma: no-cache
cookie: __utmc=204431381; __utmz=204431381.1624621972.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utma=204431381.1723328054.1624621972.1624621972.1624621972.1; __utmb=204431381.1.10.1624621972; __gads=ID=b1c433b0e6fb91cb-228ff22432c900c0:T=1624621972:RT=1624621972:S=ALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: cross-site
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Fri, 06 Apr 2018 00:41:57 GMT
server: nginx
content-type: image/png
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 7795
expires: Sun, 25 Jul 2021 11:52:51 GMT

Redirect headers

date: Fri, 25 Jun 2021 11:52:52 GMT
cdn-edgestorageid: 601, 602
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-tag: Domain:timedopovo.tk
cdn-cachedat: 2021-06-24 23:48:37
cdn-pullzone: 257218
content-length: 0
pragma: cache
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
server: BunnyCDN-DE1-723
cdn-requestpullcode: 302
x-purge: 1
location: https://timedopovo.tk/wp-content/themes/crystalhosting/images/postindex.png
content-type: text/html; charset=UTF-8
cdn-cache: HIT
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cache-control: public, max-age=86400
cdn-requestid: 6290bb8c390b664367207e578f673eaa
cdn-requestcountrycode: FR
cdn-requestpullsuccess: True

GET
H2

200

postfim-2.png
timedopovo.tk/wp-content/themes/crystalhosting/images/
Redirect Chain

https://cdn.shortpixel.ai/client/q_glossy,ret_img/https://timedopovo.tk/wp-content/themes/crystalhosting/images/postfim-2.png
https://timedopovo.tk/wp-content/themes/crystalhosting/images/postfim-2.png

3 KB
3 KB

124ms
124ms

Image
image/png

31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://timedopovo.tk/wp-content/themes/crystalhosting/images/postfim-2.png
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/wp-content/cache/autoptimize/css/autoptimize_f94ea748099c9df4dd02b3c685044b15.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: 5a02e2246cb69facdac93ae2789f172c7ad079808db6bf62f41af6c6c2857a95

Request headers

:path: /wp-content/themes/crystalhosting/images/postfim-2.png
pragma: no-cache
cookie: __utmc=204431381; __utmz=204431381.1624621972.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utma=204431381.1723328054.1624621972.1624621972.1624621972.1; __utmb=204431381.1.10.1624621972; __gads=ID=b1c433b0e6fb91cb-228ff22432c900c0:T=1624621972:RT=1624621972:S=ALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: cross-site
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Fri, 06 Apr 2018 00:41:57 GMT
server: nginx
content-type: image/png
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 3249
expires: Sun, 25 Jul 2021 11:52:51 GMT

Redirect headers

date: Fri, 25 Jun 2021 11:52:52 GMT
cdn-edgestorageid: 601, 602
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-tag: Domain:timedopovo.tk
cdn-cachedat: 2021-06-24 23:48:37
cdn-pullzone: 257218
content-length: 0
pragma: cache
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
server: BunnyCDN-DE1-723
cdn-requestpullcode: 302
x-purge: 1
location: https://timedopovo.tk/wp-content/themes/crystalhosting/images/postfim-2.png
content-type: text/html; charset=UTF-8
cdn-cache: HIT
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cache-control: public, max-age=86400
cdn-requestid: 3b80820ec33aea9b5538c70166818187
cdn-requestcountrycode: FR
cdn-requestpullsuccess: True

GET
H2

200

sidebaruppp.png
timedopovo.tk/wp-content/themes/crystalhosting/images/
Redirect Chain

https://cdn.shortpixel.ai/client/q_glossy,ret_img/https://timedopovo.tk/wp-content/themes/crystalhosting/images/sidebaruppp.png
https://timedopovo.tk/wp-content/themes/crystalhosting/images/sidebaruppp.png

3 KB
3 KB

75ms
74ms

Image
image/png

31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://timedopovo.tk/wp-content/themes/crystalhosting/images/sidebaruppp.png
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/wp-content/cache/autoptimize/css/autoptimize_f94ea748099c9df4dd02b3c685044b15.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: 2ef3959264092b72de9339f88c90054eed3c2c83a3e755b058df53ce75310ee7

Request headers

:path: /wp-content/themes/crystalhosting/images/sidebaruppp.png
pragma: no-cache
cookie: __utmc=204431381; __utmz=204431381.1624621972.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utma=204431381.1723328054.1624621972.1624621972.1624621972.1; __utmb=204431381.1.10.1624621972; __gads=ID=b1c433b0e6fb91cb-228ff22432c900c0:T=1624621972:RT=1624621972:S=ALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: cross-site
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Fri, 06 Apr 2018 00:41:57 GMT
server: nginx
content-type: image/png
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 3281
expires: Sun, 25 Jul 2021 11:52:51 GMT

Redirect headers

date: Fri, 25 Jun 2021 11:52:52 GMT
cdn-edgestorageid: 755, 602
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-tag: Domain:timedopovo.tk
cdn-cachedat: 2021-06-25 11:52:52
cdn-pullzone: 257218
content-length: 0
pragma: cache
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
server: BunnyCDN-DE1-723
cdn-requestpullcode: 302
x-purge: 1
location: https://timedopovo.tk/wp-content/themes/crystalhosting/images/sidebaruppp.png
content-type: text/html; charset=UTF-8
cdn-cache: EXPIRED
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cache-control: public, max-age=86400
cdn-requestid: f27035cf112eb13cf5187a2d2b8e1130
cdn-requestcountrycode: FR
cdn-requestpullsuccess: True

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=timedopovo.tk

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Jun 2021 11:52:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=timedopovo.tk

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Jun 2021 11:52:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FB67 65 KB
23 KB 1192ms
1191ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3432341997211165&output=html&h=600&slotname=4618836511&adk=2751928702&adf=4244182132&pi=t.ma~as.4618836511&w=300&fwrn=4&fwrnh=100&lmt=1624621972&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1624621972127&bpp=17&bdt=414&idt=18&shv=r20210623&cbv=%2Fr20110914&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db1c433b0e6fb91cb-228ff22432c900c0%3AT%3D1624621972%3ART%3D1624621972%3AS%3DALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg&prev_fmts=0x0%2C1000x280&prev_slotnames=3804470934%2C0023709217&nras=1&correlator=3852904018217&frm=20&pv=1&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=705&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ViQdQvncoz&p=https%3A//timedopovo.tk&dtd=38

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fb9f771f2f3947d9f846c24b3313a1b3e5673918341e8ef5eab8dbc7c98e6720

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPy-r7zcsvECFT3Quwgd6f0I5g&gqi=lMPVYKDdCtmr7gPorJSwDQ&layout=/sadbundle/%24csp%253Der3%24/17626451119355985920/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3432341997211165&output=html&h=600&slotname=4618836511&adk=2751928702&adf=4244182132&pi=t.ma~as.4618836511&w=300&fwrn=4&fwrnh=100&lmt=1624621972&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1624621972127&bpp=17&bdt=414&idt=18&shv=r20210623&cbv=%2Fr20110914&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db1c433b0e6fb91cb-228ff22432c900c0%3AT%3D1624621972%3ART%3D1624621972%3AS%3DALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg&prev_fmts=0x0%2C1000x280&prev_slotnames=3804470934%2C0023709217&nras=1&correlator=3852904018217&frm=20&pv=1&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=705&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ViQdQvncoz&p=https%3A//timedopovo.tk&dtd=38
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://timedopovo.tk/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://timedopovo.tk/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPy-r7zcsvECFT3Quwgd6f0I5g&gqi=lMPVYKDdCtmr7gPorJSwDQ&layout=/sadbundle/%24csp%253Der3%24/17626451119355985920/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 25 Jun 2021 11:52:53 GMT
server: cafe
content-length: 23228
x-xss-protection: 0
set-cookie: IDE=AHWqTUmaqTHxc6u4a9UvGhhzVJ57eZhgKUXjL6cXK2_5Qr8tziwbQSjyWA871WgigK8; expires=Wed, 20-Jul-2022 11:52:52 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 25 Jun 2021 11:52:53 GMT
cache-control: private

GET
H2 200 show.php Show response
adds.livreuso.tk/anuncios// 483 B
487 B 50ms
49ms Script
text/html 31.22.4.94
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: https://adds.livreuso.tk/anuncios//show.php?z=29&j=1&code=1624621972170
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.94 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv23.byethost23.org
Software: nginx /
Resource Hash: b31b92a7e824adf57f0b02d1c68ed152046f1a6307d415871c251cb8c56d6719

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma: no-cache
date: Fri, 25 Jun 2021 11:52:51 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding
content-type: text/html
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2

200

004-145x100.jpg
timedopovo.tk/wp-content/uploads/2021/06/
Redirect Chain

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_145/https://timedopovo.tk/wp-content/uploads/2021/06/004-145x100.jpg
https://timedopovo.tk/wp-content/uploads/2021/06/004-145x100.jpg

4 KB
5 KB

57ms
56ms

Image
image/jpeg

31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://timedopovo.tk/wp-content/uploads/2021/06/004-145x100.jpg
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: 23f91e8fed1b07720dbb269a526666a72ca20e4af6388c95757f7469229708dd

Request headers

:path: /wp-content/uploads/2021/06/004-145x100.jpg
pragma: no-cache
cookie: __utmc=204431381; __utmz=204431381.1624621972.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utma=204431381.1723328054.1624621972.1624621972.1624621972.1; __utmb=204431381.1.10.1624621972; __gads=ID=b1c433b0e6fb91cb-228ff22432c900c0:T=1624621972:RT=1624621972:S=ALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: cross-site
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Wed, 09 Jun 2021 12:19:41 GMT
server: nginx
content-type: image/jpeg
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 4416
expires: Sun, 25 Jul 2021 11:52:51 GMT

Redirect headers

date: Fri, 25 Jun 2021 11:52:52 GMT
cdn-edgestorageid: 632, 602
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-tag: Domain:timedopovo.tk
cdn-cachedat: 2021-06-25 13:52:52
cdn-pullzone: 257218
content-length: 0
pragma: cache
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
server: BunnyCDN-DE1-723
cdn-requestpullcode: 302
x-purge: 1
location: https://timedopovo.tk/wp-content/uploads/2021/06/004-145x100.jpg
content-type: text/html; charset=UTF-8
cdn-cache: EXPIRED
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cache-control: public, max-age=86400
cdn-requestid: fdbb0d733c83ee5686c2789848469a5a
cdn-requestcountrycode: FR
cdn-requestpullsuccess: True

GET
H2

200

003-144x100.jpg
timedopovo.tk/wp-content/uploads/2021/06/
Redirect Chain

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_144/https://timedopovo.tk/wp-content/uploads/2021/06/003-144x100.jpg
https://timedopovo.tk/wp-content/uploads/2021/06/003-144x100.jpg

4 KB
5 KB

64ms
63ms

Image
image/jpeg

31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://timedopovo.tk/wp-content/uploads/2021/06/003-144x100.jpg
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: b57245994e1df062a0eb10265547e7d49d7e3007df0c1f409dd34a42e78430e6

Request headers

:path: /wp-content/uploads/2021/06/003-144x100.jpg
pragma: no-cache
cookie: __utmc=204431381; __utmz=204431381.1624621972.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utma=204431381.1723328054.1624621972.1624621972.1624621972.1; __utmb=204431381.1.10.1624621972; __gads=ID=b1c433b0e6fb91cb-228ff22432c900c0:T=1624621972:RT=1624621972:S=ALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: cross-site
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Fri, 04 Jun 2021 17:53:38 GMT
server: nginx
content-type: image/jpeg
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 4476
expires: Sun, 25 Jul 2021 11:52:51 GMT

Redirect headers

date: Fri, 25 Jun 2021 11:52:52 GMT
cdn-edgestorageid: 722, 602
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-tag: Domain:timedopovo.tk
cdn-cachedat: 2021-06-25 13:52:52
cdn-pullzone: 257218
content-length: 0
pragma: cache
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
server: BunnyCDN-DE1-723
cdn-requestpullcode: 302
x-purge: 1
location: https://timedopovo.tk/wp-content/uploads/2021/06/003-144x100.jpg
content-type: text/html; charset=UTF-8
cdn-cache: EXPIRED
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cache-control: public, max-age=86400
cdn-requestid: d506e9d5e81c7da9e32ea72a890329b9
cdn-requestcountrycode: FR
cdn-requestpullsuccess: True

GET
H2

200

agenciacorinthians-foto-180450-1-1024x695-1-147x100.jpg
timedopovo.tk/wp-content/uploads/2021/06/
Redirect Chain

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_147/https://timedopovo.tk/wp-content/uploads/2021/06/agenciacorinthians-foto-180450-1-1024x695-1-147x100.jpg
https://timedopovo.tk/wp-content/uploads/2021/06/agenciacorinthians-foto-180450-1-1024x695-1-147x100.jpg

5 KB
5 KB

79ms
79ms

Image
image/jpeg

31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://timedopovo.tk/wp-content/uploads/2021/06/agenciacorinthians-foto-180450-1-1024x695-1-147x100.jpg
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: dcdf89c03c77ddfecca983f3193527d5ecadb6703589b8cdd0ba77ff0928ef2c

Request headers

:path: /wp-content/uploads/2021/06/agenciacorinthians-foto-180450-1-1024x695-1-147x100.jpg
pragma: no-cache
cookie: __utmc=204431381; __utmz=204431381.1624621972.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utma=204431381.1723328054.1624621972.1624621972.1624621972.1; __utmb=204431381.1.10.1624621972; __gads=ID=b1c433b0e6fb91cb-228ff22432c900c0:T=1624621972:RT=1624621972:S=ALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: cross-site
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Fri, 04 Jun 2021 17:49:39 GMT
server: nginx
content-type: image/jpeg
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 5414
expires: Sun, 25 Jul 2021 11:52:51 GMT

Redirect headers

date: Fri, 25 Jun 2021 11:52:52 GMT
cdn-edgestorageid: 632, 602
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-tag: Domain:timedopovo.tk
cdn-cachedat: 2021-06-25 13:52:52
cdn-pullzone: 257218
content-length: 0
pragma: cache
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
server: BunnyCDN-DE1-723
cdn-requestpullcode: 302
x-purge: 1
location: https://timedopovo.tk/wp-content/uploads/2021/06/agenciacorinthians-foto-180450-1-1024x695-1-147x100.jpg
content-type: text/html; charset=UTF-8
cdn-cache: EXPIRED
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cache-control: public, max-age=86400
cdn-requestid: fcb4d2d92da5f1a821fed24dbf98139c
cdn-requestcountrycode: FR
cdn-requestpullsuccess: True

GET
H2

200

Se-entrar-em-campo-Ramiro-vai-completar-100-jogos-pelo-Corinthians-147x100.jpg
timedopovo.tk/wp-content/uploads/2021/06/
Redirect Chain

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_147/https://timedopovo.tk/wp-content/uploads/2021/06/Se-entrar-em-campo-Ramiro-vai-completar-100-jogos-pelo-Corinthians-147x100.jpg
https://timedopovo.tk/wp-content/uploads/2021/06/Se-entrar-em-campo-Ramiro-vai-completar-100-jogos-pelo-Corinthians-147x100.jpg

5 KB
5 KB

64ms
63ms

Image
image/jpeg

31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://timedopovo.tk/wp-content/uploads/2021/06/Se-entrar-em-campo-Ramiro-vai-completar-100-jogos-pelo-Corinthians-147x100.jpg
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: a984aa4dd8ef7b364554086f53750aadfeee7e5eb91194afa2b68eb776d7d090

Request headers

:path: /wp-content/uploads/2021/06/Se-entrar-em-campo-Ramiro-vai-completar-100-jogos-pelo-Corinthians-147x100.jpg
pragma: no-cache
cookie: __utmc=204431381; __utmz=204431381.1624621972.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utma=204431381.1723328054.1624621972.1624621972.1624621972.1; __utmb=204431381.1.10.1624621972; __gads=ID=b1c433b0e6fb91cb-228ff22432c900c0:T=1624621972:RT=1624621972:S=ALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: cross-site
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Wed, 02 Jun 2021 12:16:17 GMT
server: nginx
content-type: image/jpeg
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 4680
expires: Sun, 25 Jul 2021 11:52:51 GMT

Redirect headers

date: Fri, 25 Jun 2021 11:52:52 GMT
cdn-edgestorageid: 756, 602
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-tag: Domain:timedopovo.tk
cdn-cachedat: 2021-06-25 13:52:52
cdn-pullzone: 257218
content-length: 0
pragma: cache
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
server: BunnyCDN-DE1-723
cdn-requestpullcode: 302
x-purge: 1
location: https://timedopovo.tk/wp-content/uploads/2021/06/Se-entrar-em-campo-Ramiro-vai-completar-100-jogos-pelo-Corinthians-147x100.jpg
content-type: text/html; charset=UTF-8
cdn-cache: EXPIRED
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cache-control: public, max-age=86400
cdn-requestid: 9ba4c49d73dfcea978209f63177b2265
cdn-requestcountrycode: FR
cdn-requestpullsuccess: True

GET
H2

200

E2zqBvVXEAABR5D-133x100.jpg
timedopovo.tk/wp-content/uploads/2021/06/
Redirect Chain

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_133/https://timedopovo.tk/wp-content/uploads/2021/06/E2zqBvVXEAABR5D-133x100.jpg
https://timedopovo.tk/wp-content/uploads/2021/06/E2zqBvVXEAABR5D-133x100.jpg

6 KB
6 KB

79ms
79ms

Image
image/jpeg

31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://timedopovo.tk/wp-content/uploads/2021/06/E2zqBvVXEAABR5D-133x100.jpg
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: a1002be707e49b36154939a19473e7fea49324fba0ddd01ae6d371cf07908e35

Request headers

:path: /wp-content/uploads/2021/06/E2zqBvVXEAABR5D-133x100.jpg
pragma: no-cache
cookie: __utmc=204431381; __utmz=204431381.1624621972.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utma=204431381.1723328054.1624621972.1624621972.1624621972.1; __utmb=204431381.1.10.1624621972; __gads=ID=b1c433b0e6fb91cb-228ff22432c900c0:T=1624621972:RT=1624621972:S=ALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: cross-site
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Tue, 01 Jun 2021 17:06:55 GMT
server: nginx
content-type: image/jpeg
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 5933
expires: Sun, 25 Jul 2021 11:52:51 GMT

Redirect headers

date: Fri, 25 Jun 2021 11:52:52 GMT
cdn-edgestorageid: 632, 602
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-tag: Domain:timedopovo.tk
cdn-cachedat: 2021-06-25 13:52:52
cdn-pullzone: 257218
content-length: 0
pragma: cache
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
server: BunnyCDN-DE1-723
cdn-requestpullcode: 302
x-purge: 1
location: https://timedopovo.tk/wp-content/uploads/2021/06/E2zqBvVXEAABR5D-133x100.jpg
content-type: text/html; charset=UTF-8
cdn-cache: EXPIRED
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cache-control: public, max-age=86400
cdn-requestid: d981ae5c8e7e7891487e59c6e757303b
cdn-requestcountrycode: FR
cdn-requestpullsuccess: True

GET
H2

200

agenciacorinthians-foto-180367-1-1024x690-1-148x100.jpg
timedopovo.tk/wp-content/uploads/2021/06/
Redirect Chain

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_148/https://timedopovo.tk/wp-content/uploads/2021/06/agenciacorinthians-foto-180367-1-1024x690-1-148x100.jpg
https://timedopovo.tk/wp-content/uploads/2021/06/agenciacorinthians-foto-180367-1-1024x690-1-148x100.jpg

6 KB
6 KB

71ms
71ms

Image
image/jpeg

31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://timedopovo.tk/wp-content/uploads/2021/06/agenciacorinthians-foto-180367-1-1024x690-1-148x100.jpg
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: 367ab85e5b8f900d16ab9eefd01e4e0bf1bce3b1f427edac85b88220242a2bcc

Request headers

:path: /wp-content/uploads/2021/06/agenciacorinthians-foto-180367-1-1024x690-1-148x100.jpg
pragma: no-cache
cookie: __utmc=204431381; __utmz=204431381.1624621972.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utma=204431381.1723328054.1624621972.1624621972.1624621972.1; __utmb=204431381.1.10.1624621972; __gads=ID=b1c433b0e6fb91cb-228ff22432c900c0:T=1624621972:RT=1624621972:S=ALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: cross-site
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Tue, 01 Jun 2021 17:03:27 GMT
server: nginx
content-type: image/jpeg
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 6069
expires: Sun, 25 Jul 2021 11:52:51 GMT

Redirect headers

date: Fri, 25 Jun 2021 11:52:52 GMT
cdn-edgestorageid: 632, 602
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-tag: Domain:timedopovo.tk
cdn-cachedat: 2021-06-25 13:52:52
cdn-pullzone: 257218
content-length: 0
pragma: cache
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
server: BunnyCDN-DE1-723
cdn-requestpullcode: 302
x-purge: 1
location: https://timedopovo.tk/wp-content/uploads/2021/06/agenciacorinthians-foto-180367-1-1024x690-1-148x100.jpg
content-type: text/html; charset=UTF-8
cdn-cache: EXPIRED
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cache-control: public, max-age=86400
cdn-requestid: 2879b35870075591aa8b5aa18afbff69
cdn-requestcountrycode: FR
cdn-requestpullsuccess: True

GET
H2

200

Corinthians-comemora-49-anos-da-estreia-do-idolo-Wladimir-145x100.jpg
timedopovo.tk/wp-content/uploads/2021/06/
Redirect Chain

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_145/https://timedopovo.tk/wp-content/uploads/2021/06/Corinthians-comemora-49-anos-da-estreia-do-idolo-Wladimir-145x100.jpg
https://timedopovo.tk/wp-content/uploads/2021/06/Corinthians-comemora-49-anos-da-estreia-do-idolo-Wladimir-145x100.jpg

6 KB
6 KB

62ms
61ms

Image
image/jpeg

31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://timedopovo.tk/wp-content/uploads/2021/06/Corinthians-comemora-49-anos-da-estreia-do-idolo-Wladimir-145x100.jpg
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: f805d35a83897b0b2be89a14dd7ef81d59a7a4f03c83b6fe63b779e0af52522e

Request headers

:path: /wp-content/uploads/2021/06/Corinthians-comemora-49-anos-da-estreia-do-idolo-Wladimir-145x100.jpg
pragma: no-cache
cookie: __utmc=204431381; __utmz=204431381.1624621972.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utma=204431381.1723328054.1624621972.1624621972.1624621972.1; __utmb=204431381.1.10.1624621972; __gads=ID=b1c433b0e6fb91cb-228ff22432c900c0:T=1624621972:RT=1624621972:S=ALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: cross-site
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Tue, 01 Jun 2021 16:59:30 GMT
server: nginx
content-type: image/jpeg
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 6213
expires: Sun, 25 Jul 2021 11:52:51 GMT

Redirect headers

date: Fri, 25 Jun 2021 11:52:52 GMT
cdn-edgestorageid: 601, 602
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-tag: Domain:timedopovo.tk
cdn-cachedat: 2021-06-24 23:48:37
cdn-pullzone: 257218
content-length: 0
pragma: cache
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
server: BunnyCDN-DE1-723
cdn-requestpullcode: 302
x-purge: 1
location: https://timedopovo.tk/wp-content/uploads/2021/06/Corinthians-comemora-49-anos-da-estreia-do-idolo-Wladimir-145x100.jpg
content-type: text/html; charset=UTF-8
cdn-cache: HIT
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cache-control: public, max-age=86400
cdn-requestid: 11c8dd34f6631c280fbd4fd6cdeef884
cdn-requestcountrycode: FR
cdn-requestpullsuccess: True

GET
H2

200

001-177x100.png
timedopovo.tk/wp-content/uploads/2021/06/
Redirect Chain

https://cdn.shortpixel.ai/client/q_glossy,ret_img,w_177/https://timedopovo.tk/wp-content/uploads/2021/06/001-177x100.png
https://timedopovo.tk/wp-content/uploads/2021/06/001-177x100.png

11 KB
11 KB

80ms
79ms

Image
image/png

31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://timedopovo.tk/wp-content/uploads/2021/06/001-177x100.png
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: acdf89c6903b463e90842a8ca32ac5cf48f4937964f15f06319e4acbd82fb7d3

Request headers

:path: /wp-content/uploads/2021/06/001-177x100.png
pragma: no-cache
cookie: __utmc=204431381; __utmz=204431381.1624621972.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utma=204431381.1723328054.1624621972.1624621972.1624621972.1; __utmb=204431381.1.10.1624621972; __gads=ID=b1c433b0e6fb91cb-228ff22432c900c0:T=1624621972:RT=1624621972:S=ALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: cross-site
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Tue, 01 Jun 2021 16:53:15 GMT
server: nginx
content-type: image/png
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 11374
expires: Sun, 25 Jul 2021 11:52:51 GMT

Redirect headers

date: Fri, 25 Jun 2021 11:52:52 GMT
cdn-edgestorageid: 723, 602
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-tag: Domain:timedopovo.tk
cdn-cachedat: 2021-06-25 13:52:52
cdn-pullzone: 257218
content-length: 0
pragma: cache
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
server: BunnyCDN-DE1-723
cdn-requestpullcode: 302
x-purge: 1
location: https://timedopovo.tk/wp-content/uploads/2021/06/001-177x100.png
content-type: text/html; charset=UTF-8
cdn-cache: EXPIRED
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cache-control: public, max-age=86400
cdn-requestid: 25c375e21c637c074eed6ea6c12ad5df
cdn-requestcountrycode: FR
cdn-requestpullsuccess: True

GET
H2 200 script.js Show response
ad.lomadee.com/banners/ Frame 9F60 432 B
588 B 31ms
31ms Script
text/html 13.225.87.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lomadee.com/banners/script.js?sourceId=35923256&dimension=3&height=600&width=120&method=0
Requested by: Host: adds.livreuso.tk
URL: https://adds.livreuso.tk/anuncios//show_i.php?a=559&z=5&c=1&adurl=12462&target=_blank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-106.fra2.r.cloudfront.net
Software: Apache-Coyote/1.1 /
Resource Hash: e984e3d18fdb5dcc9ac6ab02e069d5b78cf22c19681cd064541c49de98c731b2

Request headers

Referer: https://adds.livreuso.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 20 Jun 2021 18:02:10 GMT
via: 1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
server: Apache-Coyote/1.1
age: 409842
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-language: en-US
content-encoding: gzip
x-amz-cf-pop: FRA2-C2
content-type: text/html;charset=UTF-8
x-amz-cf-id: mD84Sm9bUpWPrI3LwMlqhIy9UQ6kq-4TSuCcLZjPn2TLxBoa6YLOzQ==

GET
H2 200 blank.gif
adds.livreuso.tk/anuncios//images/ Frame 9F60 43 B
236 B 42ms
42ms Image
image/gif 31.22.4.94
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adds.livreuso.tk/anuncios//images/blank.gif
Requested by: Host: adds.livreuso.tk
URL: https://adds.livreuso.tk/anuncios//show_i.php?a=559&z=5&c=1&adurl=12462&target=_blank
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.94 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv23.byethost23.org
Software: nginx /
Resource Hash: 204e26ceed9d428095faf4121c5049f1e106116971865681001c2298f7cc5689

Request headers

Referer: https://adds.livreuso.tk/anuncios//show_i.php?a=559&z=5&c=1&adurl=12462&target=_blank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Sun, 17 Dec 2017 15:19:14 GMT
server: nginx
content-type: image/gif
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 43
expires: Sun, 25 Jul 2021 11:52:51 GMT

GET
H2 200 view Show response
ad.lomadee.com/banner/ Frame BABE 1 KB
1 KB 498ms
497ms Document
text/html 13.225.87.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lomadee.com/banner/view?sourceId=35923256&dimension=3&width=120&height=600&method=0&advertisers=&tags=
Requested by: Host: ad.lomadee.com
URL: https://ad.lomadee.com/banners/script.js?sourceId=35923256&dimension=3&height=600&width=120&method=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-106.fra2.r.cloudfront.net
Software: Apache-Coyote/1.1 /
Resource Hash: cd85f1e4ab27f8b66e53eaefc644972829da5e798b244e6afb9a3d8d97493169

Request headers

:method: GET
:authority: ad.lomadee.com
:scheme: https
:path: /banner/view?sourceId=35923256&dimension=3&width=120&height=600&method=0&advertisers=&tags=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://adds.livreuso.tk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://adds.livreuso.tk/

Response headers

content-type: text/html;charset=UTF-8
content-encoding: gzip
content-language: en-US
date: Fri, 25 Jun 2021 11:52:52 GMT
server: Apache-Coyote/1.1
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: WHKWOiHu0HJTQHDjFN-fjQtLTVkkeUzxSNyPKHJX2Q7NmoX0M5Lwiw==

GET
H2 200 view Show response
ad.lomadee.com/banner/ Frame D574 1 KB
1 KB 496ms
496ms Document
text/html 13.225.87.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lomadee.com/banner/view?sourceId=35923256&dimension=3&width=120&height=600&method=0&advertisers=&tags=
Requested by: Host: ad.lomadee.com
URL: https://ad.lomadee.com/banners/script.js?sourceId=35923256&dimension=3&height=600&width=120&method=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-106.fra2.r.cloudfront.net
Software: Apache-Coyote/1.1 /
Resource Hash: cd85f1e4ab27f8b66e53eaefc644972829da5e798b244e6afb9a3d8d97493169

Request headers

:method: GET
:authority: ad.lomadee.com
:scheme: https
:path: /banner/view?sourceId=35923256&dimension=3&width=120&height=600&method=0&advertisers=&tags=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://adds.livreuso.tk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://adds.livreuso.tk/

Response headers

content-type: text/html;charset=UTF-8
content-encoding: gzip
content-language: en-US
date: Fri, 25 Jun 2021 11:52:52 GMT
server: Apache-Coyote/1.1
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: aDZB1fORYb1QydUAr0yKdBIIwF4fEnZL7ScgVRW0052hKlhLpy9oNg==

GET
H2 200 show_i.php Show response
adds.livreuso.tk/anuncios// Frame CDE8 1 KB
732 B 47ms
47ms Document
text/html 31.22.4.94
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: https://adds.livreuso.tk/anuncios//show_i.php?a=529&z=29&c=1&adurl=12461&target=_blank
Requested by: Host: adds.livreuso.tk
URL: https://adds.livreuso.tk/anuncios//show.php?z=29&j=1&code=1624621972170
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.94 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv23.byethost23.org
Software: nginx /
Resource Hash: 52615651e8bcb20d28c21c732c47aaf6c23e4e9791bcff5b0c49ba8bb7eb34b3

Request headers

:method: GET
:authority: adds.livreuso.tk
:scheme: https
:path: /anuncios//show_i.php?a=529&z=29&c=1&adurl=12461&target=_blank
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://timedopovo.tk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://timedopovo.tk/

Response headers

server: nginx
date: Fri, 25 Jun 2021 11:52:51 GMT
content-type: text/html
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: PHPSESSID=vjvcag9slnmp656ke836eiad34; path=/
content-encoding: br

GET
H2 200 blank.gif
adds.livreuso.tk/anuncios//images/ 43 B
236 B 44ms
43ms Image
image/gif 31.22.4.94
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adds.livreuso.tk/anuncios//images/blank.gif
Requested by: Host: adds.livreuso.tk
URL: https://adds.livreuso.tk/anuncios//show.php?z=29&j=1&code=1624621972170
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.94 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv23.byethost23.org
Software: nginx /
Resource Hash: 204e26ceed9d428095faf4121c5049f1e106116971865681001c2298f7cc5689

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Sun, 17 Dec 2017 15:19:14 GMT
server: nginx
content-type: image/gif
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 43
expires: Sun, 25 Jul 2021 11:52:51 GMT

GET
H2 200 script.js Show response
ad.lomadee.com/banners/ Frame CDE8 430 B
593 B 29ms
28ms Script
text/html 13.225.87.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lomadee.com/banners/script.js?sourceId=35923256&dimension=1&height=90&width=728&method=0
Requested by: Host: adds.livreuso.tk
URL: https://adds.livreuso.tk/anuncios//show_i.php?a=529&z=29&c=1&adurl=12461&target=_blank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-106.fra2.r.cloudfront.net
Software: Apache-Coyote/1.1 /
Resource Hash: cd3600e9be27f74665aba132c024322645a8e61af8dc08072c617386511268bb

Request headers

Referer: https://adds.livreuso.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 01:06:04 GMT
content-encoding: gzip
server: Apache-Coyote/1.1
age: 816408
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-language: en-US
via: 1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
content-type: text/html;charset=UTF-8
content-length: 280
x-amz-cf-id: AxYk7uHmH-OL0W3buVE6SxedQdNr6weOiKtOUj9CJ9lKTkXUKNYvjg==

GET
H2 200 blank.gif
adds.livreuso.tk/anuncios//images/ Frame CDE8 43 B
236 B 45ms
45ms Image
image/gif 31.22.4.94
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adds.livreuso.tk/anuncios//images/blank.gif
Requested by: Host: adds.livreuso.tk
URL: https://adds.livreuso.tk/anuncios//show_i.php?a=529&z=29&c=1&adurl=12461&target=_blank
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.94 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv23.byethost23.org
Software: nginx /
Resource Hash: 204e26ceed9d428095faf4121c5049f1e106116971865681001c2298f7cc5689

Request headers

Referer: https://adds.livreuso.tk/anuncios//show_i.php?a=529&z=29&c=1&adurl=12461&target=_blank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:51 GMT
last-modified: Sun, 17 Dec 2017 15:19:14 GMT
server: nginx
content-type: image/gif
cache-control: max-age=2592000, public, proxy-revalidate
accept-ranges: bytes
content-length: 43
expires: Sun, 25 Jul 2021 11:52:51 GMT

GET
H2 200 view Show response
ad.lomadee.com/banner/ Frame 6044 1 KB
1 KB 29ms
29ms Document
text/html 13.225.87.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lomadee.com/banner/view?sourceId=35923256&dimension=1&width=728&height=90&method=0&advertisers=&tags=
Requested by: Host: ad.lomadee.com
URL: https://ad.lomadee.com/banners/script.js?sourceId=35923256&dimension=1&height=90&width=728&method=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-106.fra2.r.cloudfront.net
Software: Apache-Coyote/1.1 /
Resource Hash: fe436fc4b8f01e9a69bde0f5ca5ad67576935e4fc66396c5ad61f04d3cd2629b

Request headers

:method: GET
:authority: ad.lomadee.com
:scheme: https
:path: /banner/view?sourceId=35923256&dimension=1&width=728&height=90&method=0&advertisers=&tags=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://adds.livreuso.tk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://adds.livreuso.tk/

Response headers

content-type: text/html;charset=UTF-8
content-encoding: gzip
content-language: en-US
date: Fri, 25 Jun 2021 11:52:46 GMT
server: Apache-Coyote/1.1
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: LtCGYSMI5yqQRGaXFZqLoOKGcuyszh4ZrhhqHb7oGdKMLEHZwPAHKg==
age: 6

GET
H2 200 994bf1bbb2e088bc7a367ef26f7388c2
ad.lomadee.com/banners/7892/ Frame 6044 51 KB
51 KB 38ms
37ms Image
image/png 13.225.87.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.lomadee.com/banners/7892/994bf1bbb2e088bc7a367ef26f7388c2
Requested by: Host: ad.lomadee.com
URL: https://ad.lomadee.com/banner/view?sourceId=35923256&dimension=1&width=728&height=90&method=0&advertisers=&tags=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-106.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b791326b98b5f2e8c97a99c8cd11dc22851b227cf318cffca64df636aeb65ea3

Request headers

Referer: https://ad.lomadee.com/banner/view?sourceId=35923256&dimension=1&width=728&height=90&method=0&advertisers=&tags=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:47 GMT
via: 1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
last-modified: Wed, 16 Jun 2021 17:34:06 GMT
server: AmazonS3
age: 6
etag: "25a6163a63171497905e639842d03c31"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 52110
x-amz-cf-id: ZuHUX4OO8x6qkjXWAZIxEEDxQbj9hcprf3DpMGDefkn7hyuF-6wGLA==

GET analyze.js
statistcdn.com/ Frame 6044 0
0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 6044 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: ad.lomadee.com
URL: https://ad.lomadee.com/banner/view?sourceId=35923256&dimension=1&width=728&height=90&method=0&advertisers=&tags=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ad.lomadee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 764
date: Fri, 25 Jun 2021 11:40:08 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Fri, 25 Jun 2021 13:40:08 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/ Frame D9D0 17 KB
7 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3432341997211165&output=html&h=600&slotname=0023709217&adk=208576126&adf=3656672136&pi=t.ma~as.0023709217&w=120&lmt=1624621972&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624621972049&bpp=9&bdt=336&idt=9&shv=r20210623&cbv=%2Fr20110914&ptt=5&saldr=sa&abxe=1&prev_fmts=0x0%2C1000x280&prev_slotnames=3804470934&nras=1&correlator=3852904018217&frm=20&pv=1&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=315&ady=1047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=1024&bc=31&ifi=4&uci=a!4&fsb=1&xpc=yoEklnrNYV&p=https%3A//timedopovo.tk&dtd=14

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

013bec3910ad3d4838f46d1a0095d9e6f0ea3e676e786daf0147dce032b651b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:47:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 299
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7112
x-xss-protection: 0
server: cafe
etag: 12276874145846594193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jul 2021 11:47:53 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/ Frame D9D0 3 KB
1 KB 31ms
10ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jul 2021 11:52:46 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D9D0 125 KB
38 KB 29ms
16ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b35a4ef06e319281153f0f4b026996a350853075e70204a388d524eab724433f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:52 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624469964731542"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38558
x-xss-protection: 0
expires: Fri, 25 Jun 2021 11:52:52 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/ Frame D9D0 13 KB
6 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c969efceff108562296b3425ced4ae3921ebf7baf40958c4b500c7d075ae350a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:51:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 5108850372203985220
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jul 2021 11:51:32 GMT

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/ Frame 69A1 87 KB
20 KB 25ms
11ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/index.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b0427c4e3c35b304cdbc50b25c8a811c86bde0b1f6e5331b0c3d827108ed81f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/18440678300287635125/120x600/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Wed, 23 Jun 2021 10:46:30 GMT
expires: Thu, 23 Jun 2022 10:46:30 GMT
last-modified: Mon, 21 Jun 2021 20:04:10 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 18877
age: 176782
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame D9D0 0
0 43ms
42ms Fetch
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C2pAelMPVYJ6UBanR7_UPkZKCKJmpsp1jvLPa_r0Oio_PjoUkEAEgkaG_E2CVAqAB3daovwHIAQmpAhQ5brRRCLQ-qAMByANIqgS-AU_QMlpCdpNb_JVb2nKkdi9Sh05J4KRh4kHzIYfXi2_k2MzhJGvgKv1QcsxXkV5FEyD0I57AamPi_xvCrkrasfFP5IxLXyAOTOAmQHuU0GskAju1E9Qf22tqjMb6vzIK17X9oHTfuBmkzk5801po8zSciJOIRkvOez_t8n8tYrevsjnnsGQhXhK8v87mjnu9-d9ZBkc9I-CGPMq1iRArSPibjr35u6XfQP0KfJqxQOLOCjnEthaeVQeEOMOMoKDABNO26ZrVA5IFBAgEGAGSBQQIBRgEoAYugAeLqdfAAqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBCxxwPSCAkIgOGAEBABGB-ACgHICwHYEwLQFQGAFwGyFxoKGAgAEhRwdWItMzQzMjM0MTk5NzIxMTE2NQ&sigh=qXHUhPye9_Y&template_id=419

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3432341997211165&output=html&h=600&slotname=0023709217&adk=208576126&adf=3656672136&pi=t.ma~as.0023709217&w=120&lmt=1624621972&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624621972049&bpp=9&bdt=336&idt=9&shv=r20210623&cbv=%2Fr20110914&ptt=5&saldr=sa&abxe=1&prev_fmts=0x0%2C1000x280&prev_slotnames=3804470934&nras=1&correlator=3852904018217&frm=20&pv=1&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=315&ady=1047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=1024&bc=31&ifi=4&uci=a!4&fsb=1&xpc=yoEklnrNYV&p=https%3A//timedopovo.tk&dtd=14
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 25 Jun 2021 11:52:52 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 25 Jun 2021 11:52:52 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BD5D 143 B
163 B 6ms
5ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3432341997211165&output=html&h=600&slotname=0023709217&adk=208576126&adf=3656672136&pi=t.ma~as.0023709217&w=120&lmt=1624621972&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624621972049&bpp=9&bdt=336&idt=9&shv=r20210623&cbv=%2Fr20110914&ptt=5&saldr=sa&abxe=1&prev_fmts=0x0%2C1000x280&prev_slotnames=3804470934&nras=1&correlator=3852904018217&frm=20&pv=1&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=315&ady=1047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=1024&bc=31&ifi=4&uci=a!4&fsb=1&xpc=yoEklnrNYV&p=https%3A//timedopovo.tk&dtd=14
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3432341997211165&output=html&h=600&slotname=0023709217&adk=208576126&adf=3656672136&pi=t.ma~as.0023709217&w=120&lmt=1624621972&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624621972049&bpp=9&bdt=336&idt=9&shv=r20210623&cbv=%2Fr20110914&ptt=5&saldr=sa&abxe=1&prev_fmts=0x0%2C1000x280&prev_slotnames=3804470934&nras=1&correlator=3852904018217&frm=20&pv=1&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=315&ady=1047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=1024&bc=31&ifi=4&uci=a!4&fsb=1&xpc=yoEklnrNYV&p=https%3A//timedopovo.tk&dtd=14

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 25 Jun 2021 10:57:41 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 3311
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame D9D0 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2db580ef54660ddffdebffcd8d7bb72c0dfd0a3134cc5dea1d9211eb6f8afac0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 69A1 16 KB
6 KB 23ms
8ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 08:10:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13327
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 26 Jun 2021 08:10:45 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 69A1 26 KB
10 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 20:19:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55974
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 25 Jun 2021 20:19:58 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BD5D
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

15ms
15ms

Document
text/html

2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUk8DgEUNwYjgWWeq8Jyt6djyEHhqXzECdBXy_gXH_xc1TTktmmBEp_cSRftIxs
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 25 Jun 2021 11:52:52 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Fri, 25-Jun-2021 12:52:52 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 25 Jun 2021 11:52:52 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 25 Jun 2021 11:52:52 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 css
fonts.googleapis.com/ Frame 8E40 6 KB
765 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3432341997211165&output=html&h=280&slotname=8825380003&adk=3290701847&adf=215310249&pi=t.ma~as.8825380003&w=1000&fwrn=4&fwrnh=100&lmt=1624621971&rafmt=1&psa=0&format=1000x280&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624621971908&bpp=3&bdt=195&idt=76&shv=r20210623&cbv=%2Fr20110914&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=3804470934&nras=1&correlator=3852904018217&frm=20&pv=2&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=308&ady=131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=3&uci=a!3&fsb=1&xpc=KnTKHAgluR&p=https%3A//timedopovo.tk&dtd=80

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Jun 2021 11:45:53 GMT
server: ESF
date: Fri, 25 Jun 2021 11:52:52 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Jun 2021 11:52:52 GMT

GET
H3-29 200 mGzIkP9MbilhhXayH-4FXVj5Hth0Auc0RFP8Od1UZbs.js Show response
pagead2.googlesyndication.com/bg/ Frame 69A1 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mGzIkP9MbilhhXayH-4FXVj5Hth0Auc0RFP8Od1UZbs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

986cc890ff4c6e29618576b21fee055d58f91ed87402e7344453fc39dd5465bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 06:41:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18662
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5744
x-xss-protection: 0
last-modified: Tue, 22 Jun 2021 16:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Jun 2022 06:41:50 GMT

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/ Frame 8E40 1 KB
909 B 8ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jul 2021 11:52:02 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/ Frame 8E40 17 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

013bec3910ad3d4838f46d1a0095d9e6f0ea3e676e786daf0147dce032b651b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:47:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 299
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7112
x-xss-protection: 0
server: cafe
etag: 12276874145846594193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jul 2021 11:47:53 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/ Frame 8E40 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:49:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 192
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jul 2021 11:49:40 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8E40 125 KB
38 KB 18ms
15ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b35a4ef06e319281153f0f4b026996a350853075e70204a388d524eab724433f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:52 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624469964731542"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38558
x-xss-protection: 0
expires: Fri, 25 Jun 2021 11:52:52 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/ Frame 8E40 13 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c969efceff108562296b3425ced4ae3921ebf7baf40958c4b500c7d075ae350a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:51:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 5108850372203985220
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jul 2021 11:51:32 GMT

GET
H2 200 5be26e13f65761684aaaff0594247b1f.js Show response
www.gstatic.com/mysidia/ Frame 8E40 25 KB
11 KB 11ms
5ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5be26e13f65761684aaaff0594247b1f.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e36f48120b748ca10f6efeb242a7cdbd118a72f0e40b3812a5f3dbe286de818

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 13:49:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79381
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10687
x-xss-protection: 0
last-modified: Thu, 17 Jun 2021 06:31:32 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 22 Sep 2021 13:49:51 GMT

GET
H3-29 200 ZEISS_Logo.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/ Frame 69A1 4 KB
1 KB 13ms
7ms Image
image/svg+xml 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/ZEISS_Logo.svg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d694ae0d2295be1339357ff2d549dfabc353e31f4424a1ded4b79495342a8a3

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 222448
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1132
x-xss-protection: 0
last-modified: Mon, 21 Jun 2021 20:04:10 GMT
server: sffe
date: Tue, 22 Jun 2021 22:05:24 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 22:05:24 GMT

GET
H3-29 200 CTA.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/ Frame 69A1 5 KB
2 KB 13ms
8ms Image
image/svg+xml 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/CTA.svg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c0fc22841355d6cecc5c3b47ce038fea5d45060d7092b6126775d252e24ae62e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 168173
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1587
x-xss-protection: 0
last-modified: Mon, 21 Jun 2021 20:04:10 GMT
server: sffe
date: Wed, 23 Jun 2021 13:09:59 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 13:09:59 GMT

GET
H3-29 200 Typo03.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/ Frame 69A1 14 KB
4 KB 11ms
7ms Image
image/svg+xml 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/Typo03.svg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed27a446bde82b046f9e255881e89d2ed9719cce3f7be87ab0bf56f8e7c5c9f3

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 180667
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/content-ads-owners
cross-origin-resource-policy: cross-origin
x-dns-prefetch-control: off
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4497
x-xss-protection: 0
last-modified: Mon, 21 Jun 2021 20:04:10 GMT
server: sffe
date: Wed, 23 Jun 2021 09:41:45 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 09:41:45 GMT

GET
H3-29 200 Typo02.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/ Frame 69A1 11 KB
3 KB 13ms
8ms Image
image/svg+xml 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/Typo02.svg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dce5d22e48d26f933e44ab199e5980788836b2c350aab2332dbf0433f97a7a86

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 186143
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3287
x-xss-protection: 0
last-modified: Mon, 21 Jun 2021 20:04:10 GMT
server: sffe
date: Wed, 23 Jun 2021 08:10:29 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 08:10:29 GMT

GET
H3-29 200 Typo01.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/ Frame 69A1 7 KB
2 KB 12ms
7ms Image
image/svg+xml 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/Typo01.svg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7dde32175260cb550eea5292fbfc8e61a3b626f496b7f626268e3f6d0dd6025

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 173206
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2339
x-xss-protection: 0
last-modified: Mon, 21 Jun 2021 20:04:10 GMT
server: sffe
date: Wed, 23 Jun 2021 11:46:06 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 11:46:06 GMT

GET
H3-29 200 ZEISS-EB-Pic-small.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/ Frame 69A1 83 KB
83 KB 16ms
12ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18440678300287635125/120x600/ZEISS-EB-Pic-small.jpg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3331c64de213e88892795180916a4b9843df1734799648d64060e78c7428f959

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 195073
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 85299
x-xss-protection: 0
last-modified: Mon, 21 Jun 2021 20:04:10 GMT
server: sffe
date: Wed, 23 Jun 2021 05:41:39 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 05:41:39 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 8E40 0
0 46ms
43ms Fetch
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C5EPplMPVYLWXAaqS7_UP07u9sA3RxPG_YqixwOiMDq-BuuPXAhABIJGhvxNglQKgAfeHiNEDyAEJqQI0D-5-Ewu0PqgDAcgDywSqBLsBT9Bmorj-JBL-UQgThHk9yz7fAqXbGoHir_u1BKjZAEp3ihjjTbT35PMrjWI2u39Cv5IPgoO-WJtbiDWS1gCDDQNRFasZbBxAHBsXmOF3ykVIP7LXqM3eVdvOcydA7nStaVUqbJr8Y_wjX0TvNjrnwufJ8icMJdXuXpOLpCOkv2ZyWmNcjtlzn0L9GTUPkQxRXChtWndnM8cS2faK8QOHzOKuCWolXGMgNYF3SPWhLLxxGqKz4NJU1a4kV8AE8ez2i88DkgUECAQYAZIFBAgFGASgBi6AB_H39y6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQt84W0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBgBcBshcaChgIABIUcHViLTM0MzIzNDE5OTcyMTExNjU&sigh=1PRwwBjzJHw&template_id=484

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3432341997211165&output=html&h=280&slotname=8825380003&adk=3290701847&adf=215310249&pi=t.ma~as.8825380003&w=1000&fwrn=4&fwrnh=100&lmt=1624621971&rafmt=1&psa=0&format=1000x280&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624621971908&bpp=3&bdt=195&idt=76&shv=r20210623&cbv=%2Fr20110914&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=3804470934&nras=1&correlator=3852904018217&frm=20&pv=2&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=308&ady=131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=3&uci=a!3&fsb=1&xpc=KnTKHAgluR&p=https%3A//timedopovo.tk&dtd=80
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 25 Jun 2021 11:52:52 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/15909873484267815867/ Frame 8E40 11 KB
11 KB 12ms
9ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15909873484267815867/downsize_200k_v1?w=400&h=209

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5760e9f96ec3665879f5d69c94981e6c2ce5613c1d53bb12f1e4659d9f5777a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 07:54:33 GMT
x-content-type-options: nosniff
age: 187099
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11718
x-xss-protection: 0
last-modified: Wed, 28 Apr 2021 14:30:09 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 07:54:33 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/4570866813699490989/ Frame 8E40 8 KB
8 KB 13ms
11ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4570866813699490989/downsize_200k_v1?w=100&h=100

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68532c15bfa6e31c5005c8a6172d2c8f697309fbfa1f08f80cab81987a97529c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 01:47:26 GMT
x-content-type-options: nosniff
age: 209126
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8088
x-xss-protection: 0
last-modified: Thu, 14 Feb 2019 12:55:11 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 01:47:26 GMT

GET
DATA 200
OK truncated
/ Frame 8E40 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 8E40 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ab2689c402abefbc0eb5a19dcca280af72e4428061c5275a2f832248acaa40fb

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 d9bcbb035757265a3c5ffa95503316f2
ad.lomadee.com/banners/7270/ Frame BABE 26 KB
26 KB 44ms
44ms Image
image/png 13.225.87.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.lomadee.com/banners/7270/d9bcbb035757265a3c5ffa95503316f2
Requested by: Host: ad.lomadee.com
URL: https://ad.lomadee.com/banner/view?sourceId=35923256&dimension=3&width=120&height=600&method=0&advertisers=&tags=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-106.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b559e3f15cb6c292d3d1602cf9fca3352f3c56d82035dce361bbcb59125c3571

Request headers

Referer: https://ad.lomadee.com/banner/view?sourceId=35923256&dimension=3&width=120&height=600&method=0&advertisers=&tags=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 23:51:34 GMT
via: 1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
last-modified: Wed, 26 Aug 2020 03:35:03 GMT
server: AmazonS3
age: 216079
etag: "94397a0ab1afe52cb96aa9589f1fa22b"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 26549
x-amz-cf-id: L46mMWmT8SXUGCOrSVRvbEixEIkoFXijkrgO3FlrmbXla6BSZAPRRg==

GET analyze.js
statistcdn.com/ Frame BABE 0
0

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame BABE 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: ad.lomadee.com
URL: https://ad.lomadee.com/banner/view?sourceId=35923256&dimension=3&width=120&height=600&method=0&advertisers=&tags=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ad.lomadee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 764
date: Fri, 25 Jun 2021 11:40:08 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Fri, 25 Jun 2021 13:40:08 GMT

GET
H2 200 d9bcbb035757265a3c5ffa95503316f2
ad.lomadee.com/banners/7270/ Frame D574 26 KB
26 KB 48ms
47ms Image
image/png 13.225.87.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.lomadee.com/banners/7270/d9bcbb035757265a3c5ffa95503316f2
Requested by: Host: ad.lomadee.com
URL: https://ad.lomadee.com/banner/view?sourceId=35923256&dimension=3&width=120&height=600&method=0&advertisers=&tags=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-106.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b559e3f15cb6c292d3d1602cf9fca3352f3c56d82035dce361bbcb59125c3571

Request headers

Referer: https://ad.lomadee.com/banner/view?sourceId=35923256&dimension=3&width=120&height=600&method=0&advertisers=&tags=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 23:51:34 GMT
via: 1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
last-modified: Wed, 26 Aug 2020 03:35:03 GMT
server: AmazonS3
age: 216079
etag: "94397a0ab1afe52cb96aa9589f1fa22b"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 26549
x-amz-cf-id: GgDuA_m5QlY3JXdLAMQ1sdXJpQwXh3loS49CFaxGi4ErPVOwlMDH-w==

GET analyze.js
statistcdn.com/ Frame D574 0
0

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame D574 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: ad.lomadee.com
URL: https://ad.lomadee.com/banner/view?sourceId=35923256&dimension=3&width=120&height=600&method=0&advertisers=&tags=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ad.lomadee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 764
date: Fri, 25 Jun 2021 11:40:08 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Fri, 25 Jun 2021 13:40:08 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 8E40 15 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 16:47:53 GMT
x-content-type-options: nosniff
age: 241499
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 16:47:53 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 8E40 15 KB
16 KB 5ms
5ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 02:11:10 GMT
x-content-type-options: nosniff
age: 121302
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Jun 2022 02:11:10 GMT

GET
H3-29 200 mGzIkP9MbilhhXayH-4FXVj5Hth0Auc0RFP8Od1UZbs.js Show response
pagead2.googlesyndication.com/bg/ Frame BB59 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mGzIkP9MbilhhXayH-4FXVj5Hth0Auc0RFP8Od1UZbs.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

986cc890ff4c6e29618576b21fee055d58f91ed87402e7344453fc39dd5465bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 06:41:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18662
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5744
x-xss-protection: 0
last-modified: Tue, 22 Jun 2021 16:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Jun 2022 06:41:50 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/ Frame FB67 3 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3432341997211165&output=html&h=600&slotname=4618836511&adk=2751928702&adf=4244182132&pi=t.ma~as.4618836511&w=300&fwrn=4&fwrnh=100&lmt=1624621972&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1624621972127&bpp=17&bdt=414&idt=18&shv=r20210623&cbv=%2Fr20110914&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db1c433b0e6fb91cb-228ff22432c900c0%3AT%3D1624621972%3ART%3D1624621972%3AS%3DALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg&prev_fmts=0x0%2C1000x280&prev_slotnames=3804470934%2C0023709217&nras=1&correlator=3852904018217&frm=20&pv=1&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=705&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ViQdQvncoz&p=https%3A//timedopovo.tk&dtd=38

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:49:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 193
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jul 2021 11:49:40 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FB67 125 KB
38 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b35a4ef06e319281153f0f4b026996a350853075e70204a388d524eab724433f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:53 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624469964731542"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38558
x-xss-protection: 0
expires: Fri, 25 Jun 2021 11:52:53 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/ Frame FB67 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c969efceff108562296b3425ced4ae3921ebf7baf40958c4b500c7d075ae350a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:51:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 5108850372203985220
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jul 2021 11:51:32 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame FB67 0
0 23ms
21ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSGx6F3jl9NBBYc-nBps-VTmY3h9uaPS5vYn2GAGaP5eHAwLFOvbWRbHUFljHCeQuSnLe8XVONTbhrDdUqzueIRxu5oug
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3432341997211165&output=html&h=600&slotname=4618836511&adk=2751928702&adf=4244182132&pi=t.ma~as.4618836511&w=300&fwrn=4&fwrnh=100&lmt=1624621972&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1624621972127&bpp=17&bdt=414&idt=18&shv=r20210623&cbv=%2Fr20110914&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db1c433b0e6fb91cb-228ff22432c900c0%3AT%3D1624621972%3ART%3D1624621972%3AS%3DALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg&prev_fmts=0x0%2C1000x280&prev_slotnames=3804470934%2C0023709217&nras=1&correlator=3852904018217&frm=20&pv=1&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=705&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ViQdQvncoz&p=https%3A//timedopovo.tk&dtd=38
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame 264E 223 KB
37 KB 10ms
10ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7bf67883867f93d08cbf4eeac0485e641cb9e5b123e18bef046b7c706cffd28

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/17626451119355985920/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Wed, 23 Jun 2021 03:45:31 GMT
expires: Thu, 23 Jun 2022 03:45:31 GMT
last-modified: Mon, 03 May 2021 14:21:52 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 38330
age: 202042
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame FB67 0
0 42ms
42ms Fetch
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CRhrclMPVYPykC72g7_UP6fujsA7lto7OYv_K94H2DdrZHhABIJGhvxNglQKgAZXP6PEDyAEJqQIlV5632Qm0PqgDAcgDAqoEvQFP0NKRFpc9V_3PZH4zun1qixC5j4G-isG_LsKTVTple7YaibgbZ9dWyVwN9t2WEtY7TZ7fDusFr1j-wr__uYkEDJvo0eUGE6QVcbFcTkjSOpR9zFW0lxXO3TRQp-OtJRYw-cFwi6ersH7apWwMDrImgZmSPCkXjMepueb048dBXTIsxIevqxyFfQ2P9XtkMPihYjOkk5m3bBFkXPTiQFwf26STUxvSO03AdGr2x1JUucu9wM-BdpkdeajFSJ7ABNqshdjLA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAZdgAfTsJcOqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEN39BtIICQiA4YAQEAEYH4AKAcgLAdgTDYgUAdAVAZgWAYAXAbIXGgoYCAASFHB1Yi0zNDMyMzQxOTk3MjExMTY1&sigh=uf0xqpMj29c

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3432341997211165&output=html&h=600&slotname=4618836511&adk=2751928702&adf=4244182132&pi=t.ma~as.4618836511&w=300&fwrn=4&fwrnh=100&lmt=1624621972&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1624621972127&bpp=17&bdt=414&idt=18&shv=r20210623&cbv=%2Fr20110914&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db1c433b0e6fb91cb-228ff22432c900c0%3AT%3D1624621972%3ART%3D1624621972%3AS%3DALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg&prev_fmts=0x0%2C1000x280&prev_slotnames=3804470934%2C0023709217&nras=1&correlator=3852904018217&frm=20&pv=1&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=705&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ViQdQvncoz&p=https%3A//timedopovo.tk&dtd=38
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 25 Jun 2021 11:52:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4BD3 143 B
163 B 8ms
7ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3432341997211165&output=html&h=600&slotname=4618836511&adk=2751928702&adf=4244182132&pi=t.ma~as.4618836511&w=300&fwrn=4&fwrnh=100&lmt=1624621972&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1624621972127&bpp=17&bdt=414&idt=18&shv=r20210623&cbv=%2Fr20110914&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db1c433b0e6fb91cb-228ff22432c900c0%3AT%3D1624621972%3ART%3D1624621972%3AS%3DALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg&prev_fmts=0x0%2C1000x280&prev_slotnames=3804470934%2C0023709217&nras=1&correlator=3852904018217&frm=20&pv=1&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=705&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ViQdQvncoz&p=https%3A//timedopovo.tk&dtd=38
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUmaqTHxc6u4a9UvGhhzVJ57eZhgKUXjL6cXK2_5Qr8tziwbQSjyWA871WgigK8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3432341997211165&output=html&h=600&slotname=4618836511&adk=2751928702&adf=4244182132&pi=t.ma~as.4618836511&w=300&fwrn=4&fwrnh=100&lmt=1624621972&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Ftimedopovo.tk%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1624621972127&bpp=17&bdt=414&idt=18&shv=r20210623&cbv=%2Fr20110914&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db1c433b0e6fb91cb-228ff22432c900c0%3AT%3D1624621972%3ART%3D1624621972%3AS%3DALNI_MaSAL0LJ7XjjL9DNht3ee-Ubq0nJg&prev_fmts=0x0%2C1000x280&prev_slotnames=3804470934%2C0023709217&nras=1&correlator=3852904018217&frm=20&pv=1&ga_vid=1723328054.1624621972&ga_sid=1624621972&ga_hid=1747522967&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=705&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975&oid=3&pvsid=656768274537544&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ViQdQvncoz&p=https%3A//timedopovo.tk&dtd=38

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 25 Jun 2021 10:57:41 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 3312
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame FB67 0
20 B 55ms
41ms Other
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPy-r7zcsvECFT3Quwgd6f0I5g&gqi=lMPVYKDdCtmr7gPorJSwDQ&layout=/sadbundle/%24csp%253Der3%24/17626451119355985920/index.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Fri, 25 Jun 2021 11:52:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame FB67 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 35b66b970fa25f343b88f257b53d0f729e3a5d815ce1ecfc084ec62295615d16

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 css
fonts.googleapis.com/ Frame 264E 2 KB
499 B 25ms
22ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2130554153fa8c200d17c28a5c70c3b0cf4bd9b4796d6e431c89c7f99417a1a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Jun 2021 10:11:00 GMT
server: ESF
date: Fri, 25 Jun 2021 11:52:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Jun 2021 11:52:53 GMT

GET
H3-29 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 264E 16 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 08:10:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13328
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 26 Jun 2021 08:10:45 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 264E 26 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 20:19:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55975
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 25 Jun 2021 20:19:58 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4BD3
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUmaqTHxc6u4a9UvGhhzVJ57eZhgKUXjL6cXK2_5Qr8tziwbQSjyWA871WgigK8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 25 Jun 2021 11:52:53 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Fri, 25-Jun-2021 12:52:53 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 25 Jun 2021 11:52:53 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 25 Jun 2021 11:52:53 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v17/ Frame 264E 23 KB
23 KB 18ms
15ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 16:52:32 GMT
x-content-type-options: nosniff
age: 241221
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 16:52:32 GMT

GET
H3-29 200 N0bU2SZBIuF2PU_0DXR1.woff2
fonts.gstatic.com/s/bungee/v6/ Frame 264E 17 KB
17 KB 23ms
21ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/bungee/v6/N0bU2SZBIuF2PU_0DXR1.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b00176dbbd9e4c77629b36fae58d076c8c3b55754e7c2dd3a6e4986e7ec9c37b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 00:53:29 GMT
x-content-type-options: nosniff
age: 125964
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17268
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 03:47:49 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Jun 2022 00:53:29 GMT

GET
H3-29 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ Frame 264E 22 KB
22 KB 15ms
13ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 03:05:48 GMT
x-content-type-options: nosniff
age: 118025
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:12:12 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Jun 2022 03:05:48 GMT

GET
H3-29 200 null-leasing-logo-final_white_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame 264E 2 KB
2 KB 8ms
7ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/null-leasing-logo-final_white_1.png

Requested by

Host: timedopovo.tk
URL: https://timedopovo.tk/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62cdccf1ab4b4215586295612a4a2ef96fa490250fa96dbccc565f659cab86ab

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 228769
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1738
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
date: Tue, 22 Jun 2021 20:20:04 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 20:20:04 GMT

GET
H3-29 200 autos_licht_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame 264E 6 KB
6 KB 7ms
6ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/autos_licht_1.png

Requested by

Host: timedopovo.tk
URL: https://timedopovo.tk/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a87352099e9b3946d71f4f73c69f9217ef99278088a177d5eef09df78c11e4ae

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 207048
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5867
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
date: Wed, 23 Jun 2021 02:22:05 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 02:22:05 GMT

GET
H3-29 200 autos.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame 264E 48 KB
48 KB 8ms
8ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/autos.png

Requested by

Host: timedopovo.tk
URL: https://timedopovo.tk/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c45bfa2dc80f54eb8564aa778a0929a00811168617ee6340cc59f0af48e5cca

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 172794
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49113
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
date: Wed, 23 Jun 2021 11:52:59 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 11:52:59 GMT

GET
H3-29 200 hintergrund_plain.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame 264E 30 KB
30 KB 9ms
9ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/hintergrund_plain.jpg

Requested by

Host: timedopovo.tk
URL: https://timedopovo.tk/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

969231fe165a93933d6908d45bfa09c364b66de37160efea47d87d18d7d37bd8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 186717
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30604
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
date: Wed, 23 Jun 2021 08:00:56 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 08:00:56 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8E40 42 B
64 B 41ms
40ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuX3uvrEciD9YkGK2RtORJJXP5YZYljRPeS5dQvqi3aMNUSffqIKAybUSXFRfudA5uU__ZDuRCRkD6fXP3vKHincVwNY1-m6kDHAJ9WOuyjHjngPpDIWzneZWn78g&sai=AMfl-YTMopxWYlGCmkGABYFJFezndfJrgGehnl5lx4-IqlV5KvqdFpvQHwwQgP73mR30SI4XkCMEwZQC_2pt&sig=Cg0ArKJSzAy0W_MnS5fFEAE&id=lidar2&mcvt=1000&p=131,308,411,1308&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210623&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=3290701847&rs=2&met=mue&la=1&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1624621971989&dlt=718&rpt=54&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Jun 2021 11:52:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FB67 42 B
518 B 64ms
46ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssiYVgfK0nCKGxCs2jqxF7ijUF3GJFDwkVfaYhMblPyXleN6PRoLEwRpb0k1Q8diY5sBW_CZPXLeBmZSgxuaGDBcpDwTs8RBRdEquR1XY7w9tVmyGjdnMuL1VJq1qoOaQjEOOV6Tv2jqqDJ2_2syBMg&sai=AMfl-YSk75kxGj2iRU5V0RAEV5-gRv_2XTxnLmHWJAPMv4w5KM9L4zPtww1jcN5yt8ZfJJO0jf3SBYx72mUFdTglyrFYK-gIchmcLZi9wEsrDDSMMoaUxEHsF7_q-YCV&sig=Cg0ArKJSzO4gRUF0E0EOEAE&cid=CAASF-Ro7Q6oZtqWv-FOvZs0Z39egGboxtmd&id=lidar2&mcvt=1000&p=705,1005,1305,1305&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20210623&bin=7&avms=nio&bs=0,0&mc=0.82&if=1&app=0&itpl=2&adk=2751928702&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1624621972167&dlt=1196&rpt=2&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Jun 2021 11:52:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 abadmin.css
timedopovo.tk/wp-content/plugins/AutoBlogged/ 13 KB
3 KB 55ms
54ms Stylesheet
text/css 31.22.4.81
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: https://timedopovo.tk/wp-content/plugins/AutoBlogged/abadmin.css
Requested by: Host: timedopovo.tk
URL: https://timedopovo.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.22.4.81 Houghton-Le-Spring, United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: sv46.byethost46.org
Software: nginx /
Resource Hash: ffd839e0426df1587647de26c5713be3f579f9f7f816fdf5353e5ef7644a733c

Request headers

:path: /wp-content/plugins/AutoBlogged/abadmin.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: timedopovo.tk
referer: https://timedopovo.tk/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:54 GMT
content-encoding: br
last-modified: Fri, 06 Apr 2018 00:40:16 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000, public, proxy-revalidate
expires: Sun, 25 Jul 2021 11:52:54 GMT

GET
H3-29

200

/
www.facebook.com/login/ Frame F7BE
Redirect Chain

https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df107d1fff1b29ec%26domain%3Dtimedopovo.tk%26orig...
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253...

0
0

109ms
109ms

Document
text/html

2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df107d1fff1b29ec%2526domain%253Dtimedopovo.tk%2526origin%253Dhttps%25253A%25252F%25252Ftimedopovo.tk%25252Ffcc447de292d98%2526relation%253Dparent.parent%26color_scheme%3Dlight%26container_width%3D300%26header%3Dtrue%26height%3D300%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Ftimedopovonews%253Fref%253Dhl%26locale%3Dpt_BR%26sdk%3Djoey%26show_border%3Dtrue%26show_faces%3Dtrue%26stream%3Dfalse%26width%3D300

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/pt_BR/all.js?hash=5a3c4881cfcae8bbaa9be5600358d670

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com data: blob: 'self';script-src .facebook.com .fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com: attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df107d1fff1b29ec%2526domain%253Dtimedopovo.tk%2526origin%253Dhttps%25253A%25252F%25252Ftimedopovo.tk%25252Ffcc447de292d98%2526relation%253Dparent.parent%26color_scheme%3Dlight%26container_width%3D300%26header%3Dtrue%26height%3D300%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Ftimedopovonews%253Fref%253Dhl%26locale%3Dpt_BR%26sdk%3Djoey%26show_border%3Dtrue%26show_faces%3Dtrue%26stream%3Dfalse%26width%3D300
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://timedopovo.tk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: about:blank

Response headers

vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
x-fb-rlafr: 0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy: default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: /e4XUrUPMdPnOH6UCBg2RDso8OZ+DOiXoUozvXHs8aoyNBtG+xqgGADbfgN8vwmmnFDm3Iuf8itHnmXqReRssw==
date: Fri, 25 Jun 2021 11:52:55 GMT
priority: u=3,i
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

Redirect headers

location: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df107d1fff1b29ec%2526domain%253Dtimedopovo.tk%2526origin%253Dhttps%25253A%25252F%25252Ftimedopovo.tk%25252Ffcc447de292d98%2526relation%253Dparent.parent%26color_scheme%3Dlight%26container_width%3D300%26header%3Dtrue%26height%3D300%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Ftimedopovonews%253Fref%253Dhl%26locale%3Dpt_BR%26sdk%3Djoey%26show_border%3Dtrue%26show_faces%3Dtrue%26stream%3Dfalse%26width%3D300
x-fb-rlafr: 0
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: fKXL9uBdV7mruTcLJ4Tbf0NKBIo6LRuB7jRXGY+6E4P0/bRayWOtkXUMqWTIU4pxHelQ/NBIH44ELn8xGDQycw==
content-length: 0
date: Fri, 25 Jun 2021 11:52:55 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 19ms
19ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210623&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c29cdbcd892f1e15fe8c2c130016c17e781230668e0bd7756c4d9df162f48204

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Jun 2021 11:52:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7874
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 11:52:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Fri, 25 Jun 2021 11:52:55 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame AB9D 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://timedopovo.tk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://timedopovo.tk/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Fri, 25 Jun 2021 10:14:53 GMT
expires: Sat, 25 Jun 2022 10:14:53 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 5882
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 991C 783 B
779 B 16ms
15ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

072ec20bbc70b714fba14462f856b1c302ac63e3ab4fbd277c1f7bc3052a53e6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-j75Oew8/JTr8M3XcI+tilA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://timedopovo.tk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://timedopovo.tk/

Response headers

expires: Fri, 25 Jun 2021 11:52:55 GMT
date: Fri, 25 Jun 2021 11:52:55 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-j75Oew8/JTr8M3XcI+tilA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 mGzIkP9MbilhhXayH-4FXVj5Hth0Auc0RFP8Od1UZbs.js Show response
pagead2.googlesyndication.com/bg/ Frame AB9D 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mGzIkP9MbilhhXayH-4FXVj5Hth0Auc0RFP8Od1UZbs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

986cc890ff4c6e29618576b21fee055d58f91ed87402e7344453fc39dd5465bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 06:41:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18665
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5744
x-xss-protection: 0
last-modified: Tue, 22 Jun 2021 16:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Jun 2022 06:41:50 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210623&jk=656768274537544&bg=!5uWl5aHNAAYo4NJEKOA7ACkAdvg8WlE8sg5zCFZHeERL1kAZEfJXBpspKNVcF0y8HkYfccqZ6ARNcQIAAABEUgAAAAloAQcKAGtKc6DixHZdEWQ45CPtTfqjFDaEQe5KOvqFDkY_nqOOL0T2ggTtpZXh8KAIaQfwxVZdk4UrjqB7qMXNaNUosjlhlNme4xBoWT54JlDdeVAnCsdNEfRD-5AOnJbBV0e_eyRY5XIyMzzuGNNErZkCblaZe2DBnvmkmEhdREOgaY7e30FQi7oo2h_zwPR58lloKYsgbayI8ZBukfonLf6PpkqPOnjqLyOD0Y3miG1q0jcaB7W1MQtNvXxXnCWjSc8bVn1L1B3kE7TcSVFgcmQTI9HonaagOqV26b8DxLhv7SQEAWaGQmClSferKEQGllQTPTr5G5txLYMRf_geaZmMFqrHRSquUQpZdq1QyKcGPtzRiZXQVKi4-qqSfJG3-1CrcU0qKz5btnNTIpFzWfZIkksdsTHNUo-1oExygpVI5HS6Efez916KoWVZJbC8msVDpHkeR8r5Hxrone_J7FesVqkr7PfwNaa5U7Hc4DyJuedzO62erVWNxAqRKEGuljsThfnbcqtEvv0rlClUIod_vwgFfwt2nweosdqzkKwpfv31dp1A_nSNN28M4uJkjuoH2afZpmTvJffqcrybmyByXP2BoAXJY8KJCPB8xr8eoR22Hf9DtH8g5yBlQB3V3ZGF8DnTooJwbLqZ2AHJadoaGbjlxNu1RLDhvkpcdyO-oeaiTvy2QgT5IoP2daX5ljxA4YEFcw3TMWk-C5JnlbJowZOUwnLxVpyP1L1jcwmaEuKpuW-OjQqR1a2QD9wKC0_OtO51eaQOLu5UALuJTEmbwq6N3sx7SSJEnwlyR_pV0bHgES7cv1fofnT9MeSO141f3bZvAOQBj84lPfyRrPkKUpPK3hzHg5etkskTb_ezILv07jBRjQ_g9qF-CdLmr0vGvAtSKrEs5zkp4JyiwI3jqkqAMhEHQqrDVfDkzOKGXXld4rAr7l3m6_fzF6yayT-y8c_WzkawJUeb2qt0rgY

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://timedopovo.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Jun 2021 11:52:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.google.com
URL: http://www.google.com/cse/query_renderer.js

Domain: www.google.com
URL: http://www.google.com/cse/api/partner-pub-3432341997211165/cse/6624308046/queries/js?oe=ISO-8859-1&callback=(new+PopularQueryRenderer(document.getElementById(%22queries%22))).render

Domain: www.google.com
URL: http://www.google.com/afsonline/show_afs_search.js

Domain: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/show_ads.js

Domain: www.google.com.br
URL: http://www.google.com.br/coop/cse/brand?form=cse-search-box&lang=pt

Domain: statistcdn.com
URL: https://statistcdn.com/analyze.js?typeId=f

Domain: statistcdn.com
URL: https://statistcdn.com/analyze.js?typeId=f

Domain: statistcdn.com
URL: https://statistcdn.com/analyze.js?typeId=f

Verdicts & Comments Add Verdict or Comment

202 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://timedopovo.tk/wp-content/cache/autoptimize/js/autoptimize_64369739fc755262d7d80c591d79ad24.js(Line 12) Message: JQMIGRATE: Migrate is installed with logging active, version 3.3.2
console-api	warning	URL: https://timedopovo.tk/wp-content/cache/autoptimize/js/autoptimize_64369739fc755262d7d80c591d79ad24.js(Line 14) Message: JQMIGRATE: jQuery.fn.hover() is deprecated
console-api	log	URL: https://timedopovo.tk/wp-content/cache/autoptimize/js/autoptimize_64369739fc755262d7d80c591d79ad24.js(Line 14) Message: console.trace

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.lomadee.com
adds.livreuso.tk
adservice.google.com
adservice.google.de
cdn.shortpixel.ai
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
panel.clickwise.net
partner.googleadservices.com
ssl.google-analytics.com
statistcdn.com
timedopovo.tk
tpc.googlesyndication.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.com.br
www.googletagservices.com
www.gstatic.com
www.timedopovo.tk
pagead2.googlesyndication.com
statistcdn.com
www.google.com
www.google.com.br
13.225.87.106
178.62.123.45
185.59.220.198
216.58.212.162
2a00:1450:4001:800::2003
2a00:1450:4001:808::200e
2a00:1450:4001:809::2002
2a00:1450:4001:809::200a
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2008
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:812::2003
2a00:1450:4001:813::2004
2a00:1450:4001:827::2004
2a00:1450:4001:827::2008
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::2002
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
31.22.4.81
31.22.4.94
013bec3910ad3d4838f46d1a0095d9e6f0ea3e676e786daf0147dce032b651b6
072ec20bbc70b714fba14462f856b1c302ac63e3ab4fbd277c1f7bc3052a53e6
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1c45bfa2dc80f54eb8564aa778a0929a00811168617ee6340cc59f0af48e5cca
1e0b105463e87ccc5220d9aba7dc76cbd4ff9acab31d23f2bfcaaa81f869a702
204e26ceed9d428095faf4121c5049f1e106116971865681001c2298f7cc5689
20b3bad1427e2212dd847357841f993f025b5061c4af1d382dcc727e102cc1e4
2130554153fa8c200d17c28a5c70c3b0cf4bd9b4796d6e431c89c7f99417a1a9
23f91e8fed1b07720dbb269a526666a72ca20e4af6388c95757f7469229708dd
2db580ef54660ddffdebffcd8d7bb72c0dfd0a3134cc5dea1d9211eb6f8afac0
2ebbe31951d75aaeea0e487bf5af399479ec0e4dabcc965d99cd203adf81bb8e
2ef3959264092b72de9339f88c90054eed3c2c83a3e755b058df53ce75310ee7
3331c64de213e88892795180916a4b9843df1734799648d64060e78c7428f959
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
33d23a496250a3264a8ece5bac570df13921457f2e281f897f5696e9a9558281
3571fa17eabf7f4e4e6386305b040dfd1330e7a4cc3afc584d4f6c8b48cd7c1e
35b66b970fa25f343b88f257b53d0f729e3a5d815ce1ecfc084ec62295615d16
367ab85e5b8f900d16ab9eefd01e4e0bf1bce3b1f427edac85b88220242a2bcc
3e553b96d208383a7df644bc4ea5f9639fbdcf758a7b0e43f434a1a6cec7e06b
404bc899022fdc0513b0c7a19b696320f893f305d9950f64ad8b51fcb2edb598
49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381
4d694ae0d2295be1339357ff2d549dfabc353e31f4424a1ded4b79495342a8a3
4f2dab5366889ccb09deeff2e8530ddd50234a9ecf94bd021a7b5df566c4ab97
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
52615651e8bcb20d28c21c732c47aaf6c23e4e9791bcff5b0c49ba8bb7eb34b3
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
5760e9f96ec3665879f5d69c94981e6c2ce5613c1d53bb12f1e4659d9f5777a2
5a02e2246cb69facdac93ae2789f172c7ad079808db6bf62f41af6c6c2857a95
5b0427c4e3c35b304cdbc50b25c8a811c86bde0b1f6e5331b0c3d827108ed81f
5c24b5096e88bef7c059e06450950e98d462c5bc7eee0e6b4cb7c0bfa16292eb
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
62cdccf1ab4b4215586295612a4a2ef96fa490250fa96dbccc565f659cab86ab
64ad2b889e573ea0f48d0c21a22e7dbc47d08ca54dff2091e418e9b4b418be14
64e2e400b02e0d24811b5f5d83978931d8c8b7cea882398246c3bdd434a97c7c
68532c15bfa6e31c5005c8a6172d2c8f697309fbfa1f08f80cab81987a97529c
6bd760dc672e6d692fd30cca41e3629ab4c67d24fde1d13d2b3d5744fd06f351
70026657c87a5132b6a431dff968771873d699737fb63c32af45f5790a1a38c3
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
74a14c3c9efff84398be5969f5ed596e76fd40786aa034907d67e2cafbf746d6
7961fb8e2c56c456004b8621329bcc73e2030785eb88be511bec404c80a659b7
7a30a030d2650fb5761dc1744f8599efc50ff2abb6b72016ead3f8b320ec05a7
8228d4ad4a1422d98292b068635566925b4e6d35b1ce0b5e051acebaeadd1da2
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83faf6d8e626b76e08febc472f9cf0bb9921a992ad61bc34b200930ad10e4602
86f937a29eaee70aaf9935799a414bea46c62fb136cc0465f63f9d6820cf4982
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
9186533ba21799e1a451b35581408963a2bd352a157f1b194c0727fb68357558
92857904df325afe1f29a64b2382eb7df89626a03d79bd16be4dac1296c3aef1
969231fe165a93933d6908d45bfa09c364b66de37160efea47d87d18d7d37bd8
986037628ef2f713282cdf6658e45f2d778e374635e2b7b6ec0f3e2fd9281ba3
986cc890ff4c6e29618576b21fee055d58f91ed87402e7344453fc39dd5465bb
9e36f48120b748ca10f6efeb242a7cdbd118a72f0e40b3812a5f3dbe286de818
a1002be707e49b36154939a19473e7fea49324fba0ddd01ae6d371cf07908e35
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a7bf67883867f93d08cbf4eeac0485e641cb9e5b123e18bef046b7c706cffd28
a87352099e9b3946d71f4f73c69f9217ef99278088a177d5eef09df78c11e4ae
a984aa4dd8ef7b364554086f53750aadfeee7e5eb91194afa2b68eb776d7d090
aa62551ffb9f4f300d58b68cf6d4fddb7fc49ce1ed40d05fd4064156b0dc5837
ab2689c402abefbc0eb5a19dcca280af72e4428061c5275a2f832248acaa40fb
acdf89c6903b463e90842a8ca32ac5cf48f4937964f15f06319e4acbd82fb7d3
b00176dbbd9e4c77629b36fae58d076c8c3b55754e7c2dd3a6e4986e7ec9c37b
b29021d6b75644a71b203ce02b73c3b58a3c68f371451179d0f720dc93dd95b6
b31b92a7e824adf57f0b02d1c68ed152046f1a6307d415871c251cb8c56d6719
b35a4ef06e319281153f0f4b026996a350853075e70204a388d524eab724433f
b559e3f15cb6c292d3d1602cf9fca3352f3c56d82035dce361bbcb59125c3571
b57245994e1df062a0eb10265547e7d49d7e3007df0c1f409dd34a42e78430e6
b791326b98b5f2e8c97a99c8cd11dc22851b227cf318cffca64df636aeb65ea3
b7dde32175260cb550eea5292fbfc8e61a3b626f496b7f626268e3f6d0dd6025
b8e86c44c2f2cc0f6d192de5b6a94b23e3c60db1117bed35701ae1e7ec6cfe5a
b9feda3639f000413659bbf87dea176f85a6c97c020d1b12d1ca0eb7814a8931
c0fc22841355d6cecc5c3b47ce038fea5d45060d7092b6126775d252e24ae62e
c29cdbcd892f1e15fe8c2c130016c17e781230668e0bd7756c4d9df162f48204
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c969efceff108562296b3425ced4ae3921ebf7baf40958c4b500c7d075ae350a
cbd509669e176f744af1c69d7c339e14127f4be4c59185d6c5ba6fe448fca6f9
cd3600e9be27f74665aba132c024322645a8e61af8dc08072c617386511268bb
cd85f1e4ab27f8b66e53eaefc644972829da5e798b244e6afb9a3d8d97493169
ce2c2f487561a1e72f77b2c28bdf121fef04e9c7d3189f5affd499a3a8a77db5
d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa
dcdf89c03c77ddfecca983f3193527d5ecadb6703589b8cdd0ba77ff0928ef2c
dce5d22e48d26f933e44ab199e5980788836b2c350aab2332dbf0433f97a7a86
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e984e3d18fdb5dcc9ac6ab02e069d5b78cf22c19681cd064541c49de98c731b2
e98cd00e7be004c4360ad0c38471911312d74a117babcc29f239935afc80c8cb
ed27a446bde82b046f9e255881e89d2ed9719cce3f7be87ab0bf56f8e7c5c9f3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f356c1330b17335df99dda5bb53bfd858ff27b903d555e9edb775b2c08d0b357
f805d35a83897b0b2be89a14dd7ef81d59a7a4f03c83b6fe63b779e0af52522e
fb9f771f2f3947d9f846c24b3313a1b3e5673918341e8ef5eab8dbc7c98e6720
fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549
fc08809552becc11633f8ae84e133f62f1ee23689f6aa71d532ed5ab3ac3d821
fe436fc4b8f01e9a69bde0f5ca5ad67576935e4fc66396c5ad61f04d3cd2629b
ffd839e0426df1587647de26c5713be3f579f9f7f816fdf5353e5ef7644a733c

timedopovo.tk Open in urlscan Pro 31.22.4.81 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

141 Requests

94 %HTTPS

75 %IPv6

18 Domains

23 Subdomains

24 IPs

3 Countries

1764 kBTransfer

3621 kBSize

0 Cookies

7 Outgoing links

Redirected requests

141 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

timedopovo.tk Open in urlscan Pro
31.22.4.81 Public Scan

Screenshot
Live screenshot

Full Image

141
Requests

94 %
HTTPS

75 %
IPv6

18
Domains

23
Subdomains

24
IPs

3
Countries

1764 kB
Transfer

3621 kB
Size

0
Cookies

141 HTTP transactions
4 data transactions