three-back.work Open in urlscan Pro
150.95.54.210 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.three-back.work/
Effective URL:
https://three-back.work/
Submission: On August 18 via api (August 18th 2021, 9:50:51 am UTC) from GB

Summary HTTP 172 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 30 IPs in 5 countries across 25 domains to perform 172 HTTP transactions. The main IP is 150.95.54.210, located in Japan and belongs to INTERQ GMO Internet,Inc, JP. The main domain is three-back.work.
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 18th 2021. Valid for: 3 months.

This is the only time three-back.work was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 50	150.95.54.210 150.95.54.210	7506 (INTERQ GM...) (INTERQ GMO Internet)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	13.224.96.45 13.224.96.45	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:14b7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2.18.232.182 2.18.232.182	16625 (AKAMAI-AS) (AKAMAI-AS)
1	147.92.146.123 147.92.146.123	38631 (LINE LINE...) (LINE LINE Corporation)
1	13.224.96.118 13.224.96.118	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
2	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
33	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
2 4	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4002:404::2003	15169 (GOOGLE) (GOOGLE)
1	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
13	2606:4700:20:... 2606:4700:20::ac43:4a81	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
2 2	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
5	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2 2	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 2	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2606:4700:303... 2606:4700:3032::ac43:aa7a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
1 3	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
1	148.251.139.77 148.251.139.77	24940 (HETZNER-AS) (HETZNER-AS)
172	30

50 150.95.54.210 (Japan) 1 redirects

ASN7506 (INTERQ GMO Internet,Inc, JP)
PTR: jp37a.mixhost.jp

www.three-back.work	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
three-back.work	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.45 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-45.zrh50.r.cloudfront.net

b.st-hatena.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:14b7 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.pixabay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.232.182 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-182.deploy.static.akamaitechnologies.com

scdn.line-apps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.92.146.123 (Japan)

ASN38631 (LINE LINE Corporation, JP)

qr-official.line.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-118.zrh50.r.cloudfront.net

b.hatena.ne.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4002:404::2003 (Ireland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700:20::ac43:4a81 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:f916:5049:f87f:108e (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.215.191 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::ac43:aa7a (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.77.48 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.239.217 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.38 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 148.251.139.77 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.77.139.251.148.clients.your-server.de

banner.congstar.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	three-back.work 1 redirects www.three-back.work three-back.work	663 KB
46	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	457 KB
26	doubleclick.net 2 redirects googleads.g.doubleclick.net securepubads.g.doubleclick.net cm.g.doubleclick.net ad.doubleclick.net	141 KB
13	ad4m.at ad4m.at as.ad4m.at assets.ad4m.at	307 KB
13	google.com 3 redirects fundingchoicesmessages.google.com adservice.google.com www.google.com	89 KB
5	googletagservices.com www.googletagservices.com	177 KB
4	gstatic.com fonts.gstatic.com csi.gstatic.com	47 KB
3	awin1.com 1 redirects www.awin1.com	2 KB
3	w.org s.w.org	2 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	openx.net 2 redirects rtb.openx.net	762 B
2	addthis.com 2 redirects e.dlx.addthis.com	1 KB
2	ad4mat.net prod-rtb.ad4mat.net static-de.ad4mat.net	4 KB
2	google.de adservice.google.de	975 B
2	googleapis.com ajax.googleapis.com fonts.googleapis.com	95 KB
1	congstar.de banner.congstar.de	518 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	457 B
1	mookie1.com odr.mookie1.com	608 B
1	quantserve.com cms.quantserve.com	464 B
1	googleadservices.com partner.googleadservices.com	660 B
1	hatena.ne.jp b.hatena.ne.jp	372 B
1	line.me qr-official.line.me	946 B
1	line-apps.com scdn.line-apps.com	4 KB
1	pixabay.com cdn.pixabay.com	121 KB
1	st-hatena.com b.st-hatena.com	11 KB
172	25

	Domain	Requested by
49	three-back.work	three-back.work
33	tpc.googlesyndication.com	googleads.g.doubleclick.net three-back.work tpc.googlesyndication.com pagead2.googlesyndication.com
18	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net three-back.work
13	pagead2.googlesyndication.com	three-back.work pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
6	assets.ad4m.at	as.ad4m.at
6	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
5	cm.g.doubleclick.net	googleads.g.doubleclick.net
5	ad4m.at	googleads.g.doubleclick.net ad4m.at
5	www.google.com	3 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
5	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
3	www.awin1.com	1 redirects as.ad4m.at
3	s.w.org	three-back.work
3	fonts.gstatic.com	fonts.googleapis.com
2	ad.doubleclick.net	2 redirects
2	as.ad4m.at	ad4m.at as.ad4m.at
2	image6.pubmatic.com	2 redirects
2	rtb.openx.net	2 redirects
2	e.dlx.addthis.com	2 redirects
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
1	banner.congstar.de	as.ad4m.at
1	static-de.ad4mat.net	ad4m.at
1	pixel.rubiconproject.com	1 redirects
1	odr.mookie1.com	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	prod-rtb.ad4mat.net	googleads.g.doubleclick.net
1	csi.gstatic.com	securepubads.g.doubleclick.net
1	securepubads.g.doubleclick.net	googleads.g.doubleclick.net
1	fonts.googleapis.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	b.hatena.ne.jp	three-back.work
1	qr-official.line.me	three-back.work
1	scdn.line-apps.com	three-back.work
1	cdn.pixabay.com	three-back.work
1	b.st-hatena.com	three-back.work
1	ajax.googleapis.com	three-back.work
1	www.three-back.work	1 redirects
172	37

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
b.hatena.ne.jp
line.me
nav.cx
kerosuke-net.com
ja.wordpress.org
manualstinger.com

Subject Issuer	Validity	Valid
three-back.work cPanel, Inc. Certification Authority	`2021-08-18` - `2021-11-16`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.b.st-hatena.com Amazon	`2020-10-25` - `2021-11-24`	a year	crt.sh
pixabay.com Cloudflare Inc ECC CA-3	`2021-05-12` - `2022-05-11`	a year	crt.sh
line-apps.com DigiCert SHA2 Secure Server CA	`2021-01-14` - `2022-01-18`	a year	crt.sh
*.line.me GlobalSign RSA OV SSL CA 2018	`2020-06-17` - `2022-09-05`	2 years	crt.sh
*.b.hatena.ne.jp Amazon	`2020-10-20` - `2021-11-19`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.ad4mat.net AlphaSSL CA - SHA256 - G2	`2019-08-06` - `2021-09-08`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-08` - `2022-07-07`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
*.w.org Sectigo RSA Domain Validation Secure Server CA	`2019-12-19` - `2021-12-18`	2 years	crt.sh
www.awin1.com DigiCert SHA2 Secure Server CA	`2021-06-11` - `2022-06-16`	a year	crt.sh
*.congstar.de TeleSec ServerPass Class 2 CA	`2021-05-18` - `2022-05-23`	a year	crt.sh

This page contains 22 frames:

Primary Page: https://three-back.work/
Frame ID: AD168A3B9C5664CEAB52FFC79ACE3BF6
Requests: 78 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210812/r20190131/zrt_lookup.html
Frame ID: 1F53AAD42E54E0B3B98BF3229B8EFAFD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&adk=1812271804&adf=3025194257&lmt=1629280232&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fthree-back.work%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=37&bdt=1333&idt=129&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3278037866339&frm=20&pv=2&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=257
Frame ID: 9D84379CAC067D81F25CD8102B220D3E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=5723592&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=130&bdt=1332&idt=166&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1439&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=umnvaHBYNu&p=https%3A//three-back.work&dtd=263
Frame ID: 85C02E581E06239389841E66D5D885D1
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=4251178241&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1332&idt=172&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5EMOAxCcd1&p=https%3A//three-back.work&dtd=267
Frame ID: CD9178422920B62951B27CA573046472
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=169&slotname=8212816143&adk=730500670&adf=3217087521&pi=t.ma~as.8212816143&w=300&lmt=1629280232&rafmt=11&psa=0&format=300x169&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1333&idt=173&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=4811&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=y3STaJCemN&p=https%3A//three-back.work&dtd=271
Frame ID: 857E665887B494D2F38CBD67CE7C1CFD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 7E865DBF3A2DE4C79684023919AD8082
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 52C5C007B99F50AD475786BEB1F6ABD5
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=2299719228&pi=t.aa~a.2711684385~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169&nras=2&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=1276&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=nmob6XWDbm&p=https%3A//three-back.work&dtd=22
Frame ID: E27E314FDFA2CE9AB5793B36CC50FE10
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=3957504909&pi=t.aa~a.4090112390~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600&nras=3&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=2281&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=4Pf4QTHbjr&p=https%3A//three-back.work&dtd=55
Frame ID: F031F7DBD9970874850BE618C03F0118
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=240&adk=2162206099&adf=2589725590&pi=t.aa~a.3867071496~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x240&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2327&idt=0&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600%2C300x600&nras=4&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=3741&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=RY9iQmnlS7&p=https%3A//three-back.work&dtd=59
Frame ID: DC2B6A996693E9E6C1F2EA86E3AB039E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Ajm_1Dco6FzJMXTSkNIprya5eOKjJQcFmLvO5y0HW5A.js
Frame ID: FCDF6E781C8F6D60707FA045F265A5C2
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Ajm_1Dco6FzJMXTSkNIprya5eOKjJQcFmLvO5y0HW5A.js
Frame ID: 8344971D3B7E64BA3CFA939D34691D6B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html
Frame ID: F94B2E1CA1831314044E387046EF0F73
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=C3G-96dccYdjAKNnf3wPmi7f4CqWp47NknMLto94Otobf4NooEAEgx-T4eWCVAqABn9K1twHIAQmpAurxuh3jp7M-qAMByANIqgS2AU_QsMjnv5FYKbHR35TiGVuZBwh0nwPDT8LTdm9yXot3u7Y9sw8k3TWX8XvgDaaTkCRvsh6WfbG-USRvdLbf8eV4_2E8m-gTHw2xnhhzWVjZvtK6XqKbQ_XKai7CO6kEE7DruRJaEsHSPlJLFV3GXxNCG5Fi-j8YKKz_yxYXqoEirMPWGdOppcOGATEpFgGd0WKkCQ6PQjUdxD_rUas3K8IWn0pLIhV0UQUggT6io7dgeP3e7od-wASNmL_j0wOSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHya3KyAKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQ-YQF0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBmBYBgBcBshccChoIABIUcHViLTE1ODE3MDUyODIxNzg1NTIYAA&sigh=_G_HhBxbQWw&template_id=419
Frame ID: 4361866EA4AEC64B2F6CF86C529E36D5
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 92927A1D7BD0CC39FC2E80A513668731
Requests: 2 HTTP requests in this frame

Frame: https://ad4m.at/ad/dr?ed=1jkg9qg818kntmkn4ejv6n464x8hb64vf6phjagr80pb0ek93k6j1dwr82eacgc45bpcgebak5bscn7v1stykm7ptmhzceevwgy7j1w920kd4j6wywjqk9x96yb8f7f781jz7017af06e4g0516sdrcstwnw2hsztp823whgrre1pyg8dshygsw7cjbmm81gvrweyhms6faevs1162mv1q3c75gkm04ake13mhzmve5y2n02crnn5wmt3jp6xge9phm511xtmm05e06wjf836s6ncnbnyhz42ybrb4pkmtd9b8ngg2jkgzg8rt6apz1g1tws93t29gktgt7jbvn0epbyqzy0788qbjce17d540syndwv78a4zzgfja74f8g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%26client%3Dca-pub-1581705282178552%26adurl%3D
Frame ID: 931A859585AEF4042C6B450C29B84B1C
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B16DF867DF5B02B133304750BB36DA2F
Requests: 9 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 2B05D376F97F883265D477006B047E5E
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=300&d=600&e=&g=8903cc4f60c22ddcee924b2a5ca3a8b9%2F17536670683614950352&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22c5d6611be5mgz1rk94akxss2mnp1d3srn88zaaj65dr4snmp2d76kfx4mhst05e4wdrm6nsy0te1tmkr65nzwp0jmvvvgrp4pm8y49khf92nwg6peyk8zknze50fyej8mag6wewhz8fe08b5s5tkkky1z50bdqpnx37myp03s6dr6hsxxykdczvs59h6djt11s6pw6w5h51p1zzge5c0ttsdhv44w4ms2gx2b8dv39t1kpm9yx7qgzn2qxwb8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%2526client%253Dca-pub-1581705282178552%2526adurl%253D&y=0&z=0
Frame ID: 7422399D34F24D2E2875FCC5F2669670
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: D02EE0DF3CD3516060081E347FF2F0A8
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 62BB47F1CB535B5E3934AB418A991A0B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.three-back.work/ HTTP 301
https://three-back.work/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

html /<link [^>]+(?:\/([\d.]+)\/)?slick-theme\.css/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

html /<link [^>]+(?:\/([\d.]+)\/)?slick-theme\.css/i

Page Statistics

172
Requests

99 %
HTTPS

54 %
IPv6

25
Domains

37
Subdomains

30
IPs

5
Countries

2120 kB
Transfer

4147 kB
Size

7
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/sharer.php?src=bm&u=https%3A%2F%2Fthree-back.work&t=%E5%85%BC%E6%A5%AD%E6%8A%95%E8%B3%87%E5%AE%B6%E3%81%A3%E3%81%BD%E3%81%84%E3%81%93%E3%81%A8%E3%82%92%E3%81%A4%E3%81%B6%E3%82%84%E3%81%84%E3%81%A6%E3%81%84%E3%81%8D%E3%81%BE%E3%81%99%E3%80%82%E4%B8%BB%E3%81%ABFX%E8%87%AA%E5%8B%95%E5%A3%B2%E8%B2%B7%E3%82%B7%E3%82%B9%E3%83%86%E3%83%A0%28EA%29%E3%81%A7%E3%81%AE%E9%81%8B%E7%94%A8%E5%A0%B1%E5%91%8A%E3%82%84%E3%80%81%E3%81%9D%E3%81%AE%E4%BB%96%E5%88%86%E6%95%A3%E6%8A%95%E8%B3%87%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6%E3%82%82%E3%81%A1%E3%82%87%E3%81%84%E3%81%A1%E3%82%87%E3%81%84%E3%81%94%E7%B4%B9%E4%BB%8B%E3%81%97%E3%81%A6%E3%81%84%E3%81%8D%E3%81%BE%E3%81%99%E3%80%82%20-%20FX%E8%87%AA%E5%8B%95%E5%A3%B2%E8%B2%B7blog%EF%BD%9C%E3%81%BF%E3%81%86%E3%83%A9%E3%83%9C
Title: Share Share

Search URL Search Domain Scan URL

URL: https://b.hatena.ne.jp/entry/
Title: Hatena Hatena

Search URL Search Domain Scan URL

URL: https://line.me/R/msg/text/?%E5%85%BC%E6%A5%AD%E6%8A%95%E8%B3%87%E5%AE%B6%E3%81%A3%E3%81%BD%E3%81%84%E3%81%93%E3%81%A8%E3%82%92%E3%81%A4%E3%81%B6%E3%82%84%E3%81%84%E3%81%A6%E3%81%84%E3%81%8D%E3%81%BE%E3%81%99%E3%80%82%E4%B8%BB%E3%81%ABFX%E8%87%AA%E5%8B%95%E5%A3%B2%E8%B2%B7%E3%82%B7%E3%82%B9%E3%83%86%E3%83%A0%28EA%29%E3%81%A7%E3%81%AE%E9%81%8B%E7%94%A8%E5%A0%B1%E5%91%8A%E3%82%84%E3%80%81%E3%81%9D%E3%81%AE%E4%BB%96%E5%88%86%E6%95%A3%E6%8A%95%E8%B3%87%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6%E3%82%82%E3%81%A1%E3%82%87%E3%81%84%E3%81%A1%E3%82%87%E3%81%84%E3%81%94%E7%B4%B9%E4%BB%8B%E3%81%97%E3%81%A6%E3%81%84%E3%81%8D%E3%81%BE%E3%81%99%E3%80%82%20-%20FX%E8%87%AA%E5%8B%95%E5%A3%B2%E8%B2%B7blog%EF%BD%9C%E3%81%BF%E3%81%86%E3%83%A9%E3%83%9C%0Ahttps%3A%2F%2Fthree-back.work
Title: LINE

Search URL Search Domain Scan URL

URL: http://nav.cx/5Z0HHab

Search URL Search Domain Scan URL

URL: https://kerosuke-net.com/%e3%81%8a%e9%87%91%e3%82%92%e6%8c%81%e3%81%a4%e3%81%aa%e3%82%89%e9%8a%80%e3%82%92%e6%8c%81%e3%81%a6%e3%80%80%ef%bd%9e%e3%81%aa%e3%81%9c%e9%8a%80%e3%81%aa%e3%81%ae%e3%81%8b%ef%
Title: お金を持つなら銀を持て　～なぜ銀なのか～ | 気付けば社長よりも幸せになっていたパパリーマン

Search URL Search Domain Scan URL

URL: https://ja.wordpress.org/
Title: WordPress.org

Search URL Search Domain Scan URL

URL: http://manualstinger.com/cr
Title: AFFINGER5

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.three-back.work/ HTTP 301
https://three-back.work/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 99

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 102

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 117

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 141

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKHXdGa2-aa56Hvdj3hotzi75_G5_bD2g41TlHIcO3-cnKUzymEpgwYe-Ftd1bgess0jRUIakA5--rgx2I3OKHtPT4jOiFb&google_gid=CAESEBUrK7JE-qyFBCYQmZaT2PQ&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKHXdGa2-aa56Hvdj3hotzi75_G5_bD2g41TlHIcO3-cnKUzymEpgwYe-Ftd1bgess0jRUIakA5--rgx2I3OKHtPT4jOiFb&google_gid=CAESEBUrK7JE-qyFBCYQmZaT2PQ&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA4MTgwOTUwMzQwMDAyMzQ5MzA5NTczNg%3D%3D&google_push=AYg5qPKHXdGa2-aa56Hvdj3hotzi75_G5_bD2g41TlHIcO3-cnKUzymEpgwYe-Ftd1bgess0jRUIakA5--rgx2I3OKHtPT4jOiFb

Request Chain 143

https://rtb.openx.net/sync/dds?google_gid=CAESEHg5rAfGdPm_Y5oPCWAqgPo&google_cver=1&google_push=AYg5qPK7OVsqojWZ96EliR5vQdThb15tOTJjj6IAE1x2Bm6HqN0SR-w36r6AZz3XTxWV1-UgqH704VmD-H5PG3BhwDEmaFh-Fbk5 HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEHg5rAfGdPm_Y5oPCWAqgPo&google_cver=1&google_push=AYg5qPK7OVsqojWZ96EliR5vQdThb15tOTJjj6IAE1x2Bm6HqN0SR-w36r6AZz3XTxWV1-UgqH704VmD-H5PG3BhwDEmaFh-Fbk5&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPK7OVsqojWZ96EliR5vQdThb15tOTJjj6IAE1x2Bm6HqN0SR-w36r6AZz3XTxWV1-UgqH704VmD-H5PG3BhwDEmaFh-Fbk5&google_hm=exy3Kn3NzqAoBldB1m78Tw==

Request Chain 144

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEZl_OR8RN2wPC3IK-WIwe0&google_cver=1&google_push=AYg5qPK02tj34hO8CSLU-xzOPgnSmcAnlDzxwhRt1vuwTLtN0i73qxyLwb7xSBQsUcsv-qWC7ZkuqKj9nYryNp3cRI2C4UP4ZWNr HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEZl_OR8RN2wPC3IK-WIwe0&google_cver=1&google_push=AYg5qPK02tj34hO8CSLU-xzOPgnSmcAnlDzxwhRt1vuwTLtN0i73qxyLwb7xSBQsUcsv-qWC7ZkuqKj9nYryNp3cRI2C4UP4ZWNr&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ngv9LWK5QjWlCjyl7-S-rQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPK02tj34hO8CSLU-xzOPgnSmcAnlDzxwhRt1vuwTLtN0i73qxyLwb7xSBQsUcsv-qWC7ZkuqKj9nYryNp3cRI2C4UP4ZWNr

Request Chain 145

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFGQH0lV8x0FK8pHGHx7I68&google_cver=1&google_push=AYg5qPIUsOKVjutlQJsrHfyvr1ARXQCc8w_Jc3wyJC4wtZg8WJNdW661JbMJeHct1T8AKzHgCzZHjLTcRQf0hzN7lNtDEXjEEdhP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NIQkRVSkotUC02SzIx&google_push=AYg5qPIUsOKVjutlQJsrHfyvr1ARXQCc8w_Jc3wyJC4wtZg8WJNdW661JbMJeHct1T8AKzHgCzZHjLTcRQf0hzN7lNtDEXjEEdhP

Request Chain 146

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc

Request Chain 170

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CNfR9uyluvICFZRx4AodU-ALDw;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1629280234_bbbc7ac0-0009-11ec-bfe3-692d0dec5663

172 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
three-back.work/
Redirect Chain

https://www.three-back.work/
https://three-back.work/

88 KB
15 KB

539ms
538ms

Document
text/html

150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 6ebd93a1f2f8d10de3ea98c2aaa56a0c316c203c9203dd545a9699a3fd04030b

Request headers

:method: GET
:authority: three-back.work
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
link: <https://three-back.work/index.php?rest_route=/>; rel="https://api.w.org/"
content-encoding: br
vary: Accept-Encoding
date: Wed, 18 Aug 2021 09:50:31 GMT
server: LiteSpeed

Redirect headers

content-type: text/html; charset=UTF-8
x-redirect-by: WordPress
location: https://three-back.work/
content-length: 0
date: Wed, 18 Aug 2021 09:50:29 GMT
server: LiteSpeed
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000

GET
H2 200 default-font-css.php
three-back.work/wp-content/plugins/japanese-font-for-tinymce/ 57 B
118 B 259ms
259ms Stylesheet
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/plugins/japanese-font-for-tinymce/default-font-css.php?fn&ver=5.8
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 615ad880102b508eabed46867224661b5142ad5bd9a0d87cff05712ea373035b

Request headers

:path: /wp-content/plugins/japanese-font-for-tinymce/default-font-css.php?fn&ver=5.8
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css; charset: UTF-8;charset=UTF-8
cache-control: public, max-age=604800
content-length: 48
expires: Wed, 25 Aug 2021 09:50:31 GMT

GET
H2 200 style.min.css
three-back.work/wp-includes/css/dist/block-library/ 79 KB
10 KB 254ms
253ms Stylesheet
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-includes/css/dist/block-library/style.min.css?ver=5.8
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Request headers

:path: /wp-includes/css/dist/block-library/style.min.css?ver=5.8
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
last-modified: Sun, 08 Aug 2021 06:42:01 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 9960
expires: Wed, 25 Aug 2021 09:50:31 GMT

GET
H2 200 styles.css
three-back.work/wp-content/plugins/contact-form-7/includes/css/ 3 KB
880 B 257ms
256ms Stylesheet
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.4.2
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 070edfef42e0980783d0acf8fa9ca6a9833b994eca13ffaa94e9a2deb47c92cf

Request headers

:path: /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.4.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
last-modified: Wed, 14 Jul 2021 12:01:46 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 824
expires: Wed, 25 Aug 2021 09:50:31 GMT

GET
H2 200 drawit.min.css
three-back.work/wp-content/plugins/drawit/css/ 1 KB
483 B 258ms
256ms Stylesheet
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/plugins/drawit/css/drawit.min.css?ver=1.1.3
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 745d8f58c6d5bf0e360b3665c7ea60fddfb2820d4d62e904a4043c4f145ba38f

Request headers

:path: /wp-content/plugins/drawit/css/drawit.min.css?ver=1.1.3
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
last-modified: Tue, 15 Oct 2019 13:47:45 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 425
expires: Wed, 25 Aug 2021 09:50:31 GMT

GET
H2 200 addfont.css
three-back.work/wp-content/plugins/japanese-font-for-tinymce/ 3 KB
701 B 258ms
257ms Stylesheet
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/plugins/japanese-font-for-tinymce/addfont.css?ver=5.8
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: af55f0c6a549d286354966d0e237909396d3c0af5a5a7b8ee750e147d6a9da85

Request headers

:path: /wp-content/plugins/japanese-font-for-tinymce/addfont.css?ver=5.8
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
last-modified: Fri, 16 Jul 2021 00:10:14 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 643
expires: Wed, 25 Aug 2021 09:50:31 GMT

GET
H2 200 screen.min.css
three-back.work/wp-content/plugins/table-of-contents-plus/ 1 KB
436 B 259ms
257ms Stylesheet
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/plugins/table-of-contents-plus/screen.min.css?ver=2106
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 2e36bd3bdbb929f427e79a6c84b7922b4375589386981eba29eb0cff57b02b1b

Request headers

:path: /wp-content/plugins/table-of-contents-plus/screen.min.css?ver=2106
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
last-modified: Wed, 23 Jun 2021 12:02:11 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 378
expires: Wed, 25 Aug 2021 09:50:31 GMT

GET
H2 200 normalize.css
three-back.work/wp-content/themes/affinger5/css/ 2 KB
799 B 259ms
257ms Stylesheet
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/themes/affinger5/css/normalize.css?ver=1.5.9
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 72e5e3fcd775fb75052cfa8980a8664b47e978d986fc7ab4ccd5f5c70c2ce9fb

Request headers

:path: /wp-content/themes/affinger5/css/normalize.css?ver=1.5.9
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
last-modified: Sat, 15 Feb 2020 03:29:40 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 741
expires: Wed, 25 Aug 2021 09:50:31 GMT

GET
H2 200 font-awesome.min.css
three-back.work/wp-content/themes/affinger5/css/fontawesome/css/ 30 KB
7 KB 259ms
257ms Stylesheet
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/themes/affinger5/css/fontawesome/css/font-awesome.min.css?ver=4.7.0
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

:path: /wp-content/themes/affinger5/css/fontawesome/css/font-awesome.min.css?ver=4.7.0
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
last-modified: Sat, 15 Feb 2020 03:29:40 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 6658
expires: Wed, 25 Aug 2021 09:50:31 GMT

GET
H2 200 font-awesome-animation.min.css
three-back.work/wp-content/themes/affinger5/css/fontawesome/css/ 18 KB
2 KB 260ms
259ms Stylesheet
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/themes/affinger5/css/fontawesome/css/font-awesome-animation.min.css?ver=5.8
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 3a4b03a6c128b46647ca81421d1b1db2577751a66b09c13677c8d753cac18c7a

Request headers

:path: /wp-content/themes/affinger5/css/fontawesome/css/font-awesome-animation.min.css?ver=5.8
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
last-modified: Sat, 15 Feb 2020 03:29:40 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1592
expires: Wed, 25 Aug 2021 09:50:31 GMT

GET
H2 200 style.css
three-back.work/wp-content/themes/affinger5/st_svg/ 2 KB
660 B 261ms
259ms Stylesheet
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/themes/affinger5/st_svg/style.css?ver=5.8
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 03d741330bbcf02d10b49ae22496c2dca57d21ed1d5a49ac303ef12869680d49

Request headers

:path: /wp-content/themes/affinger5/st_svg/style.css?ver=5.8
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
last-modified: Sat, 15 Feb 2020 03:29:40 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 626
expires: Wed, 25 Aug 2021 09:50:31 GMT

GET
H2 200 slick.css
three-back.work/wp-content/themes/affinger5/vendor/slick/ 2 KB
517 B 265ms
263ms Stylesheet
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/themes/affinger5/vendor/slick/slick.css?ver=1.8.0
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Request headers

:path: /wp-content/themes/affinger5/vendor/slick/slick.css?ver=1.8.0
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
last-modified: Sat, 15 Feb 2020 03:29:40 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 483
expires: Wed, 25 Aug 2021 09:50:31 GMT

GET
H2 200 slick-theme.css
three-back.work/wp-content/themes/affinger5/vendor/slick/ 3 KB
797 B 265ms
264ms Stylesheet
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/themes/affinger5/vendor/slick/slick-theme.css?ver=1.8.0
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a

Request headers

:path: /wp-content/themes/affinger5/vendor/slick/slick-theme.css?ver=1.8.0
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
last-modified: Sat, 15 Feb 2020 03:29:40 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 763
expires: Wed, 25 Aug 2021 09:50:31 GMT

GET
H2 200 style.css
three-back.work/wp-content/themes/affinger5/ 201 KB
36 KB 265ms
264ms Stylesheet
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/themes/affinger5/style.css?ver=5.8
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: e7363a2cbc6f57fe286b6fbdb6f13c57be00b8ef05e9afe1b82ac88d6026d7d3

Request headers

:path: /wp-content/themes/affinger5/style.css?ver=5.8
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
last-modified: Sat, 15 Feb 2020 03:29:40 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 36317
expires: Wed, 25 Aug 2021 09:50:31 GMT

GET
H2 200 style.css
three-back.work/wp-content/themes/affinger5-child/ 3 KB
877 B 499ms
498ms Stylesheet
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/themes/affinger5-child/style.css?ver=5.8
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 0d421ab8abaa2d4b88ecc19902a04d9b5ac812bbb4be158dd1a72437ab32926b

Request headers

:path: /wp-content/themes/affinger5-child/style.css?ver=5.8
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
last-modified: Sat, 09 Nov 2019 14:54:56 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 820
expires: Wed, 25 Aug 2021 09:50:31 GMT

GET
H2 200 st-rankcss.php
three-back.work/wp-content/themes/affinger5/ 14 KB
3 KB 501ms
500ms Stylesheet
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/themes/affinger5/st-rankcss.php
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 1f88721b914f3ea902885d622d6d7d8327b47e3714d0b6b3a8cf39604ee8b67c

Request headers

:path: /wp-content/themes/affinger5/st-rankcss.php
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
expires: Wed, 25 Aug 2021 09:50:31 GMT
server: LiteSpeed
cache-control: public, max-age=604800
vary: Accept-Encoding
content-type: text/css; charset=utf-8

GET
H2 200 jquery.fancybox.min.css
three-back.work/wp-content/plugins/easy-fancybox/css/ 4 KB
1 KB 500ms
499ms Stylesheet
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/plugins/easy-fancybox/css/jquery.fancybox.min.css?ver=1.3.24
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: f34bb7d9c8f2db0e78e5d7b226bc169182f8c22e7cd1a3e7b5767519b709c1bc

Request headers

:path: /wp-content/plugins/easy-fancybox/css/jquery.fancybox.min.css?ver=1.3.24
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
last-modified: Mon, 14 Oct 2019 04:59:34 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 969
expires: Wed, 25 Aug 2021 09:50:31 GMT

GET
H2 200 st-themecss-loader.php
three-back.work/wp-content/themes/affinger5/ 65 KB
13 KB 504ms
503ms Stylesheet
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/themes/affinger5/st-themecss-loader.php?ver=5.8
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: a986c1b3b11a193434bcbd30c93a88bb86f08c2bd43f442ccdb1fc0eae9f7df4

Request headers

:path: /wp-content/themes/affinger5/st-themecss-loader.php?ver=5.8
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: no-cache, must-revalidate, max-age=0
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 table-of-content-frontend.css
three-back.work/wp-content/plugins/cm-table-of-content/assets/css/ 1 KB
289 B 500ms
499ms Stylesheet
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/plugins/cm-table-of-content/assets/css/table-of-content-frontend.css?ver=5.8
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: ea8082a6abf62fbbf414a90dee70cf79916101737ca24079413708515a1e1a99

Request headers

:path: /wp-content/plugins/cm-table-of-content/assets/css/table-of-content-frontend.css?ver=5.8
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
last-modified: Fri, 04 Jun 2021 00:02:58 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 232
expires: Wed, 25 Aug 2021 09:50:31 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.3/ 94 KB
94 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js?ver=1.11.3

Requested by

Host: three-back.work
URL: https://three-back.work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 14:11:03 GMT
x-content-type-options: nosniff
age: 70768
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95992
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 14:11:03 GMT

GET
H2 200 quicktags.min.js Show response
three-back.work/wp-includes/js/ 11 KB
3 KB 545ms
544ms Script
application/javascript 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-includes/js/quicktags.min.js?ver=5.8
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 758415fd3b5867003c3649969039694ee59b4774bb58246f3ec644e1dc577885

Request headers

:path: /wp-includes/js/quicktags.min.js?ver=5.8
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
last-modified: Sun, 08 Aug 2021 06:42:03 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 3338
expires: Wed, 25 Aug 2021 09:50:31 GMT

GET
H2 200 qt-btn.js Show response
three-back.work/wp-content/plugins/drawit/js/ 4 KB
1 KB 545ms
545ms Script
application/javascript 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/plugins/drawit/js/qt-btn.js?ver=1.1.3
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 96e3246024b7d036175aef66849fdd5890c4d8f863bf827e5a57838b703b3d3b

Request headers

:path: /wp-content/plugins/drawit/js/qt-btn.js?ver=1.1.3
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:31 GMT
content-encoding: br
last-modified: Tue, 15 Oct 2019 13:47:45 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1312
expires: Wed, 25 Aug 2021 09:50:31 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 139 KB
49 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: three-back.work
URL: https://three-back.work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d5076107ffd915b0bed086e72862af2758b65f008ac3384195da2a79a8c848eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49837
x-xss-protection: 0
server: cafe
etag: 16356566113609430372
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 18 Aug 2021 09:50:32 GMT

GET
H2 200 15722441229840726-1-e1572355941876.png
three-back.work/wp-content/uploads/2019/10/ 9 KB
9 KB 293ms
293ms Image
image/png 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://three-back.work/wp-content/uploads/2019/10/15722441229840726-1-e1572355941876.png
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 023cd7e2d58f71286cca9d16a22508396798a90df55452def220aaccb03648ac

Request headers

:path: /wp-content/uploads/2019/10/15722441229840726-1-e1572355941876.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
last-modified: Tue, 29 Oct 2019 13:32:26 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 9484
expires: Wed, 25 Aug 2021 09:50:32 GMT

GET
H2 200 bookmark_button.js Show response
b.st-hatena.com/js/ 35 KB
11 KB 104ms
33ms Script
application/x-javascript 13.224.96.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://b.st-hatena.com/js/bookmark_button.js

Requested by

Host: three-back.work
URL: https://three-back.work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.45 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-96-45.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

df7082849e38de724a9e44f1169768edf49b462f04d295927960d588a735bb5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Mon, 16 Aug 2021 07:03:46 GMT
server: nginx
age: 83015
etag: W/"611a0dd2-8aee"
x-cache: Hit from cloudfront
content-type: application/x-javascript
access-control-allow-origin: https://b.hatena.ne.jp
cache-control: max-age=86400
date: Tue, 17 Aug 2021 10:46:57 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: bY3m0-9pY-TBvv9w8StBNqblDPoOkPvH212sPyvsaHudrkBSeN9MDw==
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
expires: Wed, 18 Aug 2021 10:46:57 GMT

GET
H2 200 dog-1532627_960_720.png
cdn.pixabay.com/photo/2016/07/21/14/18/ 120 KB
121 KB 65ms
44ms Image
image/webp 2606:4700::6812:14b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.pixabay.com/photo/2016/07/21/14/18/dog-1532627_960_720.png
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 340cebbd102b7e2229ef3e3d11779474717b3c1dd3446bf696deea24fab1df55

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
cf-cache-status: HIT
age: 2432505
cf-polished: origFmt=png, origSize=196841
cf-ray: 680a3d0a8822dfff-FRA
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="dog-1532627_960_720.webp"
cf-bgj: imgq:85,h2pri
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 123000
x-amz-id-2: cFmQwja7NMN3yCnDHuf5pvEHQC/B0vjH7Pf2Y62Cz0jiqYNb5v8wFkOR4X+ndoJ0evBHd7/5noQ=
last-modified: Wed, 27 Feb 2019 12:15:40 GMT
server: cloudflare
etag: "d91af8a3713a48a7686bce2c97f51e6b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
x-amz-request-id: HH87VG7FR5Y0Q228
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
x-amz-version-id: 3nMd4YsopvtB75977Dmrac_3hyMg3_1R
accept-ranges: bytes
content-type: image/webp
expires: Thu, 18 Aug 2022 09:50:32 GMT

GET
H2 200 ja.png
scdn.line-apps.com/n/line_add_friends/btn/ 4 KB
4 KB 100ms
30ms Image
image/png 2.18.232.182
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scdn.line-apps.com/n/line_add_friends/btn/ja.png
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.182 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-182.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: faf3a5b0232e4515f5c4b91225ab985faa6813ee78d0123a560def12ebe56597

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
last-modified: Mon, 19 Nov 2018 05:53:09 GMT
server: nginx
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=20663839
accept-ranges: bytes
content-length: 3973
expires: Thu, 14 Apr 2022 13:47:51 GMT

GET
H2 200 486walue.png
qr-official.line.me/sid/M/ 816 B
946 B 757ms
251ms Image
image/png 147.92.146.123
LINE LINE Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qr-official.line.me/sid/M/486walue.png
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.92.146.123 , Japan, ASN38631 (LINE LINE Corporation, JP),
Reverse DNS
Software: nginx /
Resource Hash: b03f8824c87fa1c322b227aeddb87d0bffb142815c18699c6fba59a59901a748

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
cache-control: max-age=86400
server: nginx
expires: Thu, 19 Aug 2021 09:50:32 GMT

GET
H2 200 search.png
three-back.work/wp-content/themes/affinger5/images/ 356 B
388 B 1412ms
1412ms Image
image/png 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://three-back.work/wp-content/themes/affinger5/images/search.png
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: eeccf8db2f38aff197eb60e56e0957b2035e3e4e51b6f2117d32e139ee711eff

Request headers

:path: /wp-content/themes/affinger5/images/search.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
last-modified: Sat, 15 Feb 2020 03:29:40 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 356
expires: Wed, 25 Aug 2021 09:50:32 GMT

GET
H2 200 wp-emoji-release.min.js Show response
three-back.work/wp-includes/js/ 18 KB
4 KB 261ms
254ms Script
application/javascript 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-includes/js/wp-emoji-release.min.js?ver=5.8
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=5.8
pragma: no-cache
cookie: FCCDCF=[null,null,["[[],[],[],[],null,null,true]",1629280232820],null,null]; __gads=ID=d7e780508231cab4-225fefb1adc900a2:T=1629280232:RT=1629280232:S=ALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:34 GMT
content-encoding: br
last-modified: Sun, 08 Aug 2021 06:42:03 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4539
expires: Wed, 25 Aug 2021 09:50:34 GMT

GET
H2 200 regenerator-runtime.min.js Show response
three-back.work/wp-includes/js/dist/vendor/ 6 KB
2 KB 255ms
254ms Script
application/javascript 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: e87a1c5e24f9a7c7dcb437417f0b05b0a3c12947ce32d65c990c988a8b5ed4d7

Request headers

:path: /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
content-encoding: br
last-modified: Sun, 08 Aug 2021 06:42:02 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2308
expires: Wed, 25 Aug 2021 09:50:32 GMT

GET
H2 200 wp-polyfill.min.js Show response
three-back.work/wp-includes/js/dist/vendor/ 16 KB
6 KB 288ms
287ms Script
application/javascript 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b

Request headers

:path: /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
content-encoding: br
last-modified: Sun, 08 Aug 2021 06:42:02 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5805
expires: Wed, 25 Aug 2021 09:50:32 GMT

GET
H2 200 index.js Show response
three-back.work/wp-content/plugins/contact-form-7/includes/js/ 13 KB
4 KB 494ms
491ms Script
application/javascript 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: eea0b9621509f98be77c5af1e9b5c952a675bda2b27c419876364017069e0c19

Request headers

:path: /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
content-encoding: br
last-modified: Wed, 14 Jul 2021 12:01:46 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 3837
expires: Wed, 25 Aug 2021 09:50:32 GMT

GET
H2 200 drawit-iframe.js Show response
three-back.work/wp-content/plugins/drawit/js/ 301 B
207 B 495ms
492ms Script
application/javascript 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/plugins/drawit/js/drawit-iframe.js?ver=1.1.3
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 2a4524121bf19007ba74de48ee59ab4226c29928282ef0534f07b499b3ca1c0d

Request headers

:path: /wp-content/plugins/drawit/js/drawit-iframe.js?ver=1.1.3
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
content-encoding: br
last-modified: Tue, 15 Oct 2019 13:47:45 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 149
expires: Wed, 25 Aug 2021 09:50:32 GMT

GET
H2 200 front.min.js Show response
three-back.work/wp-content/plugins/table-of-contents-plus/ 6 KB
2 KB 496ms
493ms Script
application/javascript 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/plugins/table-of-contents-plus/front.min.js?ver=2106
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 4b179562b883c1257aabbad3a5641f965dd7331faa31fe06382a5d8c62d5ee19

Request headers

:path: /wp-content/plugins/table-of-contents-plus/front.min.js?ver=2106
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
content-encoding: br
last-modified: Wed, 23 Jun 2021 12:02:11 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2181
expires: Wed, 25 Aug 2021 09:50:32 GMT

GET
H2 200 slick.js Show response
three-back.work/wp-content/themes/affinger5/vendor/slick/ 86 KB
14 KB 497ms
494ms Script
application/javascript 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/themes/affinger5/vendor/slick/slick.js?ver=1.5.9
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 3e65bc436e35cb24f4020abe8a71906ea53ca284df84095d6824e27f55883f90

Request headers

:path: /wp-content/themes/affinger5/vendor/slick/slick.js?ver=1.5.9
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
content-encoding: br
last-modified: Sat, 15 Feb 2020 03:29:40 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 14755
expires: Wed, 25 Aug 2021 09:50:32 GMT

GET
H2 200 base.js Show response
three-back.work/wp-content/themes/affinger5/js/ 12 KB
3 KB 1428ms
1428ms Script
application/javascript 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/themes/affinger5/js/base.js?ver=5.8
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 33a707e8755868f0d81e6d05162dd0239ed27ace94378585c2e82f306fa69f2e

Request headers

:path: /wp-content/themes/affinger5/js/base.js?ver=5.8
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
content-encoding: br
last-modified: Sat, 15 Feb 2020 03:29:40 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2845
expires: Wed, 25 Aug 2021 09:50:32 GMT

GET
H2 200 scroll.js Show response
three-back.work/wp-content/themes/affinger5/js/ 1018 B
523 B 723ms
722ms Script
application/javascript 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/themes/affinger5/js/scroll.js?ver=5.8
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 7437a5077982ed799fe7c545a0524124c2b620c79a27ac7662b61199b775c567

Request headers

:path: /wp-content/themes/affinger5/js/scroll.js?ver=5.8
pragma: no-cache
cookie: FCCDCF=[null,null,["[[],[],[],[],null,null,true]",1629280232820],null,null]; __gads=ID=d7e780508231cab4-225fefb1adc900a2:T=1629280232:RT=1629280232:S=ALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:33 GMT
content-encoding: br
last-modified: Sat, 15 Feb 2020 03:29:40 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 441
expires: Wed, 25 Aug 2021 09:50:33 GMT

GET
H2 200 st-copy-text.js Show response
three-back.work/wp-content/themes/affinger5/js/ 2 KB
718 B 723ms
722ms Script
application/javascript 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/themes/affinger5/js/st-copy-text.js?ver=5.8
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 56bf2dfb9f1735d0ec217531e6a064b01a5056e7b9f78246c93427299572421a

Request headers

:path: /wp-content/themes/affinger5/js/st-copy-text.js?ver=5.8
pragma: no-cache
cookie: FCCDCF=[null,null,["[[],[],[],[],null,null,true]",1629280232820],null,null]; __gads=ID=d7e780508231cab4-225fefb1adc900a2:T=1629280232:RT=1629280232:S=ALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:33 GMT
content-encoding: br
last-modified: Sat, 15 Feb 2020 03:29:40 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 638
expires: Wed, 25 Aug 2021 09:50:33 GMT

GET
H2 200 jquery.fancybox.min.js Show response
three-back.work/wp-content/plugins/easy-fancybox/js/ 19 KB
6 KB 254ms
253ms Script
application/javascript 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/plugins/easy-fancybox/js/jquery.fancybox.min.js?ver=1.3.24
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 948f0c154ad97428bc1d1dee456f2e20ec4e0e302b0d3189e08a4573cb63cdb3

Request headers

:path: /wp-content/plugins/easy-fancybox/js/jquery.fancybox.min.js?ver=1.3.24
pragma: no-cache
cookie: FCCDCF=[null,null,["[[],[],[],[],null,null,true]",1629280232820],null,null]; __gads=ID=d7e780508231cab4-225fefb1adc900a2:T=1629280232:RT=1629280232:S=ALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:33 GMT
content-encoding: br
last-modified: Mon, 14 Oct 2019 04:59:34 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5950
expires: Wed, 25 Aug 2021 09:50:33 GMT

GET
H2 200 jquery.easing.min.js Show response
three-back.work/wp-content/plugins/easy-fancybox/js/ 2 KB
838 B 259ms
252ms Script
application/javascript 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/plugins/easy-fancybox/js/jquery.easing.min.js?ver=1.4.1
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 0ec98adf593ebcc01bec60b1f494dacd47522abfef9038a714101d83f45e165d

Request headers

:path: /wp-content/plugins/easy-fancybox/js/jquery.easing.min.js?ver=1.4.1
pragma: no-cache
cookie: FCCDCF=[null,null,["[[],[],[],[],null,null,true]",1629280232820],null,null]; __gads=ID=d7e780508231cab4-225fefb1adc900a2:T=1629280232:RT=1629280232:S=ALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:34 GMT
content-encoding: br
last-modified: Mon, 14 Oct 2019 04:59:34 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 733
expires: Wed, 25 Aug 2021 09:50:34 GMT

GET
H2 200 jquery.mousewheel.min.js Show response
three-back.work/wp-content/plugins/easy-fancybox/js/ 3 KB
1 KB 259ms
253ms Script
application/javascript 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/plugins/easy-fancybox/js/jquery.mousewheel.min.js?ver=3.1.13
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: dd9bfe5f04d4e393463f42b4f503763c36693306dffef16d481e0c071b61ae64

Request headers

:path: /wp-content/plugins/easy-fancybox/js/jquery.mousewheel.min.js?ver=3.1.13
pragma: no-cache
cookie: FCCDCF=[null,null,["[[],[],[],[],null,null,true]",1629280232820],null,null]; __gads=ID=d7e780508231cab4-225fefb1adc900a2:T=1629280232:RT=1629280232:S=ALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:34 GMT
content-encoding: br
last-modified: Mon, 14 Oct 2019 04:59:34 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1051
expires: Wed, 25 Aug 2021 09:50:34 GMT

GET
H2 200 wp-embed.min.js Show response
three-back.work/wp-includes/js/ 1 KB
721 B 260ms
253ms Script
application/javascript 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-includes/js/wp-embed.min.js?ver=5.8
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

:path: /wp-includes/js/wp-embed.min.js?ver=5.8
pragma: no-cache
cookie: FCCDCF=[null,null,["[[],[],[],[],null,null,true]",1629280232820],null,null]; __gads=ID=d7e780508231cab4-225fefb1adc900a2:T=1629280232:RT=1629280232:S=ALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:34 GMT
content-encoding: br
last-modified: Mon, 15 Feb 2021 03:44:58 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 663
expires: Wed, 25 Aug 2021 09:50:34 GMT

GET
H2 200 matomo.js Show response
three-back.work/miulabo/ 61 KB
19 KB 261ms
255ms Script
application/javascript 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/miulabo/matomo.js
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 382843b96a3a0f2c2b38c583563caad12733ae44b4b5f1b97abe948fc461596f

Request headers

:path: /miulabo/matomo.js
pragma: no-cache
cookie: FCCDCF=[null,null,["[[],[],[],[],null,null,true]",1629280232820],null,null]; __gads=ID=d7e780508231cab4-225fefb1adc900a2:T=1629280232:RT=1629280232:S=ALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:34 GMT
content-encoding: br
last-modified: Mon, 11 Jan 2021 10:13:00 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 19278
expires: Wed, 25 Aug 2021 09:50:34 GMT

GET
H2 200 p5.png
three-back.work/wp-content/uploads/2019/10/ 135 B
200 B 293ms
292ms Image
image/png 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://three-back.work/wp-content/uploads/2019/10/p5.png
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 8255707b639b721c4c5a4329de6574331aadb575cedc7f032aa4858a0db73ae6

Request headers

:path: /wp-content/uploads/2019/10/p5.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
last-modified: Tue, 22 Oct 2019 13:10:37 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 135
expires: Wed, 25 Aug 2021 09:50:32 GMT

GET
H2 200 st-themecss-loader.php
three-back.work/wp-content/themes/affinger5/ 64 KB
64 KB 1479ms
1478ms Image
text/css 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://three-back.work/wp-content/themes/affinger5/st-themecss-loader.php?ver=5.8
Requested by: Host: three-back.work
URL: https://three-back.work/wp-content/themes/affinger5/st-themecss-loader.php?ver=5.8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /wp-content/themes/affinger5/st-themecss-loader.php?ver=5.8
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: three-back.work
referer: https://three-back.work/wp-content/themes/affinger5/st-themecss-loader.php?ver=5.8
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/wp-content/themes/affinger5/st-themecss-loader.php?ver=5.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:50:32 GMT
content-encoding: br
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: no-cache, must-revalidate, max-age=0
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 fontawesome-webfont.woff2
three-back.work/wp-content/themes/affinger5/css/fontawesome/fonts/ 75 KB
75 KB 490ms
489ms Font
font/woff2 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/themes/affinger5/css/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: three-back.work
URL: https://three-back.work/wp-content/themes/affinger5/css/fontawesome/css/font-awesome.min.css?ver=4.7.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

:path: /wp-content/themes/affinger5/css/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0
pragma: no-cache
origin: https://three-back.work
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: three-back.work
referer: https://three-back.work/wp-content/themes/affinger5/css/fontawesome/css/font-awesome.min.css?ver=4.7.0
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://three-back.work
Referer: https://three-back.work/wp-content/themes/affinger5/css/fontawesome/css/font-awesome.min.css?ver=4.7.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
last-modified: Sat, 15 Feb 2020 03:29:40 GMT
server: LiteSpeed
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 77160
expires: Wed, 25 Aug 2021 09:50:32 GMT

GET
H2 200 drawit-diagram-9.png
three-back.work/wp-content/uploads/2019/11/ 325 KB
325 KB 255ms
253ms Image
image/png 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://three-back.work/wp-content/uploads/2019/11/drawit-diagram-9.png
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 8f35757970e1ff0371dd3b3e16bf38f582072bf88cd9bdb7fccd25af04458dc7

Request headers

:path: /wp-content/uploads/2019/11/drawit-diagram-9.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
last-modified: Sat, 09 Nov 2019 02:28:35 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 333054
expires: Wed, 25 Aug 2021 09:50:32 GMT

GET
H2 200 landscape-2990060_960_720-150x150.jpg
three-back.work/wp-content/uploads/2021/08/ 5 KB
5 KB 880ms
878ms Image
image/jpeg 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://three-back.work/wp-content/uploads/2021/08/landscape-2990060_960_720-150x150.jpg
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 58629af3bd5fba642a9d794dc638478c29cb9daba582a7267fb608d6b3d36eb7

Request headers

:path: /wp-content/uploads/2021/08/landscape-2990060_960_720-150x150.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
last-modified: Sun, 15 Aug 2021 12:21:59 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5468
expires: Wed, 25 Aug 2021 09:50:32 GMT

GET
H2 200 entrepreneur-1340649_960_720-150x150.jpg
three-back.work/wp-content/uploads/2021/08/ 8 KB
8 KB 879ms
877ms Image
image/jpeg 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://three-back.work/wp-content/uploads/2021/08/entrepreneur-1340649_960_720-150x150.jpg
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: fbb12ac6c339e865da5258237ebae68e2314f9afa18e1494f49c357d9cd8a9c1

Request headers

:path: /wp-content/uploads/2021/08/entrepreneur-1340649_960_720-150x150.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
last-modified: Sun, 08 Aug 2021 07:01:59 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 7698
expires: Wed, 25 Aug 2021 09:50:32 GMT

GET
H2 200 %E3%82%B3%E3%83%A1%E3%83%B3%E3%83%88-2020-09-07-164206-150x150.jpg
three-back.work/wp-content/uploads/2020/09/ 4 KB
4 KB 880ms
878ms Image
image/jpeg 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://three-back.work/wp-content/uploads/2020/09/%E3%82%B3%E3%83%A1%E3%83%B3%E3%83%88-2020-09-07-164206-150x150.jpg
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: f15837157125dd8537e5c8691e10932f3c55f1a0cdadbf0d05dd6fabc7be8291

Request headers

:path: /wp-content/uploads/2020/09/%E3%82%B3%E3%83%A1%E3%83%B3%E3%83%88-2020-09-07-164206-150x150.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
last-modified: Mon, 07 Sep 2020 07:42:38 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 3942
expires: Wed, 25 Aug 2021 09:50:32 GMT

GET
H2 200 stsvg.ttf
three-back.work/wp-content/themes/affinger5/st_svg/fonts/ 3 KB
3 KB 276ms
266ms Font
font/ttf 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/wp-content/themes/affinger5/st_svg/fonts/stsvg.ttf?poe1v2
Requested by: Host: three-back.work
URL: https://three-back.work/wp-content/themes/affinger5/st_svg/style.css?ver=5.8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 398b6670ad0185a0996862a28b55e1bebac53a1cc7f8ed8e26e89b65eabf965d

Request headers

:path: /wp-content/themes/affinger5/st_svg/fonts/stsvg.ttf?poe1v2
pragma: no-cache
origin: https://three-back.work
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: three-back.work
referer: https://three-back.work/wp-content/themes/affinger5/st_svg/style.css?ver=5.8
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://three-back.work
Referer: https://three-back.work/wp-content/themes/affinger5/st_svg/style.css?ver=5.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
last-modified: Sat, 15 Feb 2020 03:29:40 GMT
server: LiteSpeed
content-type: font/ttf
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2684
expires: Wed, 25 Aug 2021 09:50:32 GMT

GET
H2 200 AlograndSmall3-150x150.jpg
three-back.work/wp-content/uploads/2021/04/ 2 KB
2 KB 254ms
253ms Image
image/jpeg 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://three-back.work/wp-content/uploads/2021/04/AlograndSmall3-150x150.jpg
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: d6cd52651fa64dd75f14c75dbe13d695dae01d05b0eaac3522f160c20273520d

Request headers

:path: /wp-content/uploads/2021/04/AlograndSmall3-150x150.jpg
pragma: no-cache
cookie: FCCDCF=[null,null,["[[],[],[],[],null,null,true]",1629280232820],null,null]; __gads=ID=d7e780508231cab4-225fefb1adc900a2:T=1629280232:RT=1629280232:S=ALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:34 GMT
last-modified: Fri, 23 Apr 2021 05:31:15 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1788
expires: Wed, 25 Aug 2021 09:50:34 GMT

GET
H2 200 rectangle_large_type_2_a47975da6e0e02f08493072442102797-150x150.jpg
three-back.work/wp-content/uploads/2020/08/ 5 KB
5 KB 260ms
253ms Image
image/jpeg 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://three-back.work/wp-content/uploads/2020/08/rectangle_large_type_2_a47975da6e0e02f08493072442102797-150x150.jpg
Requested by: Host: three-back.work
URL: https://three-back.work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: 29d96496ccfa8ad61ca499fb465ac1fa66ccca13be0919c6a16bcbc0ba2ca7d2

Request headers

:path: /wp-content/uploads/2020/08/rectangle_large_type_2_a47975da6e0e02f08493072442102797-150x150.jpg
pragma: no-cache
cookie: FCCDCF=[null,null,["[[],[],[],[],null,null,true]",1629280232820],null,null]; __gads=ID=d7e780508231cab4-225fefb1adc900a2:T=1629280232:RT=1629280232:S=ALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:34 GMT
last-modified: Sun, 23 Aug 2020 03:32:33 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4923
expires: Wed, 25 Aug 2021 09:50:34 GMT

GET
H2 200 /
b.hatena.ne.jp/entry/button/ 43 B
372 B 94ms
30ms Image
image/gif 13.224.96.118
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.hatena.ne.jp/entry/button/?url=https%3A%2F%2Fthree-back.work%2F&layout=simple&format=image

Requested by

Host: three-back.work
URL: https://three-back.work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-96-118.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:55:13 GMT
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
server: nginx
age: 3319
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
content-type: image/gif
cache-control: public, max-age=3600, s-maxage=3600
x-amz-cf-pop: ZRH50-C1
content-length: 43
x-amz-cf-id: fGryi-qTENy-d2C90KG1zD1QTZtCarBkx-exbRNGnw6Gl62V0o8EaA==

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108100101/ 252 KB
93 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108100101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1581705282178552&plah=three-back.work

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78ee91371f8346e61b9bd70b5d0378f34db690a31265df048a426e69e5fffa8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95574
x-xss-protection: 0
server: cafe
etag: 14295610613139830787
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 18 Aug 2021 09:50:32 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210812/r20190131/ Frame 1F53 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210812/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d5f3085127d154cbd72e219052312767d460633fafa6e38bb9a9446ddb03a270

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210812/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://three-back.work/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://three-back.work/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 17 Aug 2021 20:11:15 GMT
expires: Tue, 31 Aug 2021 20:11:15 GMT
content-type: text/html; charset=UTF-8
etag: 8999110079160743657
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4576
x-xss-protection: 0
age: 49157
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ca-pub-1581705282178552 Show response
fundingchoicesmessages.google.com/i/ 95 KB
35 KB 39ms
38ms Script
application/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-1581705282178552?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108100101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1581705282178552&plah=three-back.work

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a25f9c06df22a5b04bf070bde66fbf199cd2f7ea122d3a890cc4c45357ad4191

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Vzrxco3e9dSxAhlcvsDayg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-Vzrxco3e9dSxAhlcvsDayg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorServingWebSwitchboardHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorServingWebSwitchboardHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorServingWebSwitchboardHttp/external"}]}
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: script-src 'report-sample' 'nonce-Vzrxco3e9dSxAhlcvsDayg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-Vzrxco3e9dSxAhlcvsDayg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 AGSKWxV3Xns2oq5DTqNZQuNgY0iF0h0Q-6Mh60QDjAm2Pyb2D5jT-FM7hR7A4NYXAp76wJ310NgoFsMUaTrEQmpxzrY= Show response
fundingchoicesmessages.google.com/el/ 0
26 B 35ms
20ms XHR
text/html 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxV3Xns2oq5DTqNZQuNgY0iF0h0Q-6Mh60QDjAm2Pyb2D5jT-FM7hR7A4NYXAp76wJ310NgoFsMUaTrEQmpxzrY=?pvid=659D5794-078A-4534-BE5B-2843091860EB&anonid=AF3F8D08-A4B9-4DCA-B1E2-113414514030

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingLoaderClientJs.en_US.6ZgQMiRLF3E.es5.O/d=1/rs=AJlcJMzfr8eZ6Vo-GTdabkOsqX1mehA29A/m=loader_js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-9NcVWOq8YZkL8jqCosyuyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-9NcVWOq8YZkL8jqCosyuyQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://three-back.work
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-9NcVWOq8YZkL8jqCosyuyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-9NcVWOq8YZkL8jqCosyuyQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 AGSKWxUl7Qjlvb-F7jzFktEzHEquxaXBa-S7uxNqeft3y_SZ5mLrr-5oQ4HKR0nu7ioy_xrg0B18rVHhJGKFDuUvU-Y= Show response
fundingchoicesmessages.google.com/f/ 72 KB
27 KB 47ms
47ms Script
application/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUl7Qjlvb-F7jzFktEzHEquxaXBa-S7uxNqeft3y_SZ5mLrr-5oQ4HKR0nu7ioy_xrg0B18rVHhJGKFDuUvU-Y=?fccs=W251bGwsW1tdLFtdXSxudWxsLG51bGwsbnVsbCwyLFsxNjI5MjgwMjMyLDgzODAwMDAwMF0sIjY1OUQ1Nzk0LTA3OEEtNDUzNC1CRTVCLTI4NDMwOTE4NjBFQiIsIkFGM0Y4RDA4LUE0QjktNERDQS1CMUUyLTExMzQxNDUxNDAzMCIsbnVsbCxbbnVsbCxbN11dLCJodHRwczovL3RocmVlLWJhY2sud29yay8iXQ

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingLoaderClientJs.en_US.6ZgQMiRLF3E.es5.O/d=1/rs=AJlcJMzfr8eZ6Vo-GTdabkOsqX1mehA29A/m=loader_js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

309c75feee3d3ae292e6a0ee948693a0672e590e7069a0a683f0d9c979a9d371

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-nabTX7VgOWWmQ+F/Q7ov4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-nabTX7VgOWWmQ+F/Q7ov4Q' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:50:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'report-sample' 'nonce-nabTX7VgOWWmQ+F/Q7ov4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-nabTX7VgOWWmQ+F/Q7ov4Q' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 205 B
660 B 96ms
43ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=three-back.work&callback=_gfp_s_&client=ca-pub-1581705282178552

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

c91edd932920ea766ebcc477d6466f7f75179c4e8509f8798c29af354c4380ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 194
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 35ms
15ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=three-back.work

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 Aug 2021 09:50:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 40ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=three-back.work

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 Aug 2021 09:50:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9D84 25 KB
5 KB 523ms
508ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&adk=1812271804&adf=3025194257&lmt=1629280232&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fthree-back.work%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=37&bdt=1333&idt=129&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3278037866339&frm=20&pv=2&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=257

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

042b8d3ee42565179507f30eceb7fd3108e28bd06d87ffd843dcfac9252d5ff9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&adk=1812271804&adf=3025194257&lmt=1629280232&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fthree-back.work%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=37&bdt=1333&idt=129&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3278037866339&frm=20&pv=2&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=257
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://three-back.work/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://three-back.work/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 18 Aug 2021 09:50:33 GMT
server: cafe
content-length: 5415
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 18-Aug-2021 10:05:32 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 18 Aug 2021 09:50:33 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 85C0 81 KB
28 KB 447ms
436ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=5723592&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=130&bdt=1332&idt=166&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1439&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=umnvaHBYNu&p=https%3A//three-back.work&dtd=263

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f909bcd011d0f2906368d7bd276a17256450d6717d440aab4a4a5259bfed73f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=5723592&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=130&bdt=1332&idt=166&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1439&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=umnvaHBYNu&p=https%3A//three-back.work&dtd=263
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://three-back.work/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://three-back.work/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 18 Aug 2021 09:50:33 GMT
server: cafe
content-length: 28461
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 18-Aug-2021 10:05:32 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 18 Aug 2021 09:50:33 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CD91 92 KB
30 KB 452ms
446ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=4251178241&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1332&idt=172&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5EMOAxCcd1&p=https%3A//three-back.work&dtd=267

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b67a87413ddc25f7dd362cd9a6c9a8356eac9898abc3da90c6ea1e56858c4dc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=4251178241&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1332&idt=172&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5EMOAxCcd1&p=https%3A//three-back.work&dtd=267
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://three-back.work/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://three-back.work/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 18 Aug 2021 09:50:33 GMT
server: cafe
content-length: 30292
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 18-Aug-2021 10:05:32 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 18 Aug 2021 09:50:33 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 857E 430 B
229 B 285ms
284ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=169&slotname=8212816143&adk=730500670&adf=3217087521&pi=t.ma~as.8212816143&w=300&lmt=1629280232&rafmt=11&psa=0&format=300x169&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1333&idt=173&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=4811&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=y3STaJCemN&p=https%3A//three-back.work&dtd=271

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c44ef9b85a019fb318355095b3cdb9bf723394a862723dff6bc0bb59d18bf72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=169&slotname=8212816143&adk=730500670&adf=3217087521&pi=t.ma~as.8212816143&w=300&lmt=1629280232&rafmt=11&psa=0&format=300x169&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1333&idt=173&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=4811&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=y3STaJCemN&p=https%3A//three-back.work&dtd=271
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://three-back.work/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://three-back.work/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 18 Aug 2021 09:50:33 GMT
server: cafe
content-length: 206
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 18-Aug-2021 10:05:32 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 18 Aug 2021 09:50:33 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
28 KB 51ms
30ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61fe4436f1d882b3acd98fb2763984bacd382664582f4918647b89894f46b871

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629113446242536"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27733
x-xss-protection: 0
expires: Wed, 18 Aug 2021 09:50:32 GMT

POST
H3-29 204 AGSKWxVslhbKWnyAgtNx402UfuJQ-38kJUevph_kkqMV1c0jbSJnlhvhF3YcQ463Lhv2KRRPjrG2hv5uM0cRqMuFLBzWXmRJth74NelXycE4dmpqypAce1uS5A1lqUdYABb32Tbqg9pZlaKMDLZR05AhZAdQcNJYubxMXcIRgTejuH0eEtnkL1ZiHi1-c_dU Show response
fundingchoicesmessages.google.com/el/ 0
27 B 20ms
19ms XHR
text/html 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVslhbKWnyAgtNx402UfuJQ-38kJUevph_kkqMV1c0jbSJnlhvhF3YcQ463Lhv2KRRPjrG2hv5uM0cRqMuFLBzWXmRJth74NelXycE4dmpqypAce1uS5A1lqUdYABb32Tbqg9pZlaKMDLZR05AhZAdQcNJYubxMXcIRgTejuH0eEtnkL1ZiHi1-c_dU

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorIabCcpaWebSignalJs.en_US.ksegGfZA2BQ.es5.O/d=1/rs=AJlcJMysVx_e9mFcO0NqnOn557aGLCit_A/m=iabccpawebsignalscript

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-DOvTnQyPNhR1RCDBDpuQ7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-DOvTnQyPNhR1RCDBDpuQ7g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
access-control-allow-origin: https://three-back.work
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-DOvTnQyPNhR1RCDBDpuQ7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-DOvTnQyPNhR1RCDBDpuQ7g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 AGSKWxVslhbKWnyAgtNx402UfuJQ-38kJUevph_kkqMV1c0jbSJnlhvhF3YcQ463Lhv2KRRPjrG2hv5uM0cRqMuFLBzWXmRJth74NelXycE4dmpqypAce1uS5A1lqUdYABb32Tbqg9pZlaKMDLZR05AhZAdQcNJYubxMXcIRgTejuH0eEtnkL1ZiHi1-c_dU Show response
fundingchoicesmessages.google.com/el/ 0
26 B 54ms
54ms XHR
text/html 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-sSlRUUcLsKlFNIrhkSU1eg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-sSlRUUcLsKlFNIrhkSU1eg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://three-back.work
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-sSlRUUcLsKlFNIrhkSU1eg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-sSlRUUcLsKlFNIrhkSU1eg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 AGSKWxVoPdh0PyV0NtEQlp49-Edt9EeYTthX2DtohOGBs15UaUpg5anDSIW6btywW6FiTl7UMupjA4txsElKIPF08FiVcd8EAH0TYrn373K1cCprIfH3JZuQf6IgmNHKeiw_eBWfpm6HnBv8kVS3kLHePYnawzQSL3IQ7H21uqGgBJLTdGavy5r9xzRTCJjQ Show response
fundingchoicesmessages.google.com/f/ 70 KB
25 KB 37ms
37ms Script
application/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVoPdh0PyV0NtEQlp49-Edt9EeYTthX2DtohOGBs15UaUpg5anDSIW6btywW6FiTl7UMupjA4txsElKIPF08FiVcd8EAH0TYrn373K1cCprIfH3JZuQf6IgmNHKeiw_eBWfpm6HnBv8kVS3kLHePYnawzQSL3IQ7H21uqGgBJLTdGavy5r9xzRTCJjQ?fccs=W251bGwsW1tdLFtdXSxudWxsLG51bGwsbnVsbCwyLFsxNjI5MjgwMjMyLDkxMzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsMTBdXSwiaHR0cHM6Ly90aHJlZS1iYWNrLndvcmsvIl0

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a5b71d3064c633af57df01b4e531b5ae312560ba863f49f85886659fc8362e83

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-4cmxFHxRyGtxEe+CtyfBGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-4cmxFHxRyGtxEe+CtyfBGg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: script-src 'report-sample' 'nonce-4cmxFHxRyGtxEe+CtyfBGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-4cmxFHxRyGtxEe+CtyfBGg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 30ms
29ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=resize&scrl=0&adk=730500670&adf=3217087521&fmt=300x169&str=true&ad_y=4903.609375&vph=1200&r_nh=0&r_ifr=true&qid=CLqUleyluvICFQmJdwodwNAAtA&w=300&h=169&nh=0&rsz=%7C%7CeE%7C&abl=CS&frsz=false&err=0&url=https%3A%2F%2Fthree-back.work%2F

Requested by

Host: three-back.work
URL: https://three-back.work/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:50:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 3836214747063808748
tpc.googlesyndication.com/simgad/ Frame 85C0 23 KB
23 KB 36ms
14ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3836214747063808748?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qkaj4WTS63Gw52yv-Y7OIfQYuaLRQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=5723592&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=130&bdt=1332&idt=166&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1439&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=umnvaHBYNu&p=https%3A//three-back.work&dtd=263

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7a0ef432d4be320c344e54dbfcc49e1f00b9f0e5c1547aa4c29b4b9fd280927

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 16 Aug 2021 20:12:22 GMT
x-content-type-options: nosniff
last-modified: Fri, 30 Apr 2021 13:21:31 GMT
server: sffe
age: 135491
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23517
x-xss-protection: 0
expires: Tue, 16 Aug 2022 20:12:22 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210812/r20110914/ Frame 85C0 18 KB
8 KB 27ms
5ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210812/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ddee3b7550624c244258abdcfc2824ce6327e652d31a01db50d35083290d5326

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:49:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7622
x-xss-protection: 0
server: cafe
etag: 11770686601635027189
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 09:49:25 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/ Frame 85C0 2 KB
1 KB 31ms
14ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:48:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 09:48:39 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 85C0 124 KB
37 KB 30ms
16ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ea26b93c08451c3b36edf3aeed10447fcff13d7cd7fab7a8b9284d6af53185

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:33 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629113426487594"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38194
x-xss-protection: 0
expires: Wed, 18 Aug 2021 09:50:33 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/ Frame 85C0 14 KB
6 KB 29ms
11ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:44:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 351
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6205
x-xss-protection: 0
server: cafe
etag: 3431872159862141604
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 09:44:42 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 85C0 0
0 35ms
34ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C0PC86NccYa7pNdTb3wOFtYqwAdrT2MZi3JvokK4Nv-EeEAEgx-T4eWCVAqAB7u-jxwLIAQKoAwHIA8kEqgS5AU_QRsiVFjtwBeb2TmSz--2Qhj7wjQPQLNbVHvdp2rSOuEIXzo_3hJeKre-BhD64D8b32AKQtvrnitY8TkIbPQY5xzlWTWSgDYeBHmdFc_yzFFBWQtUFQ8sV3ve-yKnufu7b6VNmtYyIFBDHXxVwbCQDR3ZwUGRLkozlhsygMrbYdR2ntnCIut3OzOLJoKYcHKnneOp5sNjA6k45TtfwUCzVidKKOA7RA0goMQhd1nWPTEVnG4JSS-_lwASeup3owAOSBQQIBBgBkgUECAUYBKAGAoAH-o_cuAGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQobMB0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTE1ODE3MDUyODIxNzg1NTIYAA&sigh=GjWh-hb9dQI

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=5723592&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=130&bdt=1332&idt=166&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1439&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=umnvaHBYNu&p=https%3A//three-back.work&dtd=263
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 18 Aug 2021 09:50:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 18 Aug 2021 09:50:33 GMT

GET
H2 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/ Frame 85C0 26 KB
11 KB 26ms
11ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2964eaaa17b81ff911681e57089511c35c7ebbbb8cce98e8c64bad2de197149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 06:04:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13585
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10743
x-xss-protection: 0
server: cafe
etag: 8915488205478863544
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 06:04:08 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame CD91 6 KB
668 B 24ms
22ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=de

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=4251178241&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1332&idt=172&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5EMOAxCcd1&p=https%3A//three-back.work&dtd=267

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d4876c12b071f74470f52c0404d10730ab271ae769c2c407fe131dae8b33e236

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 08:15:28 GMT
server: ESF
date: Wed, 18 Aug 2021 09:50:33 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 18 Aug 2021 09:50:33 GMT

GET
H2 200 m_js_controller_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/ Frame CD91 31 KB
12 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/m_js_controller_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=4251178241&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1332&idt=172&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5EMOAxCcd1&p=https%3A//three-back.work&dtd=267

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f7518bdbb2f1de962712e98d51270975c9ae40f5fa9c82d0803f47023c0f904

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2514
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12648
x-xss-protection: 0
server: cafe
etag: 3919984641620196875
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 09:08:39 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CD91 124 KB
37 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=4251178241&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1332&idt=172&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5EMOAxCcd1&p=https%3A//three-back.work&dtd=267

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ea26b93c08451c3b36edf3aeed10447fcff13d7cd7fab7a8b9284d6af53185

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:33 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629113426487594"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38194
x-xss-protection: 0
expires: Wed, 18 Aug 2021 09:50:33 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/7095106912128358744/ Frame CD91 22 KB
22 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7095106912128358744/downsize_200k_v1?w=400&h=209

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=4251178241&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1332&idt=172&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5EMOAxCcd1&p=https%3A//three-back.work&dtd=267

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d9d0a192af19326de682dc0a4a0fd526190110fe5b2a40f3ecca9826754ea7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 07:59:52 GMT
x-content-type-options: nosniff
age: 93041
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22186
x-xss-protection: 0
last-modified: Fri, 16 Apr 2021 15:26:50 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 07:59:52 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210812/r20110914/ Frame CD91 18 KB
7 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210812/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=4251178241&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1332&idt=172&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5EMOAxCcd1&p=https%3A//three-back.work&dtd=267

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ddee3b7550624c244258abdcfc2824ce6327e652d31a01db50d35083290d5326

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:49:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7622
x-xss-protection: 0
server: cafe
etag: 11770686601635027189
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 09:49:25 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/ Frame CD91 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=4251178241&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1332&idt=172&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5EMOAxCcd1&p=https%3A//three-back.work&dtd=267

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:40:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 587
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 09:40:46 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/ Frame CD91 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=4251178241&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1332&idt=172&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5EMOAxCcd1&p=https%3A//three-back.work&dtd=267

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:44:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 351
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6205
x-xss-protection: 0
server: cafe
etag: 3431872159862141604
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 09:44:42 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7E86 143 B
163 B 15ms
7ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=5723592&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=130&bdt=1332&idt=166&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1439&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=umnvaHBYNu&p=https%3A//three-back.work&dtd=263
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=5723592&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=130&bdt=1332&idt=166&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=1439&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=umnvaHBYNu&p=https%3A//three-back.work&dtd=263

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 18 Aug 2021 09:42:57 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 456
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 85C0 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b895973fe0101d4a0b180c117dcec43a056e36f9b502c76197f4e7ca2dfea416

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame CD91 16 KB
16 KB 24ms
14ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=de

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 17:17:27 GMT
x-content-type-options: nosniff
age: 59586
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 17:17:27 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame CD91 15 KB
15 KB 34ms
24ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=de

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 01:45:21 GMT
x-content-type-options: nosniff
age: 115512
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 01:45:21 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame CD91 15 KB
15 KB 26ms
16ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=de

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 16 Aug 2021 18:26:24 GMT
x-content-type-options: nosniff
age: 141849
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Aug 2022 18:26:24 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame CD91 0
0 31ms
30ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CWm5r6NccYf7vNZiq3gOd7K3QDZTWjKxirabv79oNwI23ARABIMfk-HlglQKgAZu17ZQCyAEGqQLq8bod46ezPqgDAcgDywSqBLYBT9DkVSvUgDhDfNCGuVMrCXGXQxxzJVfBHLUnqwkzeyhrnNPF9m4dKQBSzTP_QrWrbgAZ5jcObVVXAHOAQyFZCOzHqT8PbMGWHo5ajRlB4LioIdFTPs40SGEonTWYc2nLV5Gj1DJNX4d_TfjN7EJisouzUgiHmXQt9DV3r8k9GftTN2nTEXbL7wG0G8M2qAM3MzVZIM35GwJZWl__RpXN6ANN53LrDbcLoyzs4A1I696VAhnBvsbABPLFrPGwA5IFBAgEGAGSBQQIBRgEoAY3gAfNypLrAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDNmAPSCAkIgOGAEBABGB-ACgHICwHYEw2IFALQFQGAFwGyFxwKGggAEhRwdWItMTU4MTcwNTI4MjE3ODU1MhgA&sigh=uRLmC2M-158&template_id=492

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=4251178241&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1332&idt=172&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5EMOAxCcd1&p=https%3A//three-back.work&dtd=267

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=4251178241&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1332&idt=172&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5EMOAxCcd1&p=https%3A//three-back.work&dtd=267
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 18 Aug 2021 09:50:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 52C5 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=4251178241&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1332&idt=172&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5EMOAxCcd1&p=https%3A//three-back.work&dtd=267

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=4251178241&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1332&idt=172&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5EMOAxCcd1&p=https%3A//three-back.work&dtd=267
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkUXMRlH7XfsefDgPsUW83qOfLgRtevPGZ-mwbS0_uISHPMCGYTCiUzoVUI79g; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=4251178241&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1332&idt=172&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5EMOAxCcd1&p=https%3A//three-back.work&dtd=267

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 18 Aug 2021 09:42:57 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 456
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame CD91 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a46d95bbc673fe6eff13c5644be9b8a2df82a4ae72c004705d92e26b3b4a7b82

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 29ms
27ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_success&c=4&wpc=ca-pub-1581705282178552&warn=12%2C13&w=1600&h=1200&eatf=false&reatf=false&a=6%2C1%2C5%2C7&apv=20210811_113656&sat=1629058727717&afm=2%2C0&as_count=2&d_count=0&ng_count=0&am_count=4&atf_count=0&mdns=0.053&alldns=0.280&allp=59&fd=(0%2C17%2C12)%2C(1%2C16%2C4)%2C(2%2C0%2C0)&pgh=7405&su=three-back.work&pvc=2501388766877624&r=0.1

Requested by

Host: three-back.work
URL: https://three-back.work/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:50:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 31ms
15ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=three-back.work

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 Aug 2021 09:50:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 30ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=three-back.work

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 Aug 2021 09:50:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E27E 430 B
227 B 318ms
318ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=2299719228&pi=t.aa~a.2711684385~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169&nras=2&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=1276&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=nmob6XWDbm&p=https%3A//three-back.work&dtd=22

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b58ab014a0a685b7669f1b5a9e6fe395bc6e917b9f8688ea685400c7a749de10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=2299719228&pi=t.aa~a.2711684385~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169&nras=2&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=1276&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=nmob6XWDbm&p=https%3A//three-back.work&dtd=22
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://three-back.work/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkUXMRlH7XfsefDgPsUW83qOfLgRtevPGZ-mwbS0_uISHPMCGYTCiUzoVUI79g; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://three-back.work/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 18 Aug 2021 09:50:33 GMT
server: cafe
content-length: 207
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F031 21 KB
10 KB 378ms
377ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=3957504909&pi=t.aa~a.4090112390~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600&nras=3&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=2281&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=4Pf4QTHbjr&p=https%3A//three-back.work&dtd=55

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a8e9b957289449027842c1d37a4eaf6317f638aa693c40465e214360cb80f46c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=3957504909&pi=t.aa~a.4090112390~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600&nras=3&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=2281&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=4Pf4QTHbjr&p=https%3A//three-back.work&dtd=55
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://three-back.work/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkUXMRlH7XfsefDgPsUW83qOfLgRtevPGZ-mwbS0_uISHPMCGYTCiUzoVUI79g; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://three-back.work/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 18 Aug 2021 09:50:34 GMT
server: cafe
content-length: 10273
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DC2B 123 KB
39 KB 295ms
294ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=240&adk=2162206099&adf=2589725590&pi=t.aa~a.3867071496~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x240&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2327&idt=0&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600%2C300x600&nras=4&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=3741&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=RY9iQmnlS7&p=https%3A//three-back.work&dtd=59

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ea702fb284f13ba5bdfd77cc825845858466e0e10956a007c616e7e00df9a24

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJjZxOyluvICFdnvdwod5sUNrw&gqi=6dccYaX1J56U9u8P6YO10A8&layout=/sadbundle/%24csp%253Der3%24/8955142657632080541/Front_300x250_v1/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=240&adk=2162206099&adf=2589725590&pi=t.aa~a.3867071496~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x240&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2327&idt=0&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600%2C300x600&nras=4&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=3741&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=RY9iQmnlS7&p=https%3A//three-back.work&dtd=59
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://three-back.work/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkUXMRlH7XfsefDgPsUW83qOfLgRtevPGZ-mwbS0_uISHPMCGYTCiUzoVUI79g; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://three-back.work/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJjZxOyluvICFdnvdwod5sUNrw&gqi=6dccYaX1J56U9u8P6YO10A8&layout=/sadbundle/%24csp%253Der3%24/8955142657632080541/Front_300x250_v1/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 18 Aug 2021 09:50:33 GMT
server: cafe
content-length: 39689
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7E86
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

39ms
39ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkUXMRlH7XfsefDgPsUW83qOfLgRtevPGZ-mwbS0_uISHPMCGYTCiUzoVUI79g; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 18 Aug 2021 09:50:33 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 18-Aug-2021 10:50:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 18 Aug 2021 09:50:33 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 18 Aug 2021 09:50:33 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 85C0 56 KB
22 KB 74ms
22ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

f88f3d9916d23136f41cc7587b6d1398583bcca71e68b38c828d6dbb41086f5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:18:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1916
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21544
x-xss-protection: 0
server: cafe
etag: 17504199737071481790
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 18 Aug 2021 10:18:37 GMT

GET
H3-29 200 Ajm_1Dco6FzJMXTSkNIprya5eOKjJQcFmLvO5y0HW5A.js Show response
pagead2.googlesyndication.com/bg/ Frame FCDF 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ajm_1Dco6FzJMXTSkNIprya5eOKjJQcFmLvO5y0HW5A.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0239bfd43728e85cc93174d290d229af26b978e2a325070598bbcee72d075b90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:20:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5382
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13491
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 Aug 2022 08:20:51 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 52C5
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

39ms
38ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=4251178241&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1332&idt=172&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5EMOAxCcd1&p=https%3A//three-back.work&dtd=267

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkUXMRlH7XfsefDgPsUW83qOfLgRtevPGZ-mwbS0_uISHPMCGYTCiUzoVUI79g; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 18 Aug 2021 09:50:33 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 18-Aug-2021 10:50:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 18 Aug 2021 09:50:33 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 18 Aug 2021 09:50:33 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Ajm_1Dco6FzJMXTSkNIprya5eOKjJQcFmLvO5y0HW5A.js Show response
pagead2.googlesyndication.com/bg/ Frame 8344 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ajm_1Dco6FzJMXTSkNIprya5eOKjJQcFmLvO5y0HW5A.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=201&slotname=8212816143&adk=3589416497&adf=4251178241&pi=t.ma~as.8212816143&w=800&lmt=1629280232&rafmt=11&psa=0&format=800x201&url=https%3A%2F%2Fthree-back.work%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280232593&bpp=1&bdt=1332&idt=172&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C800x201&nras=1&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5EMOAxCcd1&p=https%3A//three-back.work&dtd=267

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0239bfd43728e85cc93174d290d229af26b978e2a325070598bbcee72d075b90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:20:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5382
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13491
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 Aug 2022 08:20:51 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 85C0 0
348 B 93ms
46ms Ping
image/gif 2a00:1450:4002:404::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~kshbdu8x&e=21060101&ctx=2&gqid=6NccYc-lNd_M7_UPt-iZkAk&qqid=CK79lOyluvICFdTtdwodhZoCFg&met.4=fb.co~lb.ga~ol.mj~bdt.-18b~bpp.-3p~idt.-2p~dtd.0~dt.-7b&met.3=422.d5~555.i1~556.i1_2~735.ig_1~113.qx_4~112.qw_6&met.1=1.kshbdti0~6.1~7.1~8.1~9.1~10.1~12.c~13.cg~14.ci~15.ck~16.gb~17.gb~18.gc~19.mg~20.mg~21.mk~22.d0~23.d0&met.7=CAUQCBgBMMEDOKsGaAxwwAN4x94BgAGt3gGIAZaFBbABAbgBAw~CBcQBhgBIMcDKMcDMPADOClo3QNw6wN4_7gBgAHdtwGIAd23AbABAbgBAw~CAkQChgBIMcDKMcDMOMDOBxAyANIyQNQyQNY3ANgzgNo3QNw4wN42z-AAcY7iAGHkgGwAQG4AQM~CB4QChgBIMcDKMcDMOsDOCRo3QNw6wN4pQuAAbsKiAHhE7ABAbgBAw~CBwQChgBIMgDKMgDMOkDOCFo3QNw6AN4qDGAAb0wiAGWcLABAbgBAw~CCoQChgBIMgDKMgDMPMDOCs~CCEQBBgBIM0DKM0DMPEDOCRozgNw8AN4FbABAbgBAw~CBwQChgBIM8DKM8DMOsDOBxo3QNw6QN45FSAAfdTiAHSzQGwAQG4AQM~CCgQBRgBIOgDKOgDMPoDOBNo8wNw-gN4owGAAZEBiAGPAbABAbgBAw~CCgQChgBIL8GKL8GMJgHOFlAvwZIwAZQwAZY8wZgzQZo8wZwiQd456wBgAGoqAGIAau_A7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4002:404::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:50:33 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 27ms
26ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=resize&scrl=0&adk=1857935866&adf=2299719228&fmt=300x600&str=true&ad_y=1275.609375&vph=1200&r_nh=0&r_ifr=true&qid=CIbvwuyluvICFUq8dwod5ZIGVw&w=300&h=600&nh=0&rsz=%7C%7CeE%7C&abl=CS&frsz=false&err=0&url=https%3A%2F%2Fthree-back.work%2F

Requested by

Host: three-back.work
URL: https://three-back.work/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:50:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/ Frame F94B 23 KB
6 KB 8ms
8ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html

Requested by

Host: three-back.work
URL: https://three-back.work/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1746cc85018bab92f0442999d488e5bd3a39a132966b50133a3ccfccdf708d1d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Wed, 11 Aug 2021 17:10:09 GMT
expires: Thu, 11 Aug 2022 17:10:09 GMT
last-modified: Wed, 11 Aug 2021 14:52:40 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 6580
age: 578424
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 4361 0
0 32ms
30ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C3G-96dccYdjAKNnf3wPmi7f4CqWp47NknMLto94Otobf4NooEAEgx-T4eWCVAqABn9K1twHIAQmpAurxuh3jp7M-qAMByANIqgS2AU_QsMjnv5FYKbHR35TiGVuZBwh0nwPDT8LTdm9yXot3u7Y9sw8k3TWX8XvgDaaTkCRvsh6WfbG-USRvdLbf8eV4_2E8m-gTHw2xnhhzWVjZvtK6XqKbQ_XKai7CO6kEE7DruRJaEsHSPlJLFV3GXxNCG5Fi-j8YKKz_yxYXqoEirMPWGdOppcOGATEpFgGd0WKkCQ6PQjUdxD_rUas3K8IWn0pLIhV0UQUggT6io7dgeP3e7od-wASNmL_j0wOSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHya3KyAKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQ-YQF0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBmBYBgBcBshccChoIABIUcHViLTE1ODE3MDUyODIxNzg1NTIYAA&sigh=_G_HhBxbQWw&template_id=419

Requested by

Host: three-back.work
URL: https://three-back.work/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=240&adk=2162206099&adf=2589725590&pi=t.aa~a.3867071496~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x240&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2327&idt=0&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600%2C300x600&nras=4&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=3741&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=RY9iQmnlS7&p=https%3A//three-back.work&dtd=59
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 18 Aug 2021 09:50:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210812/r20110914/ Frame 4361 18 KB
7 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210812/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=240&adk=2162206099&adf=2589725590&pi=t.aa~a.3867071496~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x240&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2327&idt=0&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600%2C300x600&nras=4&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=3741&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=RY9iQmnlS7&p=https%3A//three-back.work&dtd=59

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ddee3b7550624c244258abdcfc2824ce6327e652d31a01db50d35083290d5326

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:49:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7622
x-xss-protection: 0
server: cafe
etag: 11770686601635027189
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 09:49:25 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/ Frame 4361 2 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=240&adk=2162206099&adf=2589725590&pi=t.aa~a.3867071496~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x240&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2327&idt=0&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600%2C300x600&nras=4&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=3741&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=RY9iQmnlS7&p=https%3A//three-back.work&dtd=59

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:40:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 587
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 09:40:46 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4361 124 KB
37 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=240&adk=2162206099&adf=2589725590&pi=t.aa~a.3867071496~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x240&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2327&idt=0&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600%2C300x600&nras=4&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=3741&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=RY9iQmnlS7&p=https%3A//three-back.work&dtd=59

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ea26b93c08451c3b36edf3aeed10447fcff13d7cd7fab7a8b9284d6af53185

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:34 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629113426487594"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38194
x-xss-protection: 0
expires: Wed, 18 Aug 2021 09:50:34 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/ Frame 4361 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=240&adk=2162206099&adf=2589725590&pi=t.aa~a.3867071496~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x240&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2327&idt=0&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600%2C300x600&nras=4&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=3741&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=RY9iQmnlS7&p=https%3A//three-back.work&dtd=59

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:44:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 351
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6205
x-xss-protection: 0
server: cafe
etag: 3431872159862141604
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 09:44:42 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 4361 0
0 15ms
14ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRxMdjxqzJ2IGfPVk3lB8z0NQb07IOK4he82gcP17c5Zb9zLpaTdVVMIC5GCzHzj9a2VnglAasBUYWtBziiO099J1oVvA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=240&adk=2162206099&adf=2589725590&pi=t.aa~a.3867071496~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x240&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2327&idt=0&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600%2C300x600&nras=4&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=3741&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=RY9iQmnlS7&p=https%3A//three-back.work&dtd=59
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 9292 143 B
163 B 9ms
8ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=240&adk=2162206099&adf=2589725590&pi=t.aa~a.3867071496~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x240&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2327&idt=0&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600%2C300x600&nras=4&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=3741&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=RY9iQmnlS7&p=https%3A//three-back.work&dtd=59

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=240&adk=2162206099&adf=2589725590&pi=t.aa~a.3867071496~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x240&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2327&idt=0&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600%2C300x600&nras=4&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=3741&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=RY9iQmnlS7&p=https%3A//three-back.work&dtd=59
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkUXMRlH7XfsefDgPsUW83qOfLgRtevPGZ-mwbS0_uISHPMCGYTCiUzoVUI79g; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=240&adk=2162206099&adf=2589725590&pi=t.aa~a.3867071496~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x240&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2327&idt=0&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600%2C300x600&nras=4&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=3741&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=RY9iQmnlS7&p=https%3A//three-back.work&dtd=59

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 18 Aug 2021 09:42:57 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 456
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 4361 0
20 B 43ms
28ms Other
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJjZxOyluvICFdnvdwod5sUNrw&gqi=6dccYaX1J56U9u8P6YO10A8&layout=/sadbundle/%24csp%253Der3%24/8955142657632080541/Front_300x250_v1/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=240&adk=2162206099&adf=2589725590&pi=t.aa~a.3867071496~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x240&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2327&idt=0&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600%2C300x600&nras=4&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=3741&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=RY9iQmnlS7&p=https%3A//three-back.work&dtd=59

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:50:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame F94B 9 KB
3 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 19:35:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51284
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 18 Aug 2021 19:35:50 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame F94B 26 KB
10 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 12:37:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76381
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 18 Aug 2021 12:37:33 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 9292
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

40ms
39ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=240&adk=2162206099&adf=2589725590&pi=t.aa~a.3867071496~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x240&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2327&idt=0&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600%2C300x600&nras=4&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=3741&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=RY9iQmnlS7&p=https%3A//three-back.work&dtd=59

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkUXMRlH7XfsefDgPsUW83qOfLgRtevPGZ-mwbS0_uISHPMCGYTCiUzoVUI79g; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 18 Aug 2021 09:50:34 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 18-Aug-2021 10:50:34 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 18 Aug 2021 09:50:34 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 18 Aug 2021 09:50:34 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 bg4.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/ Frame F94B 11 KB
11 KB 12ms
9ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/bg4.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cab7a7f81e564170298180caa05c0974b0a0cfd61d9ad832a51b7eaa2c8a2d0

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 578425
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11654
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:52:40 GMT
server: sffe
date: Wed, 11 Aug 2021 17:10:09 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Aug 2022 17:10:09 GMT

GET
H3-29 200 bg3.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/ Frame F94B 11 KB
11 KB 13ms
9ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/bg3.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cab7a7f81e564170298180caa05c0974b0a0cfd61d9ad832a51b7eaa2c8a2d0

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 578425
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11654
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:52:40 GMT
server: sffe
date: Wed, 11 Aug 2021 17:10:09 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Aug 2022 17:10:09 GMT

GET
H3-29 200 bg2.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/ Frame F94B 17 KB
17 KB 18ms
15ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/bg2.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

761234007ae6b72ef3d4e81cf40cbd68cea3bc1f068fee8d41d369078311439d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 578425
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17760
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:52:40 GMT
server: sffe
date: Wed, 11 Aug 2021 17:10:09 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Aug 2022 17:10:09 GMT

GET
H3-29 200 bg1.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/ Frame F94B 11 KB
11 KB 16ms
13ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/bg1.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cab7a7f81e564170298180caa05c0974b0a0cfd61d9ad832a51b7eaa2c8a2d0

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 578425
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11654
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:52:40 GMT
server: sffe
date: Wed, 11 Aug 2021 17:10:09 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Aug 2022 17:10:09 GMT

GET
H3-29 200 logo.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/ Frame F94B 2 KB
2 KB 19ms
17ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/logo.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aca78b4715adbf0d27ea5e6ac7a5ac7d3eb55f051f2b767dd05f2f558c2ee3ac

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 578425
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2084
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:52:40 GMT
server: sffe
date: Wed, 11 Aug 2021 17:10:09 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Aug 2022 17:10:09 GMT

GET
H3-29 200 copy1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/ Frame F94B 8 KB
8 KB 20ms
17ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/copy1.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd6165c811e4f4ddda33e4e702db8abdca667da13716386ce75ae22e9886f05c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 578425
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7993
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:52:40 GMT
server: sffe
date: Wed, 11 Aug 2021 17:10:09 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Aug 2022 17:10:09 GMT

GET
H3-29 200 copy2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/ Frame F94B 8 KB
8 KB 13ms
10ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/copy2.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f10ffb92150be60d7ca32316c2e8e689ad610a1bcbacb3d8640d2571f9917771

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 578425
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8204
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:52:40 GMT
server: sffe
date: Wed, 11 Aug 2021 17:10:09 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Aug 2022 17:10:09 GMT

GET
H3-29 200 copy3.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/ Frame F94B 8 KB
8 KB 15ms
13ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/copy3.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d892d7f2ff79e40b7e8bfa74bb5bca608fda830a88efd5092ac1da9f8e1299b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 578425
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8493
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:52:40 GMT
server: sffe
date: Wed, 11 Aug 2021 17:10:09 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Aug 2022 17:10:09 GMT

GET
H3-29 200 endFrame1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/ Frame F94B 1 KB
1 KB 16ms
14ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/endFrame1.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5dc7e19fb451f1d64df8ab4a670f777c88101d8519e1dc670940dd03625457b2

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 578425
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1330
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:52:40 GMT
server: sffe
date: Wed, 11 Aug 2021 17:10:09 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/content-ads-owners
expires: Thu, 11 Aug 2022 17:10:09 GMT

GET
H3-29 200 endFrame2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/ Frame F94B 1 KB
1 KB 18ms
16ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/endFrame2.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

182227da36476403253412438e62f6d3269e419b45f914bee4ce04b5881d3e8a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 578425
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1098
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:52:40 GMT
server: sffe
date: Wed, 11 Aug 2021 17:10:09 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Aug 2022 17:10:09 GMT

GET
H3-29 200 endFrame3.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/ Frame F94B 10 KB
10 KB 13ms
11ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/endFrame3.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75970d2edf903237a88bf7dee75f7f78dcece4b01bfd0451b33c0aad0cb6a21b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 578425
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10079
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:52:40 GMT
server: sffe
date: Wed, 11 Aug 2021 17:10:09 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Aug 2022 17:10:09 GMT

GET
H3-29 200 endFrame4.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/ Frame F94B 8 KB
8 KB 16ms
14ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/endFrame4.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf921c508b5b894f98bbe7a73fade7b515a06a10b0ea85454acf09a15c4c74b8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 578425
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7805
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:52:40 GMT
server: sffe
date: Wed, 11 Aug 2021 17:10:09 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Aug 2022 17:10:09 GMT

GET
H3-29 200 cta.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/ Frame F94B 4 KB
4 KB 12ms
10ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/images/cta.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8955142657632080541/Front_300x250_v1/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c30d817904ac7f0ac411f03e3a69bb9a658415da6d01c455360b2b5230835674

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 578425
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3686
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 14:52:40 GMT
server: sffe
date: Wed, 11 Aug 2021 17:10:09 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Aug 2022 17:10:09 GMT

GET
DATA 200
OK truncated
/ Frame 4361 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2f7d33eb35a98b9095accf4c2d455dc982d2d59601b46b0807303eb58c42c7a0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/ Frame F031 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=3957504909&pi=t.aa~a.4090112390~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600&nras=3&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=2281&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=4Pf4QTHbjr&p=https%3A//three-back.work&dtd=55

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:40:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 588
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 09:40:46 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F031 124 KB
37 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=3957504909&pi=t.aa~a.4090112390~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600&nras=3&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=2281&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=4Pf4QTHbjr&p=https%3A//three-back.work&dtd=55

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ea26b93c08451c3b36edf3aeed10447fcff13d7cd7fab7a8b9284d6af53185

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:34 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629113426487594"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38194
x-xss-protection: 0
expires: Wed, 18 Aug 2021 09:50:34 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/ Frame F031 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=3957504909&pi=t.aa~a.4090112390~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600&nras=3&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=2281&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=4Pf4QTHbjr&p=https%3A//three-back.work&dtd=55

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:44:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 352
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6205
x-xss-protection: 0
server: cafe
etag: 3431872159862141604
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 09:44:42 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame F031 0
0 30ms
29ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CJJ8I6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSpAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8xYlWshsgx_OmVkwcTz3wAjGOuABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTE1ODE3MDUyODIxNzg1NTIYAA&sigh=u-NXwK-LziY

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=3957504909&pi=t.aa~a.4090112390~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600&nras=3&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=2281&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=4Pf4QTHbjr&p=https%3A//three-back.work&dtd=55

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=3957504909&pi=t.aa~a.4090112390~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600&nras=3&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=2281&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=4Pf4QTHbjr&p=https%3A//three-back.work&dtd=55
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 18 Aug 2021 09:50:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame F031 0
0 33ms
17ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1jaq9rxba2mjjjjkfc4jn7473jdw4b4mk2t9mxpmwgg5akx2dwphm1efh73h3x3qnkvsw211317q88pqnpr6v3z387k4jjhtt41j58hgh7zrf6gx89h3cqpf2fzns3x4k3rs1xvagfgrcdh76sw9krsyawy859wsyzky2emtcxyza4qdza057wmsbeyez9nyba7v38t23egzvk53kayx2k5rssjy55h0g8qkew8kj94cq5qpctjdcrbkqnnsm2thxmkb8x272zqg7syd56bsf5rmsm60jyngjfx2vaga71dr6k0e21375x2ry7nd5y7jz9trke74rjcrtm4g2etepxz2z8xzaa2ezaaa8mncqtndhhb2ck9g47802v55v5nsj0r99aqsdm&b=YRzX6QAKDPUKd_KUAAWv2DOgvFJEfe03cORCbg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=3957504909&pi=t.aa~a.4090112390~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600&nras=3&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=2281&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=4Pf4QTHbjr&p=https%3A//three-back.work&dtd=55
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 18 Aug 2021 09:50:34 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
ad4m.at/ad/ Frame 931A 2 KB
2 KB 37ms
20ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dr?ed=1jkg9qg818kntmkn4ejv6n464x8hb64vf6phjagr80pb0ek93k6j1dwr82eacgc45bpcgebak5bscn7v1stykm7ptmhzceevwgy7j1w920kd4j6wywjqk9x96yb8f7f781jz7017af06e4g0516sdrcstwnw2hsztp823whgrre1pyg8dshygsw7cjbmm81gvrweyhms6faevs1162mv1q3c75gkm04ake13mhzmve5y2n02crnn5wmt3jp6xge9phm511xtmm05e06wjf836s6ncnbnyhz42ybrb4pkmtd9b8ngg2jkgzg8rt6apz1g1tws93t29gktgt7jbvn0epbyqzy0788qbjce17d540syndwv78a4zzgfja74f8g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%26client%3Dca-pub-1581705282178552%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=3957504909&pi=t.aa~a.4090112390~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600&nras=3&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=2281&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=4Pf4QTHbjr&p=https%3A//three-back.work&dtd=55

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f80f03eda987ad9f833dac27b6815d22d556d30adb707f2da2f9da7c83a70b10

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dr?ed=1jkg9qg818kntmkn4ejv6n464x8hb64vf6phjagr80pb0ek93k6j1dwr82eacgc45bpcgebak5bscn7v1stykm7ptmhzceevwgy7j1w920kd4j6wywjqk9x96yb8f7f781jz7017af06e4g0516sdrcstwnw2hsztp823whgrre1pyg8dshygsw7cjbmm81gvrweyhms6faevs1162mv1q3c75gkm04ake13mhzmve5y2n02crnn5wmt3jp6xge9phm511xtmm05e06wjf836s6ncnbnyhz42ybrb4pkmtd9b8ngg2jkgzg8rt6apz1g1tws93t29gktgt7jbvn0epbyqzy0788qbjce17d540syndwv78a4zzgfja74f8g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%26client%3Dca-pub-1581705282178552%26adurl%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Wed, 18 Aug 2021 09:50:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
x-fastcgi-cache: BYPASS
x-backend-server: adsrv-7b12
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 680a3d172f1f05f1-FRA
content-encoding: br

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B16D 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=3957504909&pi=t.aa~a.4090112390~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600&nras=3&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=2281&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=4Pf4QTHbjr&p=https%3A//three-back.work&dtd=55

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 18 Aug 2021 03:09:05 GMT
expires: Thu, 19 Aug 2021 03:09:05 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 24089
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Ajm_1Dco6FzJMXTSkNIprya5eOKjJQcFmLvO5y0HW5A.js Show response
pagead2.googlesyndication.com/bg/ Frame F94B 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ajm_1Dco6FzJMXTSkNIprya5eOKjJQcFmLvO5y0HW5A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0239bfd43728e85cc93174d290d229af26b978e2a325070598bbcee72d075b90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:20:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5383
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13491
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 Aug 2022 08:20:51 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame B16D 35 B
464 B 30ms
10ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEN2S2OJLbEFhXNr5u_jT7XA&google_cver=1&google_push=AYg5qPLcdcgg83pvWtlS-OUkGruUq0NcXXWtmDwfJxX3-Io81w0tD2u8DafCrxOj2Hv9Ke7dz4-DE5Blvdv5xC3IvOzhOYvpFS5Z

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=3957504909&pi=t.aa~a.4090112390~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600&nras=3&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=2281&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=4Pf4QTHbjr&p=https%3A//three-back.work&dtd=55

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:50:34 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame B16D
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKHXdGa...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKHXdGa...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA4MTgwOTUwMzQwMDAyMzQ5MzA5NTczNg%3D%3D&google_push=AYg5qPKHXdGa2-aa56Hvdj3hotzi75_G5_bD2g41TlHIcO3-cnKUzymEpgwYe-Ftd1bges...

170 B
188 B

33ms
32ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA4MTgwOTUwMzQwMDAyMzQ5MzA5NTczNg%3D%3D&google_push=AYg5qPKHXdGa2-aa56Hvdj3hotzi75_G5_bD2g41TlHIcO3-cnKUzymEpgwYe-Ftd1bgess0jRUIakA5--rgx2I3OKHtPT4jOiFb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:50:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA4MTgwOTUwMzQwMDAyMzQ5MzA5NTczNg%3D%3D&google_push=AYg5qPKHXdGa2-aa56Hvdj3hotzi75_G5_bD2g41TlHIcO3-cnKUzymEpgwYe-Ftd1bgess0jRUIakA5--rgx2I3OKHtPT4jOiFb
pragma: no-cache
date: Wed, 18 Aug 2021 09:50:34 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Wed, 18 Aug 2021 09:50:34 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame B16D 43 B
608 B 58ms
22ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESELWrBDdw2LJTHNd2t7TqQaM&google_push=AYg5qPItkkPGG7_F9NZT-PB2Gx4YE-511n3Sbe1tIsqrNGViGrGcADtUK4MfChb3GGPDFLkeQetz39ewyytiAx-cPxGb_ksHB-M&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=3957504909&pi=t.aa~a.4090112390~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600&nras=3&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=2281&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=4Pf4QTHbjr&p=https%3A//three-back.work&dtd=55
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:50:34 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame B16D
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEHg5rAfGdPm_Y5oPCWAqgPo&google_cver=1&google_push=AYg5qPK7OVsqojWZ96EliR5vQdThb15tOTJjj6IAE1x2Bm6HqN0SR-w36r6AZz3XTxWV1-UgqH704VmD-H5PG3BhwDEmaFh-Fbk5
https://rtb.openx.net/sync/dds?google_gid=CAESEHg5rAfGdPm_Y5oPCWAqgPo&google_cver=1&google_push=AYg5qPK7OVsqojWZ96EliR5vQdThb15tOTJjj6IAE1x2Bm6HqN0SR-w36r6AZz3XTxWV1-UgqH704VmD-H5PG3BhwDEmaFh-Fbk5&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPK7OVsqojWZ96EliR5vQdThb15tOTJjj6IAE1x2Bm6HqN0SR-w36r6AZz3XTxWV1-UgqH704VmD-H5PG3BhwDEmaFh-Fbk5&google_hm=exy3Kn3NzqAoBldB1m78Tw==

170 B
188 B

64ms
37ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPK7OVsqojWZ96EliR5vQdThb15tOTJjj6IAE1x2Bm6HqN0SR-w36r6AZz3XTxWV1-UgqH704VmD-H5PG3BhwDEmaFh-Fbk5&google_hm=exy3Kn3NzqAoBldB1m78Tw==

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=3957504909&pi=t.aa~a.4090112390~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600&nras=3&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=2281&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=4Pf4QTHbjr&p=https%3A//three-back.work&dtd=55

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:50:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:50:33 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPK7OVsqojWZ96EliR5vQdThb15tOTJjj6IAE1x2Bm6HqN0SR-w36r6AZz3XTxWV1-UgqH704VmD-H5PG3BhwDEmaFh-Fbk5&google_hm=exy3Kn3NzqAoBldB1m78Tw==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: ltqtiv7snqlkkrohtveovdas4hrknkk8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame B16D
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ngv9LWK5QjWlCjyl7-S-rQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

61ms
31ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ngv9LWK5QjWlCjyl7-S-rQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPK02tj34hO8CSLU-xzOPgnSmcAnlDzxwhRt1vuwTLtN0i73qxyLwb7xSBQsUcsv-qWC7ZkuqKj9nYryNp3cRI2C4UP4ZWNr

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=3957504909&pi=t.aa~a.4090112390~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600&nras=3&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=2281&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=4Pf4QTHbjr&p=https%3A//three-back.work&dtd=55

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:50:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ngv9LWK5QjWlCjyl7-S-rQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPK02tj34hO8CSLU-xzOPgnSmcAnlDzxwhRt1vuwTLtN0i73qxyLwb7xSBQsUcsv-qWC7ZkuqKj9nYryNp3cRI2C4UP4ZWNr
date: Wed, 18 Aug 2021 09:50:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame B16D
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFGQH0lV8x0FK8pHGHx7I68&google_cver=1&google_push=AYg5qPIUsOKVjutlQJsrHfyvr1ARXQCc8w_Jc3wyJC4wtZg8WJNdW661JbMJeHct1T8AKzHgCzZ...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NIQkRVSkotUC02SzIx&google_push=AYg5qPIUsOKVjutlQJsrHfyvr1ARXQCc8w_Jc3wyJC4wtZg8WJNdW661JbMJeHct1T8AKzHgCzZHjLTcRQf0hzN7lNtDEXjEEdhP

170 B
188 B

46ms
40ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NIQkRVSkotUC02SzIx&google_push=AYg5qPIUsOKVjutlQJsrHfyvr1ARXQCc8w_Jc3wyJC4wtZg8WJNdW661JbMJeHct1T8AKzHgCzZHjLTcRQf0hzN7lNtDEXjEEdhP

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=3957504909&pi=t.aa~a.4090112390~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600&nras=3&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=2281&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=4Pf4QTHbjr&p=https%3A//three-back.work&dtd=55

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:50:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NIQkRVSkotUC02SzIx&google_push=AYg5qPIUsOKVjutlQJsrHfyvr1ARXQCc8w_Jc3wyJC4wtZg8WJNdW661JbMJeHct1T8AKzHgCzZHjLTcRQf0hzN7lNtDEXjEEdhP
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame B16D
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SW...

0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame B16D 0
253 B 87ms
30ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lhro32Pom9pqPBtOM_6SMoRO6nSE6o4ike5iU0dSbcLykXTzj_A1_8D9ymtZsCqBX0OV3G

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-1581705282178552&output=html&h=600&adk=1857935866&adf=3957504909&pi=t.aa~a.4090112390~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1629280233&rafmt=1&to=qs&pwprc=1466749975&psa=0&format=300x600&url=https%3A%2F%2Fthree-back.work%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629280233588&bpp=1&bdt=2328&idt=-M&shv=r20210812&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd7e780508231cab4-225fefb1adc900a2%3AT%3D1629280232%3ART%3D1629280232%3AS%3DALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg&prev_fmts=0x0%2C800x201%2C800x201%2C300x169%2C300x600&nras=3&correlator=3278037866339&frm=20&pv=1&ga_vid=1698418937.1629280233&ga_sid=1629280233&ga_hid=2025104867&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1080&ady=2281&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C20211866%2C31062180%2C31062297&oid=3&psts=AGkb-H8l-v50D8pTVih0LmuwpKnDjnmZGUUOUNhcLHaxpYI71UcA1QMTPDFZalXszFygNnbA9VSDyB-dGQuFsA&pvsid=2501388766877624&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=4Pf4QTHbjr&p=https%3A//three-back.work&dtd=55

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:34 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame F031 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: da970a0b40bfb5aa803a12428e662b2c776c93afad703b536a0ec4cb46835680

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 default.css
ad4m.at/0.1.124-320/style/one-ad/ Frame 931A 58 KB
59 KB 69ms
38ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/0.1.124-320/style/one-ad/default.css
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1jkg9qg818kntmkn4ejv6n464x8hb64vf6phjagr80pb0ek93k6j1dwr82eacgc45bpcgebak5bscn7v1stykm7ptmhzceevwgy7j1w920kd4j6wywjqk9x96yb8f7f781jz7017af06e4g0516sdrcstwnw2hsztp823whgrre1pyg8dshygsw7cjbmm81gvrweyhms6faevs1162mv1q3c75gkm04ake13mhzmve5y2n02crnn5wmt3jp6xge9phm511xtmm05e06wjf836s6ncnbnyhz42ybrb4pkmtd9b8ngg2jkgzg8rt6apz1g1tws93t29gktgt7jbvn0epbyqzy0788qbjce17d540syndwv78a4zzgfja74f8g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%26client%3Dca-pub-1581705282178552%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 494627acb3c86254c238efaf66afcaf30d4293c7512a37a72b51a380d55e3880

Request headers

Referer: https://ad4m.at/ad/dr?ed=1jkg9qg818kntmkn4ejv6n464x8hb64vf6phjagr80pb0ek93k6j1dwr82eacgc45bpcgebak5bscn7v1stykm7ptmhzceevwgy7j1w920kd4j6wywjqk9x96yb8f7f781jz7017af06e4g0516sdrcstwnw2hsztp823whgrre1pyg8dshygsw7cjbmm81gvrweyhms6faevs1162mv1q3c75gkm04ake13mhzmve5y2n02crnn5wmt3jp6xge9phm511xtmm05e06wjf836s6ncnbnyhz42ybrb4pkmtd9b8ngg2jkgzg8rt6apz1g1tws93t29gktgt7jbvn0epbyqzy0788qbjce17d540syndwv78a4zzgfja74f8g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%26client%3Dca-pub-1581705282178552%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=/Fheiw==, md5=iazLgrLD9V76ltPySV8jTQ==
date: Wed, 18 Aug 2021 09:50:34 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4403896
cf-polished: origSize=59196
x-guploader-uploadid: ADPycdtkioITd9kON3MDPr-nVhtDYZvM5BcWwBJS7eF-ZszN4EdBaLdVcBmWoP0vGtgvogL9Lz8Tib9QpKYbbvav9lA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 58969
last-modified: Mon, 28 Jun 2021 10:31:59 GMT
server: cloudflare
etag: "89accb82b2c3f55efa96d3f2495f234d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O3uyk%2FKvhmhOG0lZLo%2BrdNkPhSEMUxdMPT0BllsdHYWooIwD%2FtlQtTfMXQI5JSRZfnTESgF1cT6qSO7olBdSCp2hWdQ%2FJ2BtMI30etulcyAp7%2FM8w63AE%2FKAFkbpuEkxPqnIyhU%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1624876319573767
content-type: text/css
expires: Tue, 28 Jun 2022 10:32:18 GMT
cache-control: public, max-age=31536000, no-transform
x-goog-stored-content-length: 6688
accept-ranges: bytes
cf-ray: 680a3d17f9401756-FRA
cf-bgj: minify

GET
H3-29 200 fxpcopuw.js Show response
ad4m.at/ Frame 931A 36 KB
13 KB 61ms
30ms Script
application/javascript 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/fxpcopuw.js
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1jkg9qg818kntmkn4ejv6n464x8hb64vf6phjagr80pb0ek93k6j1dwr82eacgc45bpcgebak5bscn7v1stykm7ptmhzceevwgy7j1w920kd4j6wywjqk9x96yb8f7f781jz7017af06e4g0516sdrcstwnw2hsztp823whgrre1pyg8dshygsw7cjbmm81gvrweyhms6faevs1162mv1q3c75gkm04ake13mhzmve5y2n02crnn5wmt3jp6xge9phm511xtmm05e06wjf836s6ncnbnyhz42ybrb4pkmtd9b8ngg2jkgzg8rt6apz1g1tws93t29gktgt7jbvn0epbyqzy0788qbjce17d540syndwv78a4zzgfja74f8g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%26client%3Dca-pub-1581705282178552%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f300e7fc0bc0e049e8620e1b8d85d1857b3a7af9492090f20f4b0366ef42353

Request headers

Referer: https://ad4m.at/ad/dr?ed=1jkg9qg818kntmkn4ejv6n464x8hb64vf6phjagr80pb0ek93k6j1dwr82eacgc45bpcgebak5bscn7v1stykm7ptmhzceevwgy7j1w920kd4j6wywjqk9x96yb8f7f781jz7017af06e4g0516sdrcstwnw2hsztp823whgrre1pyg8dshygsw7cjbmm81gvrweyhms6faevs1162mv1q3c75gkm04ake13mhzmve5y2n02crnn5wmt3jp6xge9phm511xtmm05e06wjf836s6ncnbnyhz42ybrb4pkmtd9b8ngg2jkgzg8rt6apz1g1tws93t29gktgt7jbvn0epbyqzy0788qbjce17d540syndwv78a4zzgfja74f8g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%26client%3Dca-pub-1581705282178552%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=fzoyzw==, md5=7HLiqqlHKRUcSK8SewDc4g==
date: Wed, 18 Aug 2021 09:50:34 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 8839
x-guploader-uploadid: ADPycdtbm5HZ6tZ2a49vLW4oHo5Y2VTbyNWKulUbx6169BTxjkLd7GvsJmKrHg2B3vcV0e4J7QXZdq3OJPPym_ks9w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 10 Aug 2021 10:08:16 GMT
server: cloudflare
etag: W/"ec72e2aaa94729151c48af127b00dce2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y98gRMZpMRd%2BAuW8ne6lLUSbBK%2Fap992nEH2LF%2BM5zH7zGNv818djlmfRJ0%2BXhSfUOdfWJ2PGQP64SrZDuS2gepFNfYtCwE8eTqLmirNwdRlfqWeKWKK95RfXlRv9YhbHqAsqm0%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1628590096242097
content-type: application/javascript; charset=utf-8
expires: Wed, 18 Aug 2021 07:23:15 GMT
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 11933
cf-ray: 680a3d17f93b1756-FRA
cf-bgj: minify

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 931A 3 KB
4 KB 41ms
24ms Image
image/png 2606:4700:3032::ac43:aa7a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: ad4m.at
URL: https://ad4m.at/0.1.124-320/style/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:aa7a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

Referer: https://ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
date: Wed, 18 Aug 2021 09:50:34 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6037852
x-guploader-uploadid: ABg5-UzzLZaEcDbjdbhukLGh7tDKAZOMFJOiU4iHwOPl8QLDCjazkiciYkkK8qFWGCtZPjDfwbZeIl1PxPDK-jxIb2s
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2F7RfLqyfAiq2sRv44vjRlMS5AdKmFXN14TErDZXfjRu%2FvPYl8d7oEd5zxNLZRP38VBKE84dfFo387jQBdhhDTt7L6sx7uIdgi3Gya1fqQqbSWc%2BrDhzkTCyioDxQy4lzJJgTmEVQPSfpcXo%2Ff9UeZbuAA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1623242114099744
content-type: image/png
cache-control: public, max-age=31536000, immutable
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 680a3d18798d4a74-FRA
expires: Thu, 09 Jun 2022 12:39:42 GMT

GET
H2 200 1f308.svg
s.w.org/images/core/emoji/13.1.0/svg/ 733 B
568 B 50ms
15ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.1.0/svg/1f308.svg

Requested by

Host: three-back.work
URL: https://three-back.work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

555858f907bda45e059201a8a3d8910876ef8d830b9b82cfc0ca9aa55c7b029a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Wed, 18 Aug 2021 09:50:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 07 Jun 2021 18:51:02 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1f4c8.svg
s.w.org/images/core/emoji/13.1.0/svg/ 993 B
572 B 50ms
16ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.1.0/svg/1f4c8.svg

Requested by

Host: three-back.work
URL: https://three-back.work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

a8825c811f91f376b19ffcc0ddf9aab79c0009ce4cc4a680fe6e81c8eaf469a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Wed, 18 Aug 2021 09:50:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 07 Jun 2021 18:50:45 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1f530.svg
s.w.org/images/core/emoji/13.1.0/svg/ 461 B
523 B 50ms
16ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.1.0/svg/1f530.svg

Requested by

Host: three-back.work
URL: https://three-back.work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

b9658459005738134ebf34fcb1882a79e05339193f0f2df065850966069f9c5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Wed, 18 Aug 2021 09:50:34 GMT
x-content-type-options: nosniff
last-modified: Mon, 07 Jun 2021 18:52:47 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 461
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frame.html Show response
ad4m.at/ Frame 2B05 2 KB
2 KB 16ms
16ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad4m.at/ad/dr?ed=1jkg9qg818kntmkn4ejv6n464x8hb64vf6phjagr80pb0ek93k6j1dwr82eacgc45bpcgebak5bscn7v1stykm7ptmhzceevwgy7j1w920kd4j6wywjqk9x96yb8f7f781jz7017af06e4g0516sdrcstwnw2hsztp823whgrre1pyg8dshygsw7cjbmm81gvrweyhms6faevs1162mv1q3c75gkm04ake13mhzmve5y2n02crnn5wmt3jp6xge9phm511xtmm05e06wjf836s6ncnbnyhz42ybrb4pkmtd9b8ngg2jkgzg8rt6apz1g1tws93t29gktgt7jbvn0epbyqzy0788qbjce17d540syndwv78a4zzgfja74f8g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%26client%3Dca-pub-1581705282178552%26adurl%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad4m.at/ad/dr?ed=1jkg9qg818kntmkn4ejv6n464x8hb64vf6phjagr80pb0ek93k6j1dwr82eacgc45bpcgebak5bscn7v1stykm7ptmhzceevwgy7j1w920kd4j6wywjqk9x96yb8f7f781jz7017af06e4g0516sdrcstwnw2hsztp823whgrre1pyg8dshygsw7cjbmm81gvrweyhms6faevs1162mv1q3c75gkm04ake13mhzmve5y2n02crnn5wmt3jp6xge9phm511xtmm05e06wjf836s6ncnbnyhz42ybrb4pkmtd9b8ngg2jkgzg8rt6apz1g1tws93t29gktgt7jbvn0epbyqzy0788qbjce17d540syndwv78a4zzgfja74f8g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%26client%3Dca-pub-1581705282178552%26adurl%3D

Response headers

date: Wed, 18 Aug 2021 09:50:34 GMT
content-type: text/html
x-guploader-uploadid: ABg5-UyHG4nMyrBK5WNqT49HT3fkOWy09Qi7AMHmefEGKv6EedjpZshPX4m1mr0_df4AnWlv4nSV1j8tT1-PHgSflkckYhyoGQ
expires: Wed, 18 Aug 2021 10:50:34 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 2120076
cache-control: public, max-age=3600
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G8mkUBVid38ouV3OuMMBxz19brcyLvaR5yQpygv4ZEui97vJFTESpHxzmaUw5by4WzRjTDL3Ygt2ZiaxtNv82uyl%2B80pcga53U1kMovm3opQ6Xvq8NOZw%2FJg%2FLtCZCkf1w%2Fruc8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 680a3d1869e21756-FRA
content-encoding: br

POST
H2 204 matomo.php
three-back.work/miulabo/ 0
61 B 375ms
374ms Ping
text/html 150.95.54.210
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://three-back.work/miulabo/matomo.php?action_name=FX%E8%87%AA%E5%8B%95%E5%A3%B2%E8%B2%B7blog%EF%BD%9C%E3%81%BF%E3%81%86%E3%83%A9%E3%83%9C&idsite=1&rec=1&r=775526&h=11&m=50&s=34&url=https%3A%2F%2Fthree-back.work%2F&_id=ab182b2aa8b275d7&_idn=1&_refts=0&send_image=0&cookie=1&res=1600x1200&pv_id=Iozubm&pf_net=0&pf_srv=538&pf_tfr=239&pf_dm1=3009
Requested by: Host: three-back.work
URL: https://three-back.work/miulabo/matomo.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.95.54.210 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: jp37a.mixhost.jp
Software: LiteSpeed /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-fetch-mode: no-cors
origin: https://three-back.work
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: FCCDCF=[null,null,["[[],[],[],[],null,null,true]",1629280232820],null,null]; __gads=ID=d7e780508231cab4-225fefb1adc900a2:T=1629280232:RT=1629280232:S=ALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg; _pk_id.1.ec7d=ab182b2aa8b275d7.1629280234.; _pk_ses.1.ec7d=1
content-length: 0
:path: /miulabo/matomo.php?action_name=FX%E8%87%AA%E5%8B%95%E5%A3%B2%E8%B2%B7blog%EF%BD%9C%E3%81%BF%E3%81%86%E3%83%A9%E3%83%9C&idsite=1&rec=1&r=775526&h=11&m=50&s=34&url=https%3A%2F%2Fthree-back.work%2F&_id=ab182b2aa8b275d7&_idn=1&_refts=0&send_image=0&cookie=1&res=1600x1200&pv_id=Iozubm&pf_net=0&pf_srv=538&pf_tfr=239&pf_dm1=3009
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/x-www-form-urlencoded; charset=utf-8
accept: */*
cache-control: no-cache
:authority: three-back.work
referer: https://three-back.work/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

access-control-allow-origin: https://three-back.work
date: Wed, 18 Aug 2021 09:50:34 GMT
access-control-allow-credentials: true
server: LiteSpeed
content-type: text/html; charset=UTF-8

POST
H3-29 200 rs Show response
ad4m.at/ Frame 931A 1 KB
2 KB 31ms
31ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eada0199611ed64855c05adeebf971b38929fe8ddf0882e1faf69eb7581b2a3b

Request headers

Referer: https://ad4m.at/ad/dr?ed=1jkg9qg818kntmkn4ejv6n464x8hb64vf6phjagr80pb0ek93k6j1dwr82eacgc45bpcgebak5bscn7v1stykm7ptmhzceevwgy7j1w920kd4j6wywjqk9x96yb8f7f781jz7017af06e4g0516sdrcstwnw2hsztp823whgrre1pyg8dshygsw7cjbmm81gvrweyhms6faevs1162mv1q3c75gkm04ake13mhzmve5y2n02crnn5wmt3jp6xge9phm511xtmm05e06wjf836s6ncnbnyhz42ybrb4pkmtd9b8ngg2jkgzg8rt6apz1g1tws93t29gktgt7jbvn0epbyqzy0788qbjce17d540syndwv78a4zzgfja74f8g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%26client%3Dca-pub-1581705282178552%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

cf-ray: 680a3d189a231756-FRA
date: Wed, 18 Aug 2021 09:50:34 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3HuiD5Rsww%2FigcQRmb4Ac52zMIK0pMZ0CAFVB1eF4hFuOojlxmOShPwAk6TrZo4Igzanj%2FJ9zpbDFoqbMPBv8Lfzs7wKrahmGsRF99YmLOolrkiEYNS30i2SSL54eJqIIYcwtNI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://ad4m.at
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-credentials: true
content-encoding: br
x-backend-server: rs-rvz5

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 28ms
27ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210812&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46ad6d89c2898629699bd5138d66f90def883b173fb8f24ad11d5b4da57e7afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 Aug 2021 09:50:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8642
x-xss-protection: 0

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame 7422 9 KB
4 KB 29ms
28ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=300&d=600&e=&g=8903cc4f60c22ddcee924b2a5ca3a8b9%2F17536670683614950352&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22c5d6611be5mgz1rk94akxss2mnp1d3srn88zaaj65dr4snmp2d76kfx4mhst05e4wdrm6nsy0te1tmkr65nzwp0jmvvvgrp4pm8y49khf92nwg6peyk8zknze50fyej8mag6wewhz8fe08b5s5tkkky1z50bdqpnx37myp03s6dr6hsxxykdczvs59h6djt11s6pw6w5h51p1zzge5c0ttsdhv44w4ms2gx2b8dv39t1kpm9yx7qgzn2qxwb8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%2526client%253Dca-pub-1581705282178552%2526adurl%253D&y=0&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ba09e3c96399bf9a6f0a1c4f12351501d42e4f8e2cd97ffdf0a9650e7b16784

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=300&d=600&e=&g=8903cc4f60c22ddcee924b2a5ca3a8b9%2F17536670683614950352&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22c5d6611be5mgz1rk94akxss2mnp1d3srn88zaaj65dr4snmp2d76kfx4mhst05e4wdrm6nsy0te1tmkr65nzwp0jmvvvgrp4pm8y49khf92nwg6peyk8zknze50fyej8mag6wewhz8fe08b5s5tkkky1z50bdqpnx37myp03s6dr6hsxxykdczvs59h6djt11s6pw6w5h51p1zzge5c0ttsdhv44w4ms2gx2b8dv39t1kpm9yx7qgzn2qxwb8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%2526client%253Dca-pub-1581705282178552%2526adurl%253D&y=0&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:34 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 680a3d18db1e05f1-FRA
content-encoding: br

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Wed, 18 Aug 2021 09:50:34 GMT

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.7/one-ad/ Frame 7422 64 KB
8 KB 21ms
20ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.7/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=300&d=600&e=&g=8903cc4f60c22ddcee924b2a5ca3a8b9%2F17536670683614950352&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22c5d6611be5mgz1rk94akxss2mnp1d3srn88zaaj65dr4snmp2d76kfx4mhst05e4wdrm6nsy0te1tmkr65nzwp0jmvvvgrp4pm8y49khf92nwg6peyk8zknze50fyej8mag6wewhz8fe08b5s5tkkky1z50bdqpnx37myp03s6dr6hsxxykdczvs59h6djt11s6pw6w5h51p1zzge5c0ttsdhv44w4ms2gx2b8dv39t1kpm9yx7qgzn2qxwb8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%2526client%253Dca-pub-1581705282178552%2526adurl%253D&y=0&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c35529095f6b1a1b2f9345e8d7e86532048ffbfdd082f03ed114be88865388df

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=300&d=600&e=&g=8903cc4f60c22ddcee924b2a5ca3a8b9%2F17536670683614950352&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22c5d6611be5mgz1rk94akxss2mnp1d3srn88zaaj65dr4snmp2d76kfx4mhst05e4wdrm6nsy0te1tmkr65nzwp0jmvvvgrp4pm8y49khf92nwg6peyk8zknze50fyej8mag6wewhz8fe08b5s5tkkky1z50bdqpnx37myp03s6dr6hsxxykdczvs59h6djt11s6pw6w5h51p1zzge5c0ttsdhv44w4ms2gx2b8dv39t1kpm9yx7qgzn2qxwb8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%2526client%253Dca-pub-1581705282178552%2526adurl%253D&y=0&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:50:34 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 12
cf-polished: origSize=65497
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: Wed, 18 Aug 2021 10:50:34 GMT
last-modified: Mon, 09 Aug 2021 09:04:24 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=3600
cf-ray: 680a3d191ae21756-FRA
cf-bgj: minify

GET
H2 200 B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
assets.ad4m.at/logo/ Frame 7422 18 KB
19 KB 30ms
27ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=300&d=600&e=&g=8903cc4f60c22ddcee924b2a5ca3a8b9%2F17536670683614950352&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22c5d6611be5mgz1rk94akxss2mnp1d3srn88zaaj65dr4snmp2d76kfx4mhst05e4wdrm6nsy0te1tmkr65nzwp0jmvvvgrp4pm8y49khf92nwg6peyk8zknze50fyej8mag6wewhz8fe08b5s5tkkky1z50bdqpnx37myp03s6dr6hsxxykdczvs59h6djt11s6pw6w5h51p1zzge5c0ttsdhv44w4ms2gx2b8dv39t1kpm9yx7qgzn2qxwb8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%2526client%253Dca-pub-1581705282178552%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=GT8dCw==, md5=4YyWNM3TGeacJ2VHXynNEw==
date: Wed, 18 Aug 2021 09:50:34 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 990408
cf-polished: origFmt=png, origSize=35453
x-guploader-uploadid: ADPycdu8yFNSVixOkzyVy-xS6S5hRAwVn-9Oz6_PXiPiU9sxlRPRwyMKBYIwy26hEHJe9l1jbKPrU_cl315Z4yjT_iCtb-iZ7g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 18872
last-modified: Mon, 18 May 2020 12:30:29 GMT
server: cloudflare
etag: "e18c9634cdd319e69c2765475f29cd13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wiCYQYLNU%2FDY6zJJ5wOJT9qxJDyjyLZ1Nu0gBYswZ4wVwh9Lh7eGDa2W%2BNlSifPy1aS1bUq%2FEU7Lvk4w3iwHBlggl0cbxOU8aayAHzsM9xrTxm5jCq8UCkvXb%2F8anx1MrqXvB5PmH7FMN0Lc"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1589805029334103
content-type: image/webp
expires: Thu, 19 Aug 2021 09:50:34 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 35453
accept-ranges: bytes
cf-ray: 680a3d191bc705f1-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
assets.ad4m.at/product_image/ Frame 7422 2 KB
2 KB 30ms
28ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=300&d=600&e=&g=8903cc4f60c22ddcee924b2a5ca3a8b9%2F17536670683614950352&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22c5d6611be5mgz1rk94akxss2mnp1d3srn88zaaj65dr4snmp2d76kfx4mhst05e4wdrm6nsy0te1tmkr65nzwp0jmvvvgrp4pm8y49khf92nwg6peyk8zknze50fyej8mag6wewhz8fe08b5s5tkkky1z50bdqpnx37myp03s6dr6hsxxykdczvs59h6djt11s6pw6w5h51p1zzge5c0ttsdhv44w4ms2gx2b8dv39t1kpm9yx7qgzn2qxwb8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%2526client%253Dca-pub-1581705282178552%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a1fd9f71c69648edfe742cc8b1d2141a95d063e630aaa06a5cdf5faa50650d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=bJ9ALA==, md5=ejqY/mc9t7JQK9XG0TFuLA==
date: Wed, 18 Aug 2021 09:50:34 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 411172
cf-polished: origFmt=png, origSize=4031
x-guploader-uploadid: ADPycdtQ4jeKY8sLPiWjVJTUwFnbYCLm6B0tmmx49bCaKsEH0AqAmcOOsH9s-nWMC5gR9JVGMV7JupvfQVoNrIgX8Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1598
last-modified: Wed, 20 Jan 2021 17:03:56 GMT
server: cloudflare
etag: "7a3a98fe673db7b2502bd5c6d1316e2c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uj%2FGQcILbmUPhO1sRDur%2FtXmv9%2BGkX1ci%2FsBPNQbYMUra8HbJ6%2FbT4ITQzS92%2BqmHCz4hI%2BcYskfmvNzW0uRelR95%2FCPIUs%2B5X2yIMenfQfM7AAlc7tTZZFmaUg4LQ6rEzBzbnlpbgAaT8iZ"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1611162235947637
content-type: image/webp
expires: Thu, 19 Aug 2021 09:50:34 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 4031
accept-ranges: bytes
cf-ray: 680a3d191bbe05f1-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 7422 43 B
705 B 122ms
71ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519498&v=14098&q=368694&r=412871&pv=1&pref3=oneide7RC3fVfxBVcjHZHet1teW3sjTQTx8Joneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 18 Aug 2021 09:50:34 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
assets.ad4m.at/logo/ Frame 7422 38 KB
39 KB 35ms
34ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=300&d=600&e=&g=8903cc4f60c22ddcee924b2a5ca3a8b9%2F17536670683614950352&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22c5d6611be5mgz1rk94akxss2mnp1d3srn88zaaj65dr4snmp2d76kfx4mhst05e4wdrm6nsy0te1tmkr65nzwp0jmvvvgrp4pm8y49khf92nwg6peyk8zknze50fyej8mag6wewhz8fe08b5s5tkkky1z50bdqpnx37myp03s6dr6hsxxykdczvs59h6djt11s6pw6w5h51p1zzge5c0ttsdhv44w4ms2gx2b8dv39t1kpm9yx7qgzn2qxwb8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%2526client%253Dca-pub-1581705282178552%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=EKOc3w==, md5=wqT4IuWoMfO1yrOci8rmHQ==
date: Wed, 18 Aug 2021 09:50:34 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 375991
cf-polished: origFmt=png, origSize=44613
x-guploader-uploadid: ADPycdtBFoOXl0DgvcLsrwDY2OH8h9Hpqvp4cn5FQalt_RjVy00YKIoYtXnJd3ZVDSi54i2j9YZAm1_RWaFEGJgDASR0imFG0w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 39202
last-modified: Wed, 22 Jan 2020 13:11:41 GMT
server: cloudflare
etag: "c2a4f822e5a831f3b5cab39c8bcae61d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nHY6FmFg1nSC%2BkBOwk3trWD9FYj2s463P37Huila05J4Vn0RjjRR4UfAg8GV2S1UO4MNI3y9aWDdcYEMFvOmrErFSueYD6TZK4NZDq6NEv3Ea8Clu9iyAjOsaZL%2BU10na6nOF6RiSTnxNc3B"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698701189315
content-type: image/webp
expires: Thu, 19 Aug 2021 09:50:34 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 44613
accept-ranges: bytes
cf-ray: 680a3d191bca05f1-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
assets.ad4m.at/ Frame 7422 113 KB
113 KB 121ms
120ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=300&d=600&e=&g=8903cc4f60c22ddcee924b2a5ca3a8b9%2F17536670683614950352&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22c5d6611be5mgz1rk94akxss2mnp1d3srn88zaaj65dr4snmp2d76kfx4mhst05e4wdrm6nsy0te1tmkr65nzwp0jmvvvgrp4pm8y49khf92nwg6peyk8zknze50fyej8mag6wewhz8fe08b5s5tkkky1z50bdqpnx37myp03s6dr6hsxxykdczvs59h6djt11s6pw6w5h51p1zzge5c0ttsdhv44w4ms2gx2b8dv39t1kpm9yx7qgzn2qxwb8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%2526client%253Dca-pub-1581705282178552%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=UWAYGw==, md5=A1esecs/9FudVn6rgMfjTA==
date: Wed, 18 Aug 2021 09:50:34 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 554808
cf-polished: origFmt=png, origSize=136328
x-guploader-uploadid: ADPycdtIzq_vJ5nFb2W5tssU-MDbTl1QbIm93RCyJfrmPzu-97-yWEwMzhk-34f3i-RKCXR0otX6ULdnrF6ohpilzg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 115268
last-modified: Tue, 29 Oct 2019 09:42:57 GMT
server: cloudflare
etag: "0357ac79cb3ff45b9d567eab80c7e34c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lGSaqFSyYWaLKN9Qn9jZQYxUgMcYEwSWZg%2BIo3Wu0hdoFUcJ1nZ5BOd5U47PdEa7y2tws5Cig4MD0qh%2BwycEzM2O8S14pjBrXc5AEycUGRk3La90e1GNWtoYf93xnGRlasnbtaDuYWOAXxJb"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1572342177666668
content-type: image/webp
expires: Thu, 19 Aug 2021 09:50:34 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 136328
accept-ranges: bytes
cf-ray: 680a3d191bcb05f1-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 7422 43 B
702 B 123ms
73ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2338586&v=11830&q=357066&r=412871&pv=1&pref3=oneide7RC3fVfYpcjHZHet1tbrzUjTQTx8Joneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 18 Aug 2021 09:50:34 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 188CB8AAD064EA4A8191591B373E95EFBB15091EC45B736DE282B2519499BCCBCAB6FDEDC5113C2A7BE7DE03216809B9DDF8A0A0594CFE95168D455C315D4410
assets.ad4m.at/logo/ Frame 7422 8 KB
9 KB 53ms
52ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/188CB8AAD064EA4A8191591B373E95EFBB15091EC45B736DE282B2519499BCCBCAB6FDEDC5113C2A7BE7DE03216809B9DDF8A0A0594CFE95168D455C315D4410
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=300&d=600&e=&g=8903cc4f60c22ddcee924b2a5ca3a8b9%2F17536670683614950352&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22c5d6611be5mgz1rk94akxss2mnp1d3srn88zaaj65dr4snmp2d76kfx4mhst05e4wdrm6nsy0te1tmkr65nzwp0jmvvvgrp4pm8y49khf92nwg6peyk8zknze50fyej8mag6wewhz8fe08b5s5tkkky1z50bdqpnx37myp03s6dr6hsxxykdczvs59h6djt11s6pw6w5h51p1zzge5c0ttsdhv44w4ms2gx2b8dv39t1kpm9yx7qgzn2qxwb8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%2526client%253Dca-pub-1581705282178552%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e49b984d20b3e7cb3f2c4a08805dc3f66bb8a58ec08c365d0cf955dd57c77c7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=tG7Jcw==, md5=BMt+wgXOo1EVeu/7mY86hQ==
date: Wed, 18 Aug 2021 09:50:34 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 330641
cf-polished: qual=85, origFmt=jpeg, origSize=16723
x-guploader-uploadid: ADPycdtxzSVIJa5wj3PhN0y8BU0kW3aZvFumakmQJSXhWlpBfaVvoT0Dj1OBDv_OZQFr8a89Gelq79MufLskX2eTfA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 8354
last-modified: Wed, 22 Jan 2020 13:13:07 GMT
server: cloudflare
etag: "04cb7ec205cea351157aeffb998f3a85"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1kvz8QPlJGS0zHxYGzeAjLRiahsZE1xtktbQYIgqsuh6QEgbLyHW0e0ppBskvQGTNxuJu23RvwQHbhVegcLFT6pyRtmbe4SaIlVM9ubV1cCMCJB4SJ1RpPsCSZ5bo5NiUMyCMnKLgjtL3rp0"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698787150900
content-type: image/webp
expires: Thu, 19 Aug 2021 09:50:34 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 16723
accept-ranges: bytes
cf-ray: 680a3d191bcd05f1-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 F49C2EAC44796C3CC36B7EB8176E57DD4979BB6953D52AE3EC354AC4722C65BE111766AA7B1FD623B46255E02B9A1FD3C70187E6A3B399F7EA1DA8FBFD78D485
assets.ad4m.at/ Frame 7422 35 KB
35 KB 105ms
104ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/F49C2EAC44796C3CC36B7EB8176E57DD4979BB6953D52AE3EC354AC4722C65BE111766AA7B1FD623B46255E02B9A1FD3C70187E6A3B399F7EA1DA8FBFD78D485
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=300&d=600&e=&g=8903cc4f60c22ddcee924b2a5ca3a8b9%2F17536670683614950352&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22c5d6611be5mgz1rk94akxss2mnp1d3srn88zaaj65dr4snmp2d76kfx4mhst05e4wdrm6nsy0te1tmkr65nzwp0jmvvvgrp4pm8y49khf92nwg6peyk8zknze50fyej8mag6wewhz8fe08b5s5tkkky1z50bdqpnx37myp03s6dr6hsxxykdczvs59h6djt11s6pw6w5h51p1zzge5c0ttsdhv44w4ms2gx2b8dv39t1kpm9yx7qgzn2qxwb8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%2526client%253Dca-pub-1581705282178552%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ffbf2d2525e0baabd5fdf5289510e03e86ccb28dc9767ef58bf483077f3bfc75

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=DWwdxw==, md5=nrQF3oFd2dnh8eRzIt323A==
date: Wed, 18 Aug 2021 09:50:34 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 553617
cf-polished: qual=85, origFmt=jpeg, origSize=40264
x-guploader-uploadid: ADPycdvvB6uzlBf85gejyOnLrDvuwZhKKXK1VpRUY0xBynHYzO5RBpdKXBT98Jm2FqkCYGe3d9ZkzSmbZtG7j1wbF8ydhTdT7A
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 35504
last-modified: Wed, 19 Feb 2020 17:37:15 GMT
server: cloudflare
etag: "9eb405de815dd9d9e1f1e47322ddf6dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4kILVrdAGl6eSc%2FR%2BYqfXl81aaNJG9YmBIf%2B%2FCSqrxl5Ef9z0kEHcyBleGWx8%2FFz3z3Z56cC7EmG3xeQ0umEvg8WvmXX9J2K8JvY0vKtORcvH0%2FwJZdxQXGp94gq1ujqRgxi6BmrN9JTiwLO"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1582133835673152
content-type: image/webp
expires: Thu, 19 Aug 2021 09:50:34 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 40264
accept-ranges: bytes
cf-ray: 680a3d191bd805f1-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1

200

/
banner.congstar.de/cookie/ Frame 7422
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%...
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CNfR9uyluvICFZRx4AodU-ALDw;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_d...
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1629280234_bbbc7ac0-0009-11ec-bfe3-692d0dec5663

0
518 B

96ms
31ms

Image
text/plain

148.251.139.77
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1629280234_bbbc7ac0-0009-11ec-bfe3-692d0dec5663
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=300&d=600&e=&g=8903cc4f60c22ddcee924b2a5ca3a8b9%2F17536670683614950352&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22c5d6611be5mgz1rk94akxss2mnp1d3srn88zaaj65dr4snmp2d76kfx4mhst05e4wdrm6nsy0te1tmkr65nzwp0jmvvvgrp4pm8y49khf92nwg6peyk8zknze50fyej8mag6wewhz8fe08b5s5tkkky1z50bdqpnx37myp03s6dr6hsxxykdczvs59h6djt11s6pw6w5h51p1zzge5c0ttsdhv44w4ms2gx2b8dv39t1kpm9yx7qgzn2qxwb8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-39g6dccYfWZKJTl3wPY35aQDpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItMTU4MTcwNTI4MjE3ODU1MqABwq7o3QPIAQmpAurxuh3jp7M-qAMBqgSsAU_QXlLs351rTMHik2j_YHj59NrAKLdkedz44f7kZ-kKWxXiFiYnp0ldezJMsV_p0J7Wqak-uYOirsZKQkSmeOI8fXhkgqUj51G7sX1uB3mUp6TpCBfZftFGRoNuiONIQJ7jVoZZSqJgnWk1X5cGrnq9zNtyLb9lwqzVEDb4RFivHlJzE6Srl3179vHTUuyc--H8i6kKV8wal2azZdn4eq3jiVIplpLRIf_bxwiABuPMp6eF8Y2wSqAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3BrH8dInVr2Fzz-Q9JZaFqsRVGxA%2526client%253Dca-pub-1581705282178552%2526adurl%253D&y=0&z=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 148.251.139.77 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.77.139.251.148.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 18 Aug 2021 09:50:34 GMT
Server: Apache
P3P: CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 0

Redirect headers

Date: Wed, 18 Aug 2021 09:50:34 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1629280234_bbbc7ac0-0009-11ec-bfe3-692d0dec5663
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame D02E 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://three-back.work/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://three-back.work/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Wed, 18 Aug 2021 09:48:39 GMT
expires: Thu, 18 Aug 2022 09:48:39 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 115
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 62BB 783 B
531 B 17ms
17ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1dd2a98138c4ec9e78d9fe3b17f12af89b660436426c1812b8bac699824c1f5a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-FuYTwWpqoLes3V6bEUZgrw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://three-back.work/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://three-back.work/

Response headers

expires: Wed, 18 Aug 2021 09:50:34 GMT
date: Wed, 18 Aug 2021 09:50:34 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-FuYTwWpqoLes3V6bEUZgrw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Ajm_1Dco6FzJMXTSkNIprya5eOKjJQcFmLvO5y0HW5A.js Show response
pagead2.googlesyndication.com/bg/ Frame D02E 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ajm_1Dco6FzJMXTSkNIprya5eOKjJQcFmLvO5y0HW5A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0239bfd43728e85cc93174d290d229af26b978e2a325070598bbcee72d075b90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:20:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5383
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13491
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 Aug 2022 08:20:51 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 29ms
29ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210812&jk=2501388766877624&bg=!HB-lH1vNAAZvV8FTb1c7ACkAdvg8Wkxf3MZVnP2JGUgXq6ZRKYLm94E4V7jOAgY-nisDfd8WWS_aAQIAAABYUgAAAApoAQcKAOnKbCPn-Jv54O1kxIbRFVUJKe787UF1YsqPQFGmSRYh3KywcgDq47bfRXKXiBUUVITwHXUM5wTAU6llVMtKvpvfQl5T4-CzzngraygSHAyMT_THqNgdsIpWsAv3DCqIKGIyu53uVLu4NbTQxskBpelP83CBkFZfJTb9eDzslqHLDopt4o240GjpFG9fBB_SZpkHrlRmb9Ys_pB2Hw5he7sQneSNnZYipRHmHcUmUbxHEbTtXN59oTrs3YIzmQJiCCEwVFCm8virojk5rRlMAWe7OWrGotw0muONvkgxG4dbU43Tb62lZTr8TJkCdrXPDInaJoZityRDvZLucEkgbavy2VDi7MYe7InHbTzHeenivGhGzubPgKMWMMemcDfi0HLvNO3XMT8meyP9FeiMvt6R_8Sr-J_mY8_gpgJHqPcq4-YSdfqCfMWc0HTKwrS__isz32g6VoJJCY7DX-vXIqO-NPCWS0fnHobMhWtvKLJa_XZz4u9fUt5oa03T_qSuOAVNsOMNruGMfBpPBZwSYADM4JLUuhS4NNLxaRAOEIlsAFIhDkUNJAOuSU-JnoDSEyHmz2r2Ied4bnvl0Cw8d3Ecd8xlDp4_XDpNug__pctLlY8Vwm3PFoJBhR0D4eYx1Ilfhc9q4C9sBhliK-UAIm92DBqnbyMtUgmOzLBKqhSmSSxnLGNFcaJg3gl0V_CC_ztZXbc_cj2yE2MLXuBk9RETnnXW8bH5rtQRS_Az2d4963qx_GWpxT6RLsGQ6TJWkiKd5MgMZjuPgtqqah78pGlaN7kDVOjhdzEuUJxGhvicnrmagoKdPe8ZiqE6bLGqiJct_m-Eux39bNRU0JpUwx8yw4m3ncKr0BLiO0W_CXZyITbTgDcYaBlJuKwAto5MjxFc-IB-DXOC72vzRAPPncf2R_DhP_JJYR3dt14AjHQOW8HnhpqY7L9Y0ocGR2XWwG4GY7ygZeDFHoZWScbsKckaRl2dzRQmYvtcND2AOkSB_h0x53xcJiSfUuKjoqouDZUbmWNMejel1dnu57pjq7N-XdLB8MLohfQ7FjLw9vdVCDy7GaUMP5SApb1QIgRN3BbGMsK_vpjFVHmmsd1xC319UIHAK0bmLvE4rmJpGFlc0S91jG3LtZn4VCY5tdMqJyUt6A

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://three-back.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:50:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRzX6mycU5YRgYecHKdHnwAABFkAAAIB&google_cver=1&google_push=AYg5qPJQHsmq2NVlU2ifLi06Xkpm2vzbVBAITPi4_vUOkthrJ7CEbrCPQAJGOUy8eLVCNoBNv1SWl1NAft494HRjbqI5hpEmvsfW&google_gid=CAESEGcb-p4GShsHs6F2UzdZzlc

Verdicts & Comments Add Verdict or Comment

151 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 20:34:43	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 05:56:16	Name: IDE Value: AHWqTUkUXMRlH7XfsefDgPsUW83qOfLgRtevPGZ-mwbS0_uISHPMCGYTCiUzoVUI79g
.doubleclick.net/	1970-01-19 20:34:41	Name: test_cookie Value: CheckForPermission
three-back.work/	1970-01-19 20:34:42	Name: _pk_ses.1.ec7d Value: 1
three-back.work/	1970-01-20 06:00:35	Name: _pk_id.1.ec7d Value: ab182b2aa8b275d7.1629280234.
.three-back.work/	1970-01-20 05:56:16	Name: __gads Value: ID=d7e780508231cab4-225fefb1adc900a2:T=1629280232:RT=1629280232:S=ALNI_MbvMC5ld9ot8342JfaWrvkxEylDmg
.three-back.work/	1970-01-20 05:56:16	Name: FCCDCF Value: [null,null,["[[],[],[],[],null,null,true]",1629280232820],null,null]

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ad4m.at
adservice.google.com
adservice.google.de
ajax.googleapis.com
as.ad4m.at
assets.ad4m.at
b.hatena.ne.jp
b.st-hatena.com
banner.congstar.de
cdn.pixabay.com
cm.g.doubleclick.net
cms.quantserve.com
csi.gstatic.com
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
image6.pubmatic.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
prod-rtb.ad4mat.net
qr-official.line.me
rtb.openx.net
s.w.org
scdn.line-apps.com
securepubads.g.doubleclick.net
static-de.ad4mat.net
three-back.work
tpc.googlesyndication.com
www.awin1.com
www.google.com
www.googletagservices.com
www.three-back.work
cm.g.doubleclick.net
104.111.215.191
104.111.239.217
13.224.96.118
13.224.96.45
142.250.184.226
142.250.186.38
147.92.146.123
148.251.139.77
150.95.54.210
172.217.18.98
185.64.189.115
192.0.77.48
2.18.232.182
2600:1901:0:76b9::
2606:4700:20::ac43:4a81
2606:4700:3032::ac43:aa7a
2606:4700::6812:14b7
2620:116:800d:21:f916:5049:f87f:108e
2a00:1450:4001:801::2002
2a00:1450:4001:802::200e
2a00:1450:4001:803::2002
2a00:1450:4001:80f::200a
2a00:1450:4001:812::2001
2a00:1450:4001:812::2003
2a00:1450:4001:813::2004
2a00:1450:4001:827::2002
2a00:1450:4001:827::2004
2a00:1450:4001:828::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:831::2002
2a00:1450:4001:831::200a
2a00:1450:4002:404::2003
34.98.67.61
35.227.252.103
69.173.144.138
0239bfd43728e85cc93174d290d229af26b978e2a325070598bbcee72d075b90
023cd7e2d58f71286cca9d16a22508396798a90df55452def220aaccb03648ac
03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0
03d741330bbcf02d10b49ae22496c2dca57d21ed1d5a49ac303ef12869680d49
042b8d3ee42565179507f30eceb7fd3108e28bd06d87ffd843dcfac9252d5ff9
070edfef42e0980783d0acf8fa9ca6a9833b994eca13ffaa94e9a2deb47c92cf
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d421ab8abaa2d4b88ecc19902a04d9b5ac812bbb4be158dd1a72437ab32926b
0ec98adf593ebcc01bec60b1f494dacd47522abfef9038a714101d83f45e165d
1746cc85018bab92f0442999d488e5bd3a39a132966b50133a3ccfccdf708d1d
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
182227da36476403253412438e62f6d3269e419b45f914bee4ce04b5881d3e8a
1dd2a98138c4ec9e78d9fe3b17f12af89b660436426c1812b8bac699824c1f5a
1f88721b914f3ea902885d622d6d7d8327b47e3714d0b6b3a8cf39604ee8b67c
293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b
29d96496ccfa8ad61ca499fb465ac1fa66ccca13be0919c6a16bcbc0ba2ca7d2
2a4524121bf19007ba74de48ee59ab4226c29928282ef0534f07b499b3ca1c0d
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2cab7a7f81e564170298180caa05c0974b0a0cfd61d9ad832a51b7eaa2c8a2d0
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e36bd3bdbb929f427e79a6c84b7922b4375589386981eba29eb0cff57b02b1b
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
2f7d33eb35a98b9095accf4c2d455dc982d2d59601b46b0807303eb58c42c7a0
309c75feee3d3ae292e6a0ee948693a0672e590e7069a0a683f0d9c979a9d371
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
33a707e8755868f0d81e6d05162dd0239ed27ace94378585c2e82f306fa69f2e
340cebbd102b7e2229ef3e3d11779474717b3c1dd3446bf696deea24fab1df55
382843b96a3a0f2c2b38c583563caad12733ae44b4b5f1b97abe948fc461596f
398b6670ad0185a0996862a28b55e1bebac53a1cc7f8ed8e26e89b65eabf965d
3a4b03a6c128b46647ca81421d1b1db2577751a66b09c13677c8d753cac18c7a
3e65bc436e35cb24f4020abe8a71906ea53ca284df84095d6824e27f55883f90
3f7518bdbb2f1de962712e98d51270975c9ae40f5fa9c82d0803f47023c0f904
46ad6d89c2898629699bd5138d66f90def883b173fb8f24ad11d5b4da57e7afc
494627acb3c86254c238efaf66afcaf30d4293c7512a37a72b51a380d55e3880
4b179562b883c1257aabbad3a5641f965dd7331faa31fe06382a5d8c62d5ee19
4ba09e3c96399bf9a6f0a1c4f12351501d42e4f8e2cd97ffdf0a9650e7b16784
4f300e7fc0bc0e049e8620e1b8d85d1857b3a7af9492090f20f4b0366ef42353
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46
555858f907bda45e059201a8a3d8910876ef8d830b9b82cfc0ca9aa55c7b029a
56bf2dfb9f1735d0ec217531e6a064b01a5056e7b9f78246c93427299572421a
58629af3bd5fba642a9d794dc638478c29cb9daba582a7267fb608d6b3d36eb7
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5dc7e19fb451f1d64df8ab4a670f777c88101d8519e1dc670940dd03625457b2
615ad880102b508eabed46867224661b5142ad5bd9a0d87cff05712ea373035b
61fe4436f1d882b3acd98fb2763984bacd382664582f4918647b89894f46b871
6c44ef9b85a019fb318355095b3cdb9bf723394a862723dff6bc0bb59d18bf72
6d892d7f2ff79e40b7e8bfa74bb5bca608fda830a88efd5092ac1da9f8e1299b
6ebd93a1f2f8d10de3ea98c2aaa56a0c316c203c9203dd545a9699a3fd04030b
72e5e3fcd775fb75052cfa8980a8664b47e978d986fc7ab4ccd5f5c70c2ce9fb
7437a5077982ed799fe7c545a0524124c2b620c79a27ac7662b61199b775c567
745d8f58c6d5bf0e360b3665c7ea60fddfb2820d4d62e904a4043c4f145ba38f
758415fd3b5867003c3649969039694ee59b4774bb58246f3ec644e1dc577885
75970d2edf903237a88bf7dee75f7f78dcece4b01bfd0451b33c0aad0cb6a21b
761234007ae6b72ef3d4e81cf40cbd68cea3bc1f068fee8d41d369078311439d
78ee91371f8346e61b9bd70b5d0378f34db690a31265df048a426e69e5fffa8a
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
79a1fd9f71c69648edfe742cc8b1d2141a95d063e630aaa06a5cdf5faa50650d
79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
8255707b639b721c4c5a4329de6574331aadb575cedc7f032aa4858a0db73ae6
85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa
8e49b984d20b3e7cb3f2c4a08805dc3f66bb8a58ec08c365d0cf955dd57c77c7
8f35757970e1ff0371dd3b3e16bf38f582072bf88cd9bdb7fccd25af04458dc7
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
948f0c154ad97428bc1d1dee456f2e20ec4e0e302b0d3189e08a4573cb63cdb3
96e3246024b7d036175aef66849fdd5890c4d8f863bf827e5a57838b703b3d3b
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d9d0a192af19326de682dc0a4a0fd526190110fe5b2a40f3ecca9826754ea7d
9ea702fb284f13ba5bdfd77cc825845858466e0e10956a007c616e7e00df9a24
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a25f9c06df22a5b04bf070bde66fbf199cd2f7ea122d3a890cc4c45357ad4191
a46d95bbc673fe6eff13c5644be9b8a2df82a4ae72c004705d92e26b3b4a7b82
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5b71d3064c633af57df01b4e531b5ae312560ba863f49f85886659fc8362e83
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a7a0ef432d4be320c344e54dbfcc49e1f00b9f0e5c1547aa4c29b4b9fd280927
a8825c811f91f376b19ffcc0ddf9aab79c0009ce4cc4a680fe6e81c8eaf469a5
a8e9b957289449027842c1d37a4eaf6317f638aa693c40465e214360cb80f46c
a986c1b3b11a193434bcbd30c93a88bb86f08c2bd43f442ccdb1fc0eae9f7df4
aca78b4715adbf0d27ea5e6ac7a5ac7d3eb55f051f2b767dd05f2f558c2ee3ac
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
af55f0c6a549d286354966d0e237909396d3c0af5a5a7b8ee750e147d6a9da85
b03f8824c87fa1c322b227aeddb87d0bffb142815c18699c6fba59a59901a748
b58ab014a0a685b7669f1b5a9e6fe395bc6e917b9f8688ea685400c7a749de10
b67a87413ddc25f7dd362cd9a6c9a8356eac9898abc3da90c6ea1e56858c4dc5
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
b895973fe0101d4a0b180c117dcec43a056e36f9b502c76197f4e7ca2dfea416
b9658459005738134ebf34fcb1882a79e05339193f0f2df065850966069f9c5d
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bd6165c811e4f4ddda33e4e702db8abdca667da13716386ce75ae22e9886f05c
bf921c508b5b894f98bbe7a73fade7b515a06a10b0ea85454acf09a15c4c74b8
c30d817904ac7f0ac411f03e3a69bb9a658415da6d01c455360b2b5230835674
c35529095f6b1a1b2f9345e8d7e86532048ffbfdd082f03ed114be88865388df
c91edd932920ea766ebcc477d6466f7f75179c4e8509f8798c29af354c4380ef
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4
d4876c12b071f74470f52c0404d10730ab271ae769c2c407fe131dae8b33e236
d5076107ffd915b0bed086e72862af2758b65f008ac3384195da2a79a8c848eb
d5f3085127d154cbd72e219052312767d460633fafa6e38bb9a9446ddb03a270
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d6cd52651fa64dd75f14c75dbe13d695dae01d05b0eaac3522f160c20273520d
d7ea26b93c08451c3b36edf3aeed10447fcff13d7cd7fab7a8b9284d6af53185
da970a0b40bfb5aa803a12428e662b2c776c93afad703b536a0ec4cb46835680
dd9bfe5f04d4e393463f42b4f503763c36693306dffef16d481e0c071b61ae64
ddee3b7550624c244258abdcfc2824ce6327e652d31a01db50d35083290d5326
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
df7082849e38de724a9e44f1169768edf49b462f04d295927960d588a735bb5c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7363a2cbc6f57fe286b6fbdb6f13c57be00b8ef05e9afe1b82ac88d6026d7d3
e87a1c5e24f9a7c7dcb437417f0b05b0a3c12947ce32d65c990c988a8b5ed4d7
ea8082a6abf62fbbf414a90dee70cf79916101737ca24079413708515a1e1a99
eada0199611ed64855c05adeebf971b38929fe8ddf0882e1faf69eb7581b2a3b
eea0b9621509f98be77c5af1e9b5c952a675bda2b27c419876364017069e0c19
eeccf8db2f38aff197eb60e56e0957b2035e3e4e51b6f2117d32e139ee711eff
f10ffb92150be60d7ca32316c2e8e689ad610a1bcbacb3d8640d2571f9917771
f15837157125dd8537e5c8691e10932f3c55f1a0cdadbf0d05dd6fabc7be8291
f2964eaaa17b81ff911681e57089511c35c7ebbbb8cce98e8c64bad2de197149
f34bb7d9c8f2db0e78e5d7b226bc169182f8c22e7cd1a3e7b5767519b709c1bc
f80f03eda987ad9f833dac27b6815d22d556d30adb707f2da2f9da7c83a70b10
f88f3d9916d23136f41cc7587b6d1398583bcca71e68b38c828d6dbb41086f5b
f909bcd011d0f2906368d7bd276a17256450d6717d440aab4a4a5259bfed73f8
faf3a5b0232e4515f5c4b91225ab985faa6813ee78d0123a560def12ebe56597
fbb12ac6c339e865da5258237ebae68e2314f9afa18e1494f49c357d9cd8a9c1
ffbf2d2525e0baabd5fdf5289510e03e86ccb28dc9767ef58bf483077f3bfc75

three-back.work Open in urlscan Pro 150.95.54.210 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

172 Requests

99 %HTTPS

54 %IPv6

25 Domains

37 Subdomains

30 IPs

5 Countries

2120 kBTransfer

4147 kBSize

7 Cookies

7 Outgoing links

Page URL History

Redirected requests

172 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

three-back.work Open in urlscan Pro
150.95.54.210 Public Scan

Screenshot
Live screenshot

Full Image

172
Requests

99 %
HTTPS

54 %
IPv6

25
Domains

37
Subdomains

30
IPs

5
Countries

2120 kB
Transfer

4147 kB
Size

7
Cookies

172 HTTP transactions
4 data transactions