qiyada.me Open in urlscan Pro
85.17.64.49 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://qiyada.me/
Effective URL:
https://qiyada.me/
Submission: On November 09 via manual (November 9th 2022, 9:07:35 am UTC) from SA — Scanned from NL

Summary HTTP 199 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 30 IPs in 5 countries across 20 domains to perform 199 HTTP transactions. The main IP is 85.17.64.49, located in Netherlands and belongs to LEASEWEB-NL-AMS-01 Netherlands, NL. The main domain is qiyada.me.
TLS certificate: Issued by R3 on October 26th 2022. Valid for: 3 months.

This is the only time qiyada.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 53	85.17.64.49 85.17.64.49	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
13	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6812:d841	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
1	13.225.84.220 13.225.84.220	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	104.26.10.16 104.26.10.16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 11	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c1b::9d	15169 (GOOGLE) (GOOGLE)
6 13	2a00:1450:400... 2a00:1450:4001:801::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
5	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
37	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
6	52.50.105.134 52.50.105.134	16509 (AMAZON-02) (AMAZON-02)
2	2001:4de0:ac1... 2001:4de0:ac19::1:b:1b	20446 (STACKPATH...) (STACKPATH-CDN)
5	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
6	2600:9000:21f... 2600:9000:21f3:1000:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2 5	193.108.153.18 193.108.153.18	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8	2600:1f13:800... 2600:1f13:800:7781:70ba:6a18:c66a:4b88	16509 (AMAZON-02) (AMAZON-02)
1	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	52.46.143.56 52.46.143.56	16509 (AMAZON-02) (AMAZON-02)
199	30

53 85.17.64.49 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: wicksrv.hibridmena.com

qiyada.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:d841 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.izooto.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

qiyada.thewickfirm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.84.220 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-84-220.fra2.r.cloudfront.net

d10lpsik1i8c69.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.10.16 (United States)

ASN13335 (CLOUDFLARENET, US)

settings.luckyorange.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1b::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:801::2004 (Frankfurt am Main, Germany) 6 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.50.105.134 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-105-134.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac19::1:b:1b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

cdn.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:21f3:1000:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 193.108.153.18 (Frankfurt am Main, Germany) 2 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a193-108-153-18.deploy.static.akamaitechnologies.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:1f13:800:7781:70ba:6a18:c66a:4b88 (Boardman, United States)

ASN16509 (AMAZON-02, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.46.143.56 (Ashburn, United States)

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
53	qiyada.me 1 redirects qiyada.me	994 KB
47	googlesyndication.com 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 131 tpc.googlesyndication.com — Cisco Umbrella Rank: 167	680 KB
24	doubleclick.net 2 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 264 googleads.g.doubleclick.net — Cisco Umbrella Rank: 66 stats.g.doubleclick.net — Cisco Umbrella Rank: 166 cm.g.doubleclick.net — Cisco Umbrella Rank: 320	212 KB
20	adsafeprotected.com pixel.adsafeprotected.com — Cisco Umbrella Rank: 827 static.adsafeprotected.com — Cisco Umbrella Rank: 747 dt.adsafeprotected.com — Cisco Umbrella Rank: 677	291 KB
14	google.com 6 redirects www.google.com — Cisco Umbrella Rank: 17 adservice.google.com — Cisco Umbrella Rank: 134	3 KB
13	gstatic.com fonts.gstatic.com	207 KB
7	stickyadstv.com 2 redirects cdn.stickyadstv.com — Cisco Umbrella Rank: 7357 ads.stickyadstv.com — Cisco Umbrella Rank: 982	152 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 118	3 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 223	236 KB
5	google.nl www.google.nl — Cisco Umbrella Rank: 6051 adservice.google.nl — Cisco Umbrella Rank: 10272	2 KB
3	izooto.com cdn.izooto.com — Cisco Umbrella Rank: 16563	59 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	203 B
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 156	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	112 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 97	20 KB
1	amazon-adsystem.com s.amazon-adsystem.com — Cisco Umbrella Rank: 412	479 B
1	luckyorange.net settings.luckyorange.net — Cisco Umbrella Rank: 10903	740 B
1	cloudfront.net d10lpsik1i8c69.cloudfront.net	3 KB
1	thewickfirm.com qiyada.thewickfirm.com	3 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 121	52 KB
199	20

	Domain	Requested by
53	qiyada.me	1 redirects qiyada.me
37	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com qiyada.me 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
13	www.google.com	6 redirects qiyada.me tpc.googlesyndication.com 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
13	fonts.gstatic.com	qiyada.me fonts.googleapis.com
11	googleads.g.doubleclick.net	2 redirects www.googletagmanager.com 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
11	securepubads.g.doubleclick.net	qiyada.me securepubads.g.doubleclick.net www.googletagservices.com
8	dt.adsafeprotected.com
6	static.adsafeprotected.com	pixel.adsafeprotected.com qiyada.me
6	pixel.adsafeprotected.com	qiyada.me
6	fonts.googleapis.com	qiyada.me tpc.googlesyndication.com
5	ads.stickyadstv.com	2 redirects cdn.stickyadstv.com
5	www.googletagservices.com	securepubads.g.doubleclick.net 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
5	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
5	1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	www.google.nl	qiyada.me
3	cdn.izooto.com	qiyada.me cdn.izooto.com
2	cdn.stickyadstv.com	qiyada.me cdn.stickyadstv.com
2	www.facebook.com	qiyada.me
2	www.googleadservices.com	www.googletagmanager.com
2	connect.facebook.net	qiyada.me connect.facebook.net
2	www.google-analytics.com	qiyada.me www.google-analytics.com
1	s.amazon-adsystem.com
1	cm.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.nl	securepubads.g.doubleclick.net
1	stats.g.doubleclick.net	www.google-analytics.com
1	settings.luckyorange.net	d10lpsik1i8c69.cloudfront.net
1	d10lpsik1i8c69.cloudfront.net	qiyada.me
1	qiyada.thewickfirm.com	qiyada.me
1	www.googletagmanager.com	qiyada.me
199	30

This site contains links to these domains. Also see Links.

Domain
www.facebook.com

Subject Issuer	Validity	Valid
qiyada.me R3	`2022-10-26` - `2023-01-24`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-13` - `2023-06-13`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-08-18` - `2022-11-16`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.google.nl GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2022-04-28` - `2023-05-27`	a year	crt.sh
*.stickyadstv.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-12` - `2023-02-12`	a year	crt.sh
static.adsafeprotected.com Amazon	`2022-08-06` - `2023-09-04`	a year	crt.sh
*.ads.stickyadstv.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-14` - `2023-06-16`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2022-11-04` - `2023-12-03`	a year	crt.sh

This page contains 25 frames:

Primary Page: https://qiyada.me/
Frame ID: 1BBEBC44513A4DCAA6C8997F0B9763FA
Requests: 109 HTTP requests in this frame

Frame: https://cdn.izooto.com/scripts/sak/iz_setcid.html?v=1
Frame ID: 59E2D49447F1205A5CD080F319F09764
Requests: 1 HTTP requests in this frame

Frame: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html
Frame ID: 5282AF23A9AF350EC8A7556353078F1A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 87B268E63343C4C08BF61107B32FF759
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3E3AC024AE043E78D2862C7DE5E6D617
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 25A78BAC2C4CAB00603C9B6290CBE7AF
Requests: 1 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=930977&campId=1x1&pubId=4588498719&chanId=21733545191&placementId=4751858041&pubCreative=138239888598&pubOrder=2361034312&cb=459974170&adsafe_par&impId=&custom=qiyada.me
Frame ID: EE7B2DA112B4033094120FF3C4BB82FC
Requests: 2 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=930977&campId=1x1&pubId=4588498719&chanId=21733545191&placementId=4751858041&pubCreative=138239888598&pubOrder=2361034312&cb=459974170&adsafe_par&impId=&custom=qiyada.me
Frame ID: 2DB35DBF8AB179C37DB3B8B5847AA1E7
Requests: 2 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=930977&campId=1x1&pubId=4588498719&chanId=21733545191&placementId=4751858041&pubCreative=138239888598&pubOrder=2361034312&cb=459974170&adsafe_par&impId=&custom=qiyada.me
Frame ID: 6D8D4A2E38BD5783EFB42E3FCFF21B1C
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst3C0nexdP1Mi4A-qHWUFp4GMbOBAoC9Hza5_6ynnogEIybGJNGvyrXgdC17AjcaUuGzexfxmiyfvxqPkE2r_OyEGYmM8-_CetFCBmvzQbgkwoIJtPuH1oI_PoH9KVeLimDQKSbanftPC151x2R1CkYy18Oe3BvoUGO0w7O2zK6qxPmC8jbYR6wox_nV70i1241g5olYqKqvb2f6lQVdpA_alZKYmGEkMwLNy2_jhrfWAqyhPuM9SwDmcgFYOoN6kzZEEjhqM22svzl1FfqM708uJrEScrGUDj9JDAsVVPlyZOhdvrtBban64wdfZLTuUIXZXU&sai=AMfl-YQoiI8-OzoK5rT_DR0jGGI3yL2pHfGOB8XNFd3CPwG3IV_A1LNVcyYLCVu1hWMMBCqHm3eG5x51Xx1CM9ELElS1HVVnqkS8RrE7NmohJ6b27KiDq5llLtQOdWmZx192&sig=Cg0ArKJSzDvzjVbYSN64EAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 523F8B8A17B009E0CA42CF62EB8951C8
Requests: 8 HTTP requests in this frame

Frame: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html
Frame ID: 573F236659A34451ACA494ADE96C85DC
Requests: 7 HTTP requests in this frame

Frame: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html
Frame ID: 293F2552FBB13CD4E6211EC6AF98EC51
Requests: 7 HTTP requests in this frame

Frame: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html
Frame ID: 12084D3372BA474AB1C844C4176FD7D8
Requests: 8 HTTP requests in this frame

Frame: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html
Frame ID: BE576B3D36C8629410B7AB3C5A6B826D
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html
Frame ID: E20FD3881897E3FB0F95A838362DDCFA
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: D7E3FF802BA1D1CADD3B3101B48E147F
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html
Frame ID: C004A53C6ED1F35CDA1ACE39760E8F54
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: E49C4C9B3BC7DD61AE3FAAE8A6731FA6
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17064940463162654720/index.html
Frame ID: 882F4503531B8A3B6CECCC8C7D356A30
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: DFD33A6A0A37058C955467110FB7B7DA
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html
Frame ID: 3E6F4086410507180ACA02A6F65F7B13
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B83282897CEE0585701D8820F7BB2E35
Requests: 2 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 696413E57FE8D003FC035F4B3D52BA02
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: CDF2E559D8CD7D4E053202761BC6F824
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 88BDC894453C92FF26705C46DF1D32AD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Qiyada

Page URL History Show full URLs

http://qiyada.me/ HTTP 301
https://qiyada.me/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Izooto (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.izooto\.\w+

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

199
Requests

98 %
HTTPS

72 %
IPv6

20
Domains

30
Subdomains

30
IPs

5
Countries

3030 kB
Transfer

8675 kB
Size

13
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/qiyada.cars
Title: تابعنا على فايسبوك

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://qiyada.me/ HTTP 301
https://qiyada.me/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 82

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/796567012/?random=312992989&cv=11&fst=1667984847649&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=9HRZCJn1goYBEOTL6vsC&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fqiyada.me%2F&tiba=Qiyada&gtm_ee=1&auid=1646417394.1667984848&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=z21rY7qALoPy1gaP3aS4DA&sscte=1&crd=&pscrd=Ek9DaEVJZ0x5dG13WVE0S3ZjNEtISGdwTFdBUkltQUNsaVBha0M5ZlFmOFNaS21tVUFjRHpJWThmWUdNcmdSVlhWbTdTUEtWMEltd1c1YWtrGlpDaEVJZ0x5dG13WVFnWUdxOFkzY3o2Q09BUkl1QUQyZXdWbHNBWnRjeFUtbDZvWEVRYjFlVGpwRUpaLXNiLTFxU1FVX203NmhCVHRXSmFDblJyUjY5NG81bmc HTTP 302
https://www.google.com/pagead/1p-conversion/796567012/?random=312992989&cv=11&fst=1667984847649&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=9HRZCJn1goYBEOTL6vsC&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fqiyada.me%2F&tiba=Qiyada&gtm_ee=1&auid=1646417394.1667984848&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ0x5dG13WVE0S3ZjNEtISGdwTFdBUkltQUNsaVBha0M5ZlFmOFNaS21tVUFjRHpJWThmWUdNcmdSVlhWbTdTUEtWMEltd1c1YWtrGlpDaEVJZ0x5dG13WVFnWUdxOFkzY3o2Q09BUkl1QUQyZXdWbHNBWnRjeFUtbDZvWEVRYjFlVGpwRUpaLXNiLTFxU1FVX203NmhCVHRXSmFDblJyUjY5NG81bmc&is_vtc=1&ocp_id=z21rY7qALoPy1gaP3aS4DA&random=2170822926 HTTP 302
https://www.google.nl/pagead/1p-conversion/796567012/?random=312992989&cv=11&fst=1667984847649&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=9HRZCJn1goYBEOTL6vsC&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fqiyada.me%2F&tiba=Qiyada&gtm_ee=1&auid=1646417394.1667984848&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ0x5dG13WVE0S3ZjNEtISGdwTFdBUkltQUNsaVBha0M5ZlFmOFNaS21tVUFjRHpJWThmWUdNcmdSVlhWbTdTUEtWMEltd1c1YWtrGlpDaEVJZ0x5dG13WVFnWUdxOFkzY3o2Q09BUkl1QUQyZXdWbHNBWnRjeFUtbDZvWEVRYjFlVGpwRUpaLXNiLTFxU1FVX203NmhCVHRXSmFDblJyUjY5NG81bmc&is_vtc=1&ocp_id=z21rY7qALoPy1gaP3aS4DA&random=2170822926&ipr=y&prhg=0

Request Chain 83

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/796567012/?random=1285964588&cv=11&fst=1667984847647&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=9HRZCJn1goYBEOTL6vsC&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fqiyada.me%2F&tiba=Qiyada&gtm_ee=1&auid=1646417394.1667984848&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=z21rY8H-LZiy1wbG1peYCQ&sscte=1&crd=&pscrd=Ek9DaEVJZ0x5dG13WVE0S3ZjNEtISGdwTFdBUkltQUNsaVBha0M5ZlFmOFNaS21tVUFjRHpJWThmWUdNcmdSVlhWbTdTUEtWMEltd1c1YWtrGlpDaEVJZ0x5dG13WVFnWUdxOFkzY3o2Q09BUkl1QUQyZXdWa1FBX2xvWFRWZzlMRDFpODJnTWZJVWRpeS1lN2ppR2UwamUzWnNvUkJZWmJyX1ZFUktEOElmbWc HTTP 302
https://www.google.com/pagead/1p-conversion/796567012/?random=1285964588&cv=11&fst=1667984847647&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=9HRZCJn1goYBEOTL6vsC&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fqiyada.me%2F&tiba=Qiyada&gtm_ee=1&auid=1646417394.1667984848&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ0x5dG13WVE0S3ZjNEtISGdwTFdBUkltQUNsaVBha0M5ZlFmOFNaS21tVUFjRHpJWThmWUdNcmdSVlhWbTdTUEtWMEltd1c1YWtrGlpDaEVJZ0x5dG13WVFnWUdxOFkzY3o2Q09BUkl1QUQyZXdWa1FBX2xvWFRWZzlMRDFpODJnTWZJVWRpeS1lN2ppR2UwamUzWnNvUkJZWmJyX1ZFUktEOElmbWc&is_vtc=1&ocp_id=z21rY8H-LZiy1wbG1peYCQ&random=2327548981 HTTP 302
https://www.google.nl/pagead/1p-conversion/796567012/?random=1285964588&cv=11&fst=1667984847647&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=9HRZCJn1goYBEOTL6vsC&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fqiyada.me%2F&tiba=Qiyada&gtm_ee=1&auid=1646417394.1667984848&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ0x5dG13WVE0S3ZjNEtISGdwTFdBUkltQUNsaVBha0M5ZlFmOFNaS21tVUFjRHpJWThmWUdNcmdSVlhWbTdTUEtWMEltd1c1YWtrGlpDaEVJZ0x5dG13WVFnWUdxOFkzY3o2Q09BUkl1QUQyZXdWa1FBX2xvWFRWZzlMRDFpODJnTWZJVWRpeS1lN2ppR2UwamUzWnNvUkJZWmJyX1ZFUktEOElmbWc&is_vtc=1&ocp_id=z21rY8H-LZiy1wbG1peYCQ&random=2327548981&ipr=y&prhg=0

Request Chain 159

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 160

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 161

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 164

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 180

https://ads.stickyadstv.com/user-matching?id=11&_fw_gdpr=0&_fw_gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=MTZhOGI0MDcyMzgxZGZmZGZhOTU3ODhiMDZlMTU0ZA==&gdpr=0&gdpr_consent=&_fw_gdpr=0&_fw_gdpr_consent=

Request Chain 181

https://ads.stickyadstv.com/user-matching?id=2545&_fw_gdpr=0&_fw_gdpr_consent= HTTP 302
https://s.amazon-adsystem.com/ecm3?id=16a8b4072381dffdfa95788b06e154d&ex=freewheel.tv&gdpr=0&gdpr_consent=&_fw_gdpr=0&_fw_gdpr_consent=

199 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
qiyada.me/
Redirect Chain

http://qiyada.me/
https://qiyada.me/

191 KB
36 KB

494ms
443ms

Document
text/html

85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 7552c02b3188c5e1e2f67595e04ca979f2a07707e1dfaa194b1384d4017124f2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Cache-Control: private, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 09 Nov 2022 09:07:26 GMT
Link: <https://qiyada.me/wp-json/>; rel="https://api.w.org/", <https://qiyada.me/wp-json/wp/v2/pages/24095>; rel="alternate"; type="application/json", <https://qiyada.me/>; rel=shortlink
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding Accept-Encoding,User-Agent

Redirect headers

Connection: keep-alive
Content-Length: 226
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 09 Nov 2022 09:07:26 GMT
Location: https://qiyada.me/
Server: nginx

GET
H/1.1 200
OK fontawesome-webfont.woff2
qiyada.me/wp-content/plugins/better-social-counter/includes/libs/better-framework/assets/fonts/ 75 KB
76 KB 27ms
27ms Font
font/woff2 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/wp-content/plugins/better-social-counter/includes/libs/better-framework/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://qiyada.me/
Origin: https://qiyada.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:26 GMT
Last-Modified: Thu, 25 Feb 2021 11:17:00 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff2
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 77160

GET
H/1.1 200
OK bs-icons.woff
qiyada.me/wp-content/plugins/better-social-counter/includes/libs/better-framework/assets/fonts/ 14 KB
14 KB 114ms
34ms Font
font/woff 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/wp-content/plugins/better-social-counter/includes/libs/better-framework/assets/fonts/bs-icons.woff
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 8bd7e75c205b1650b2b9feb33de1565ec74c9213a030f287e5005e726daf9d6c

Request headers

Referer: https://qiyada.me/
Origin: https://qiyada.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Thu, 25 Feb 2021 11:17:00 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13852

GET
H2 200 DroidKufi-Bold.woff2
fonts.gstatic.com/ea/droidarabickufi/v6/ 31 KB
31 KB 134ms
58ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/ea/droidarabickufi/v6/DroidKufi-Bold.woff2

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31f02fb9a8ae77e5d8bb229bf73f473f783e8155042655926cafca211cd11c98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://qiyada.me/
Origin: https://qiyada.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 15:28:47 GMT
x-content-type-options: nosniff
age: 149920
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31544
x-xss-protection: 0
last-modified: Wed, 13 Aug 2014 16:50:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Nov 2023 15:28:47 GMT

GET
H2 200 SLXLc1nY6Hkvalqaa46L59Zea3Zl.woff2
fonts.gstatic.com/s/cairo/v10/ 12 KB
13 KB 194ms
118ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cairo/v10/SLXLc1nY6Hkvalqaa46L59Zea3Zl.woff2

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6788cab29b394586a4eb34b851240310d077e2c07d9918135b3aab334f4f616d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://qiyada.me/
Origin: https://qiyada.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sat, 05 Nov 2022 03:02:43 GMT
x-content-type-options: nosniff
age: 367484
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12772
x-xss-protection: 0
last-modified: Wed, 24 Mar 2021 17:47:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 05 Nov 2023 03:02:43 GMT

GET
H2 200 SLXGc1nY6HkvalIkTpumxdt0UX8.woff2
fonts.gstatic.com/s/cairo/v10/ 10 KB
10 KB 207ms
131ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cairo/v10/SLXGc1nY6HkvalIkTpumxdt0UX8.woff2

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78db0c19e5a798b2d976860008d763df31443c617f8d103170905932d1c8abeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://qiyada.me/
Origin: https://qiyada.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sat, 05 Nov 2022 04:12:02 GMT
x-content-type-options: nosniff
age: 363325
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10088
x-xss-protection: 0
last-modified: Wed, 24 Mar 2021 17:47:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 05 Nov 2023 04:12:02 GMT

GET
H2 200 SLXGc1nY6HkvalIhTpumxdt0.woff2
fonts.gstatic.com/s/cairo/v10/ 13 KB
13 KB 225ms
150ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cairo/v10/SLXGc1nY6HkvalIhTpumxdt0.woff2

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55632025f6c3687b30817e2536b22b697ba584ef31faca1d7c4ed1f13207c45e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://qiyada.me/
Origin: https://qiyada.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Thu, 03 Nov 2022 08:13:24 GMT
x-content-type-options: nosniff
age: 521643
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13392
x-xss-protection: 0
last-modified: Wed, 24 Mar 2021 17:47:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Nov 2023 08:13:24 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 247ms
172ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://qiyada.me/
Origin: https://qiyada.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Thu, 03 Nov 2022 03:39:47 GMT
x-content-type-options: nosniff
age: 538060
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Nov 2023 03:39:47 GMT

GET
H2 200 SLXLc1nY6Hkvalqaa46O59Zea3ZlqSo.woff2
fonts.gstatic.com/s/cairo/v10/ 10 KB
10 KB 199ms
124ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cairo/v10/SLXLc1nY6Hkvalqaa46O59Zea3ZlqSo.woff2

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dfe970dcacf61e3fa410a4a553690964e2b295f95ce3ebae5ce9f16ed0514d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://qiyada.me/
Origin: https://qiyada.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sat, 05 Nov 2022 02:50:27 GMT
x-content-type-options: nosniff
age: 368220
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10072
x-xss-protection: 0
last-modified: Wed, 24 Mar 2021 17:47:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 05 Nov 2023 02:50:27 GMT

GET
H/1.1 200
OK style-rtl.min.css
qiyada.me/wp-includes/css/dist/block-library/ 77 KB
11 KB 79ms
28ms Stylesheet
text/css 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/wp-includes/css/dist/block-library/style-rtl.min.css?ver=5.9
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: f02445f7bda0a5b7eaa31d9aad6a899407cbcd2b41de38a5ae8ccb009e86dc01

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:26 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Feb 2022 06:58:11 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=2592000, public
Connection: keep-alive
Expires: Fri, 09 Dec 2022 09:07:26 GMT

GET
H/1.1 200
OK styles.css
qiyada.me/wp-content/plugins/contact-form-7/includes/css/ 3 KB
1 KB 78ms
27ms Stylesheet
text/css 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.4
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:26 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Feb 2022 06:57:04 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=2592000, public
Connection: keep-alive
Expires: Fri, 09 Dec 2022 09:07:26 GMT

GET
H/1.1 200
OK styles-rtl.css
qiyada.me/wp-content/plugins/contact-form-7/includes/css/ 152 B
474 B 77ms
26ms Stylesheet
text/css 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/wp-content/plugins/contact-form-7/includes/css/styles-rtl.css?ver=5.5.4
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 076956289c202e94f3657469ef81a4d47dc69d2441d088de292918d6b07d30c9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:26 GMT
Last-Modified: Tue, 01 Feb 2022 06:57:04 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=2592000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 152
Expires: Fri, 09 Dec 2022 09:07:26 GMT

GET
H/1.1 200
OK js_composer_front-v83e03542631eb43c41932ba39ff248ca2735f7d2.css
qiyada.me/wp-content/cache/asset-cleanup/css/item/ 537 KB
91 KB 106ms
55ms Stylesheet
text/css 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/wp-content/cache/asset-cleanup/css/item/js_composer_front-v83e03542631eb43c41932ba39ff248ca2735f7d2.css
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: b2d1e152efc2a394d540e62296921c1a1da5fa21ab6b5f56fa1eaabb68d4b3f7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Content-Encoding: gzip
Last-Modified: Tue, 08 Nov 2022 23:28:18 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=2592000, public
Connection: keep-alive
Expires: Fri, 09 Dec 2022 09:07:26 GMT

GET
H/1.1 200
OK style.css
qiyada.me/wp-content/themes/publisher-child/ 4 KB
2 KB 90ms
37ms Stylesheet
text/css 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/wp-content/themes/publisher-child/style.css?ver=1.0.0
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 7a9b136844d61d5614a77f5f65bca648edcd8368eaa64be0571ce2dad2817ff5

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Jul 2020 11:27:53 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=2592000, public
Connection: keep-alive
Expires: Fri, 09 Dec 2022 09:07:27 GMT

GET
H2 200 css
fonts.googleapis.com/ 7 KB
1 KB 145ms
70ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Cairo:400,700|Open+Sans:400|Roboto:500&display=swap

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3f9518b91b38e946ebd308e0201a9dfb47de68703a6eede2f96f12c90b9ae234

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 09 Nov 2022 09:07:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 09:07:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 09 Nov 2022 09:07:27 GMT

GET
H2 200 droidarabickufi.css
fonts.googleapis.com/earlyaccess/ 1 KB
717 B 142ms
68ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/earlyaccess/droidarabickufi.css

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

06eb9b648fd1429d0cef25265009259c35f053a76118194b4073c98e161812be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Wed, 09 Nov 2022 09:07:27 GMT

GET
H/1.1 200
OK jquery.min.js Show response
qiyada.me/wp-includes/js/jquery/ 87 KB
31 KB 115ms
36ms Script
application/javascript 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Sep 2021 18:22:20 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=2592000, private
Connection: keep-alive
Expires: Fri, 09 Dec 2022 09:07:27 GMT

GET
H/1.1 200
OK jquery-migrate.min.js Show response
qiyada.me/wp-includes/js/jquery/ 11 KB
4 KB 32ms
29ms Script
application/javascript 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Dec 2020 16:12:35 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=2592000, private
Connection: keep-alive
Expires: Fri, 09 Dec 2022 09:07:27 GMT

GET
H2 200 ff6ea22a4b5559d3089622dfea2d113f2b85952e.js Show response
cdn.izooto.com/scripts/ 893 B
770 B 101ms
42ms Script
application/javascript 2606:4700::6812:d841
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.izooto.com/scripts/ff6ea22a4b5559d3089622dfea2d113f2b85952e.js

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d841 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

21bad2a2b3decd776b9f1c369962ceb561f4e723b1312b5714f5527b813daa1e

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:27 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 28 Jun 2022 05:11:57 GMT
server: cloudflare
age: 59242
etag: W/"62ba8d9d-37d"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-ray: 767565eda85ab978-AMS
x-xss-protection: 1; mode=block
expires: Sat, 10 Dec 2022 09:07:27 GMT

GET
H/1.1 200
OK 9f2dccf79208c8cf938140d781a1bb5d-v8c1603d40bfb8f872a620e85570fdfbc323869ba.css
qiyada.me/wp-content/cache/asset-cleanup/css/item/ 940 KB
133 KB 120ms
66ms Stylesheet
text/css 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/wp-content/cache/asset-cleanup/css/item/9f2dccf79208c8cf938140d781a1bb5d-v8c1603d40bfb8f872a620e85570fdfbc323869ba.css
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 9cb2a05566c35729815595677a37a3650135cdbde1535d5d805e419da19a63a0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Content-Encoding: gzip
Last-Modified: Tue, 08 Nov 2022 23:28:18 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=2592000, public
Connection: keep-alive
Expires: Fri, 09 Dec 2022 09:07:27 GMT

GET
H/1.1 200
OK 732e9a1a47b98b86d5d26b457aca1db9.css
qiyada.me/wp-content/bs-booster-cache/ 53 KB
8 KB 119ms
41ms Stylesheet
text/css 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/wp-content/bs-booster-cache/732e9a1a47b98b86d5d26b457aca1db9.css
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: aca909e410fe592e712c48b4a706623e93752ca61c629c7cb63a880ccde74cbe

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Mar 2022 05:33:32 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=2592000, public
Connection: keep-alive
Expires: Fri, 09 Dec 2022 09:07:27 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 79 KB
27 KB 246ms
72ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61a2ee23f665431f0e0fb1eaa7e3c96ab2ce02cb4314051434abaf05d833c205

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27299
x-xss-protection: 0
server: sffe
etag: "1388 / 110 of 1000 / last-modified: 1667948909"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 09 Nov 2022 09:07:27 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 134 KB
52 KB 249ms
76ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-796567012

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ae3ba22cdac43cd890e6eb78236f1866c2c86511593574935aa8023be061eb9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:27 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 52869
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 09 Nov 2022 09:07:27 GMT

GET
H/1.1 200
OK logo-1.png
qiyada.me/wp-content/uploads/2020/03/ 2 KB
2 KB 27ms
24ms Image
image/png 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2020/03/logo-1.png
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: aaf2547b98fe1c676f305940d81ebd43c61511ec98891b5a509031d418945494

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Mon, 09 Mar 2020 10:24:25 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1756
Expires: Thu, 09 Nov 2023 05:14:16 GMT

GET
H2 200 logo-1.png
qiyada.thewickfirm.com/wp-content/uploads/2019/07/ 2 KB
3 KB 137ms
43ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.thewickfirm.com/wp-content/uploads/2019/07/logo-1.png
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a4879818e21e711cb2697a0e0237e3760a55823a5bfd5cd3d8057df74f07a64

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:27 GMT
cf-cache-status: HIT
last-modified: Wed, 10 Jul 2019 07:34:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2045
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sVS99emeKJvo8jgqm%2FQIOBgI8GvjNjPKtOvAtIBw6a7owQQvvtgY2eZkjAcZtJ9gEXuUi0dFVFynkw6dwn9N2bkNtVLOL3WjswhdjeKAmHlLT3oJ7NscpyZeAUkYzoPXbX0mz0At8e%2BbVNYGoy%2Bi7pYQbc98"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 767565eef953b8b8-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2536

GET
H/1.1 200
OK email-illustration.png
qiyada.me/wp-content/themes/publisher/images/other/ 957 B
1 KB 27ms
24ms Image
image/png 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/themes/publisher/images/other/email-illustration.png
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 8bfffa2ebd7c611f0f42f8eb01a6587ba01cfe237d9cbe003f63b2998fa564ba

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Fri, 17 May 2019 10:01:32 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 957
Expires: Thu, 09 Nov 2023 05:14:25 GMT

GET
H/1.1 200
OK mailchimp.png
qiyada.me/wp-content/themes/publisher/images/other/ 583 B
873 B 28ms
25ms Image
image/png 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/themes/publisher/images/other/mailchimp.png
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 34a9b0498772690b14d3519a3bd0e855664fd793a68b27fb305f897fc5d9f662

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Fri, 17 May 2019 10:01:32 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 583
Expires: Thu, 09 Nov 2023 05:14:25 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 142ms
59ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 09 Nov 2022 07:24:49 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 6158
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Wed, 09 Nov 2022 09:24:49 GMT

GET
H/1.1 200
OK regenerator-runtime.min.js Show response
qiyada.me/wp-includes/js/dist/vendor/ 6 KB
3 KB 29ms
26ms Script
application/javascript 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Feb 2022 06:58:11 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=2592000, private
Connection: keep-alive
Expires: Fri, 09 Dec 2022 09:07:27 GMT

GET
H/1.1 200
OK wp-polyfill.min.js Show response
qiyada.me/wp-includes/js/dist/vendor/ 19 KB
7 KB 30ms
27ms Script
application/javascript 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Feb 2022 06:58:11 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=2592000, private
Connection: keep-alive
Expires: Fri, 09 Dec 2022 09:07:27 GMT

GET
H/1.1 200
OK index.js Show response
qiyada.me/wp-content/plugins/contact-form-7/includes/js/ 9 KB
4 KB 36ms
31ms Script
application/javascript 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.4
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 679e44f9b4bbbc2ad0c4000c1413fd3a88627d83f1cba8ebdac26f81bc7edb78

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Feb 2022 06:57:04 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=2592000, private
Connection: keep-alive
Expires: Fri, 09 Dec 2022 09:07:27 GMT

GET
H/1.1 200
OK ga4wpjs.js Show response
qiyada.me/wp-content/plugins/reduce-bounce-rate/js/ 2 KB
1 KB 32ms
31ms Script
application/javascript 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/wp-content/plugins/reduce-bounce-rate/js/ga4wpjs.js?ver=5.9
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 1fba01948b673d1683ec24069c1a2e7f1ea736fcc64abb5abee897fbb63bd02b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Aug 2018 07:09:20 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=2592000, private
Connection: keep-alive
Expires: Fri, 09 Dec 2022 09:07:27 GMT

GET
H/1.1 200
OK js_composer_front.min.js Show response
qiyada.me/wp-content/plugins/js_composer/assets/js/dist/ 20 KB
6 KB 39ms
38ms Script
application/javascript 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.2.0
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 9be6923457d76debf4c512fac0a2173aaa94748868d26566515ce2a4156d083d

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Content-Encoding: gzip
Last-Modified: Fri, 25 Sep 2020 09:27:36 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=2592000, private
Connection: keep-alive
Expires: Fri, 09 Dec 2022 09:07:27 GMT

GET
H/1.1 200
OK 99aa5dbb14d92387669f6190df6fe219.js Show response
qiyada.me/wp-content/bs-booster-cache/ 252 KB
72 KB 38ms
37ms Script
application/javascript 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/wp-content/bs-booster-cache/99aa5dbb14d92387669f6190df6fe219.js?ver=5.9
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 9bb1ab7eff6e456d6b159fd68f737e30a0085b41a8f252c10242697746d1653e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Sep 2021 13:18:36 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=2592000, private
Connection: keep-alive
Expires: Fri, 09 Dec 2022 09:07:27 GMT

GET
H2 200 w.js Show response
d10lpsik1i8c69.cloudfront.net/ 5 KB
3 KB 175ms
37ms Script
application/javascript 13.225.84.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.84.220 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-84-220.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 389e7668a1ebd8a04eca206d27b7147519be465eed883f6a2d68bd419ada24b4

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 08:21:18 GMT
content-encoding: gzip
via: 1.1 0d94766f433ae64cf30c40acb74fc43e.cloudfront.net (CloudFront)
last-modified: Fri, 02 Sep 2022 19:59:48 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 2769
etag: W/"dc0bbcecf2e632d9beb92f4d88b21c2b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: RPmysWWUg2FwGYqYtKUsHOEHbuppWI7pMn2ihbTmdTmcMV9k_r8BkA==

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
qiyada.me/wp-includes/js/ 18 KB
5 KB 39ms
38ms Script
application/javascript 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://qiyada.me/wp-includes/js/wp-emoji-release.min.js?ver=5.9
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Sep 2021 18:22:20 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=2592000, private
Connection: keep-alive
Expires: Fri, 09 Dec 2022 09:07:27 GMT

GET
H2 200 izooto.js Show response
cdn.izooto.com/scripts/sdk/ 236 KB
57 KB 50ms
48ms Script
application/javascript 2606:4700::6812:d841
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.izooto.com/scripts/sdk/izooto.js

Requested by

Host: cdn.izooto.com
URL: https://cdn.izooto.com/scripts/ff6ea22a4b5559d3089622dfea2d113f2b85952e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d841 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2c5c558a18f832bc563e58fd017c64111aad613a29208eb5f413867624ac6fe

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:27 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 02 Nov 2022 12:46:07 GMT
server: cloudflare
age: 591623
etag: W/"6362668f-3af00"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-ray: 767565ee694db978-AMS
x-xss-protection: 1; mode=block
expires: Sat, 10 Dec 2022 09:07:27 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 103 KB
28 KB 142ms
36ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f896040524443394b8b1ba4fbd1de94be74378ab901e53b3b40c1323d1735143

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 09 Nov 2022 09:07:27 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27337
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: 4YHvt5fmhchP7twGet2i0EwExmZUoEnbBr0if54LcIkDcTcbFnL9nSh1AgQBJFA/19diL/2Kdt8IVlKAfye0ig==
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 SLXGc1nY6HkvalIhTps.woff2
fonts.gstatic.com/s/cairo/v20/ 32 KB
33 KB 87ms
75ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cairo/v20/SLXGc1nY6HkvalIhTps.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cairo:400,700|Open+Sans:400|Roboto:500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e87849f221bbdc16a325dca3a1474301c20b365d2a27dce81ffe6ef2beb7eb44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://qiyada.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 10:04:44 GMT
x-content-type-options: nosniff
age: 82963
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33172
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 19:42:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Nov 2023 10:04:44 GMT

GET
H2 200 SLXGc1nY6HkvalIkTpu0xg.woff2
fonts.gstatic.com/s/cairo/v20/ 29 KB
29 KB 73ms
65ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cairo/v20/SLXGc1nY6HkvalIkTpu0xg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cairo:400,700|Open+Sans:400|Roboto:500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2145070a8525d28e5c6e41f9502578728f6d98c9b302a508b8f1705b6e33015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://qiyada.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 01:07:37 GMT
x-content-type-options: nosniff
age: 28790
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29984
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 19:42:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 Nov 2023 01:07:37 GMT

GET
H/1.1 200
OK BowlerDefender007Top-750x430.jpg
qiyada.me/wp-content/uploads/2022/03/ 31 KB
31 KB 29ms
27ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2022/03/BowlerDefender007Top-750x430.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 1dfb04f202a8de07b06db8dac2ef76dbd4455296864f31f6827f59f34c4d09be

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Thu, 31 Mar 2022 12:32:29 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 31711
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK 3000x1700-nim1-1.jpg.ximg_.l_full_m.smart_-1-750x430.jpg
qiyada.me/wp-content/uploads/2020/09/ 47 KB
47 KB 93ms
86ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2020/09/3000x1700-nim1-1.jpg.ximg_.l_full_m.smart_-1-750x430.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 5cce843a757127533d672fa3e2cc81b31532a28ad5fd0f447ade935fd12fa96a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Fri, 11 Sep 2020 09:58:40 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 47690
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK The-all-new-Kia-Niro_2-357x210.jpg
qiyada.me/wp-content/uploads/2022/01/ 16 KB
17 KB 75ms
68ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2022/01/The-all-new-Kia-Niro_2-357x210.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: b9fb8d655e386b9d1e3c9c065eeb5284df3b9557fc45240352cb4be9a46950f0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Wed, 19 Jan 2022 13:51:12 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16622
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK 2022-INFINITI-QX60-3-357x210.jpg
qiyada.me/wp-content/uploads/2021/09/ 16 KB
16 KB 37ms
30ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2021/09/2022-INFINITI-QX60-3-357x210.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 34eaadba0729e3c08ac20cfe3bb25c6259d9884e2984b4dc9cc390ebd9bd646a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Sun, 12 Sep 2021 09:36:30 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16238
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK %D8%AC%D9%8A%D8%A8-%D8%AC%D9%84%D8%A7%D8%AF%D9%8A%D8%AA%D9%88%D8%B1-%D8%B3%D8%A7%D9%86%D8%AF-%D8%B1%D8%A7%D9%86%D8%B1-%D8%AF%D9%8A%D8%B2%D8%B1%D8%AA-%D8%B1%D9%8A%D8%AA%D8%AF-357x210.jpg
qiyada.me/wp-content/uploads/2021/07/ 18 KB
18 KB 33ms
32ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2021/07/%D8%AC%D9%8A%D8%A8-%D8%AC%D9%84%D8%A7%D8%AF%D9%8A%D8%AA%D9%88%D8%B1-%D8%B3%D8%A7%D9%86%D8%AF-%D8%B1%D8%A7%D9%86%D8%B1-%D8%AF%D9%8A%D8%B2%D8%B1%D8%AA-%D8%B1%D9%8A%D8%AA%D8%AF-357x210.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 35da628dcb8849cc8153045c34ec07a7616177bb150196ba33cff63880d55e30

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Wed, 07 Jul 2021 10:21:43 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18022
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H2 200 iz_setcid.html Show response
cdn.izooto.com/scripts/sak/ Frame 59E2 4 KB
1 KB 71ms
39ms Document
text/html 2606:4700::6812:d841
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.izooto.com/scripts/sak/iz_setcid.html?v=1

Requested by

Host: cdn.izooto.com
URL: https://cdn.izooto.com/scripts/sdk/izooto.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d841 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cebfa75512f12a4d2f05cacae40f83ddc3e1efaf90aba3d5c9eabe0625a94858

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://qiyada.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-origin: *
age: 591890
cache-control: public, max-age=2678400
cf-cache-status: HIT
cf-ray: 767565ef7ac0b978-AMS
content-encoding: br
content-type: text/html
date: Wed, 09 Nov 2022 09:07:27 GMT
expires: Sat, 10 Dec 2022 09:07:27 GMT
last-modified: Tue, 05 Apr 2022 12:00:20 GMT
server: cloudflare
vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK BowlerDefender007Top-357x210.jpg
qiyada.me/wp-content/uploads/2022/03/ 11 KB
11 KB 68ms
45ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2022/03/BowlerDefender007Top-357x210.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 31c6143e7b31880652dbfcd10e17c4d9688031db12163c802758ffca4229294b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Thu, 31 Mar 2022 12:32:29 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11125
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK The-all-new-Kia-Niro_2-210x136.jpg
qiyada.me/wp-content/uploads/2022/01/ 7 KB
7 KB 46ms
24ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2022/01/The-all-new-Kia-Niro_2-210x136.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 64c483cbd312a02a7c207bc72021720a09dea16d25277c788cbf71ccfb8aeda3

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Wed, 19 Jan 2022 13:51:11 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7235
Expires: Thu, 09 Nov 2023 09:04:24 GMT

GET
H/1.1 200
OK 2022-INFINITI-QX60-3-210x136.jpg
qiyada.me/wp-content/uploads/2021/09/ 7 KB
7 KB 35ms
34ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2021/09/2022-INFINITI-QX60-3-210x136.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: e2565fcd8f4b74820d98a57ec1c8bbcbef4ea164432b3b04a17d27d899a0d493

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Sun, 12 Sep 2021 09:36:30 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7283
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK %D8%AC%D9%8A%D8%A8-%D8%AC%D9%84%D8%A7%D8%AF%D9%8A%D8%AA%D9%88%D8%B1-%D8%B3%D8%A7%D9%86%D8%AF-%D8%B1%D8%A7%D9%86%D8%B1-%D8%AF%D9%8A%D8%B2%D8%B1%D8%AA-%D8%B1%D9%8A%D8%AA%D8%AF-210x136.jpg
qiyada.me/wp-content/uploads/2021/07/ 8 KB
8 KB 31ms
30ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2021/07/%D8%AC%D9%8A%D8%A8-%D8%AC%D9%84%D8%A7%D8%AF%D9%8A%D8%AA%D9%88%D8%B1-%D8%B3%D8%A7%D9%86%D8%AF-%D8%B1%D8%A7%D9%86%D8%B1-%D8%AF%D9%8A%D8%B2%D8%B1%D8%AA-%D8%B1%D9%8A%D8%AA%D8%AF-210x136.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: aadce9f6fd0d57a94e5445c86ece1045ad473ac62521505f0f5786a406887edd

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Wed, 07 Jul 2021 10:21:43 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8014
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK image_search_1608213096694-210x136.jpg
qiyada.me/wp-content/uploads/2020/12/ 8 KB
9 KB 35ms
35ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2020/12/image_search_1608213096694-210x136.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: c15ade1a11c10e9dc5629d3e30a49582931f73a94d90d4b11fd4e757276f2cb8

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Thu, 17 Dec 2020 13:56:31 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8639
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK The-all-new-Kia-Niro_2-86x64.jpg
qiyada.me/wp-content/uploads/2022/01/ 2 KB
2 KB 62ms
54ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2022/01/The-all-new-Kia-Niro_2-86x64.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 82b1172bf1a464f69261f402cd79f02fcf7caa7fd58e59bea5297731d807affc

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Wed, 19 Jan 2022 13:51:11 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2100
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK Alfa-Romeo-Tonale--86x64.png
qiyada.me/wp-content/uploads/2022/02/ 14 KB
14 KB 56ms
55ms Image
image/png 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2022/02/Alfa-Romeo-Tonale--86x64.png
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 1f929764de55ac5f074419e6ad4085c39840f65ede66336cc32dc7b6a542afd0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Thu, 10 Feb 2022 11:54:54 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14031
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK Kia-K8-Exterior-2-86x64.jpg
qiyada.me/wp-content/uploads/2021/09/ 3 KB
3 KB 137ms
136ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2021/09/Kia-K8-Exterior-2-86x64.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 99478beede4136db6c922e8d97e937f1a501c749ab3b56c1bfb3c3d8d77f497f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Tue, 21 Sep 2021 08:01:19 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2774
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK 43-86x64.png
qiyada.me/wp-content/uploads/2020/10/ 14 KB
15 KB 125ms
124ms Image
image/png 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2020/10/43-86x64.png
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 6117409455687ef372ed13a5cbc9e1bb4c11a2689d96d89f1adfec219aa16427

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Thu, 22 Oct 2020 09:31:40 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14715
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK 4-86x64.png
qiyada.me/wp-content/uploads/2022/03/ 10 KB
10 KB 64ms
63ms Image
image/png 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2022/03/4-86x64.png
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 37346a0c56b701000db6c3408109a23b92e75bb52f770aabcc266f8b89cf0835

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Mon, 21 Mar 2022 09:32:14 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10334
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK mail-86x64.jpg
qiyada.me/wp-content/uploads/2022/03/ 2 KB
2 KB 81ms
80ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2022/03/mail-86x64.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 30a07b9b995d032634946936eadd0bde6474e8ea00bb66dcbf9f2f8a8533fcc3

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Mon, 21 Mar 2022 07:14:08 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2148
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK 9890-86x64.jpg
qiyada.me/wp-content/uploads/2022/03/ 2 KB
2 KB 41ms
41ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2022/03/9890-86x64.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 861dad47916f3df9254a213a0392b0f9e1178790dbcab6897f1266d008693f63

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Mon, 21 Mar 2022 06:50:15 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1912
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK HEROLINEUP_DESIGNERSCHOICE-86x64.jpg
qiyada.me/wp-content/uploads/2022/03/ 2 KB
2 KB 32ms
32ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2022/03/HEROLINEUP_DESIGNERSCHOICE-86x64.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 1794aaf7bfce250af992f76301c1ae7d411f393b7684c898f6df9dcc3fa820b0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Thu, 17 Mar 2022 08:02:10 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2168
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK General-Motors-Offers-Tips-for-Effectively-Cleaning-Your-Car-5-86x64.jpg
qiyada.me/wp-content/uploads/2022/03/ 2 KB
3 KB 40ms
40ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2022/03/General-Motors-Offers-Tips-for-Effectively-Cleaning-Your-Car-5-86x64.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: a05f4d316a99f05a17f390c76a95a0df1f37d962a98008be6147b9f22abb233e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Wed, 09 Mar 2022 08:38:35 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2515
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK 1550760455_602_72875_-86x64.jpg
qiyada.me/wp-content/uploads/2020/09/ 2 KB
2 KB 121ms
121ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2020/09/1550760455_602_72875_-86x64.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: afac56b59f8f49eb5aeaf81775787375538f5639c2aa5d4b2b82c2ccbac501b7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Fri, 04 Sep 2020 23:02:38 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1799
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK %D9%86%D9%8A%D8%B3%D8%A7%D9%86-%D8%AA%D8%B7%D9%84%D9%82-%D8%AE%D8%B7%D8%A9-%D8%B1%D9%82%D9%85%D9%8A%D8%A9-%D8%AC%D8%AF%D9%8A%D8%AF%D8%A9-%D9%84%D8%AA%D8%B9%D8%B2%D9%8A%D8%B2-%D8%AA%D8%AC%D8%B1%D8%A...
qiyada.me/wp-content/uploads/2022/03/ 13 KB
13 KB 108ms
108ms Image
image/png 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2022/03/%D9%86%D9%8A%D8%B3%D8%A7%D9%86-%D8%AA%D8%B7%D9%84%D9%82-%D8%AE%D8%B7%D8%A9-%D8%B1%D9%82%D9%85%D9%8A%D8%A9-%D8%AC%D8%AF%D9%8A%D8%AF%D8%A9-%D9%84%D8%AA%D8%B9%D8%B2%D9%8A%D8%B2-%D8%AA%D8%AC%D8%B1%D8%A8%D8%A9-%D8%A7%D9%84%D8%B9%D9%85%D9%84%D8%A7%D8%A1-%D9%81%D9%8A-%D8%A7%D9%84%D9%85%D9%86%D8%B7%D9%82%D8%A9-2-86x64.png
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: e1a566a59006b3c932270dbeb313483186d0f42a17b2b7fb9a9a4e570cb1d39b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Tue, 01 Mar 2022 08:50:43 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13236
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK ford_wallpaper_generic-750x430.jpg
qiyada.me/wp-content/uploads/2022/02/ 41 KB
41 KB 105ms
105ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2022/02/ford_wallpaper_generic-750x430.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: f62ceca9ef138dfdc048d23f57792999c7a6742e6f95f157ad81fd12795252a5

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Wed, 02 Feb 2022 11:35:36 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 41479
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK 1974-Corolla-3rd-generation--86x64.jpg
qiyada.me/wp-content/uploads/2021/08/ 2 KB
2 KB 87ms
87ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2021/08/1974-Corolla-3rd-generation--86x64.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 03ca56ec5ded9805d7e0c8b61ff5eff744111e59d37567b3083aece3c0677fd2

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Wed, 18 Aug 2021 11:20:39 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2067
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK maxresdefault-1024x576-1-86x64.jpg
qiyada.me/wp-content/uploads/2021/03/ 3 KB
3 KB 107ms
106ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2021/03/maxresdefault-1024x576-1-86x64.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 86575a4520b6bbbc8240906dadae560fa68efcb44f3c96c968b1dd0b29cc679b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Thu, 18 Mar 2021 11:32:25 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2936
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK %D8%A8%D9%8A%D9%86%D8%AA%D8%A7%D9%8A%D8%AC%D8%A7-%D8%B3%D8%A8%D9%8A%D8%AF-2021-86x64.jpg
qiyada.me/wp-content/uploads/2021/04/ 2 KB
3 KB 79ms
78ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2021/04/%D8%A8%D9%8A%D9%86%D8%AA%D8%A7%D9%8A%D8%AC%D8%A7-%D8%B3%D8%A8%D9%8A%D8%AF-2021-86x64.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: f1c5bc8c04a5d635e4faee3152aeea552a7786e76cb44cd2fc6c64925a8aad2d

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Wed, 07 Apr 2021 12:58:03 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2400
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK %D8%A8%D8%A7%D8%AA%D9%8A%D8%B3%D8%AA%D8%A7-%D9%87%D8%A7%D9%8A%D8%A8%D8%B1-%D8%AC%D9%8A-%D8%AA%D9%8A-750x430.jpeg
qiyada.me/wp-content/uploads/2021/02/ 59 KB
59 KB 87ms
87ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2021/02/%D8%A8%D8%A7%D8%AA%D9%8A%D8%B3%D8%AA%D8%A7-%D9%87%D8%A7%D9%8A%D8%A8%D8%B1-%D8%AC%D9%8A-%D8%AA%D9%8A-750x430.jpeg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 7a4c34c57ebe1d260bb29d8c0d8794a516b38c94c0f39caa26588c65c9a371db

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Thu, 04 Feb 2021 06:25:47 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 60259
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK 598845-357x210.jpg
qiyada.me/wp-content/uploads/2020/09/ 16 KB
16 KB 72ms
71ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2020/09/598845-357x210.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 7c5d38bbf64df440fcb31805703e2560b576ca72d7cb435b8e3d1f6cfe648b2b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Sun, 13 Sep 2020 22:50:02 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16119
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK 10-09-20-758918431-357x210.jpg
qiyada.me/wp-content/uploads/2020/09/ 10 KB
11 KB 35ms
34ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2020/09/10-09-20-758918431-357x210.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 7d8a984bf6b28cfb6dc1e297afe131ddb7ce997f2388f52bc2ddcd17fb02f4eb

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Thu, 10 Sep 2020 21:16:26 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10633
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H3 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v34/ 16 KB
16 KB 78ms
63ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cairo:400,700|Open+Sans:400|Roboto:500&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://qiyada.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 18:52:55 GMT
x-content-type-options: nosniff
age: 137672
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16740
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Nov 2023 18:52:55 GMT

GET
H/1.1 200
OK maxresdefault-3-357x210.jpg
qiyada.me/wp-content/uploads/2020/09/ 10 KB
10 KB 48ms
47ms Image
image/jpeg 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2020/09/maxresdefault-3-357x210.jpg
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 8f31380a8ffc553ae12b2516f48d752a00457b9c6b9e7b3d8e578502af7de7fb

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Mon, 07 Sep 2020 22:26:40 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10279
Expires: Thu, 09 Nov 2023 09:07:27 GMT

GET
H/1.1 200
OK 5f510236423604793754d1f1-357x210.png
qiyada.me/wp-content/uploads/2020/09/ 99 KB
99 KB 49ms
48ms Image
image/png 85.17.64.49
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qiyada.me/wp-content/uploads/2020/09/5f510236423604793754d1f1-357x210.png
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.17.64.49 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: wicksrv.hibridmena.com
Software: nginx /
Resource Hash: 10afd750dd7bb8f813c043fa90426a66191c9d0832b7751cff49b72a6567bfdc

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:27 GMT
Last-Modified: Sun, 06 Sep 2020 21:57:24 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 101106
Expires: Thu, 09 Nov 2023 09:07:27 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 182ms
64ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1440253106&t=pageview&_s=1&dl=https%3A%2F%2Fqiyada.me%2F&ul=en-us&de=UTF-8&dt=Qiyada&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KEBAAEABEAAAACAAI~&jid=1111982802&gjid=528632592&cid=2051332650.1667984847&tid=UA-121791568-1&_gid=1992142360.1667984847&_r=1&_slc=1&z=1444840928

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://qiyada.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://qiyada.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
settings.luckyorange.net/ 129 B
740 B 188ms
127ms Fetch
application/json 104.26.10.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://settings.luckyorange.net/?u=https%3A%2F%2Fqiyada.me%2F&s=161855

Requested by

Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.10.16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ba8ceaea46933b8fc9e6208ee00ace3cd6f7afaf3b45f4406a8def4a444c8cc

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:27 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://qiyada.me
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ivdKmypFAi0roPmPL9iB3K2ta6E4SQHvupsS1xQFT55UDr7bF6LTIXXlEyJJrETRBgcXllE%2Fn1pJBE1RiVI3KCY6No1JHhwBl8h7NBKzx3kjPADqVu540jRxS%2BWwPNFUqQP%2BsSmKcRvlCw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-credentials: true
cf-ray: 767565f13f100c85-AMS
access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,Keep-Alive,X-Requested-With,If-Modified-Since

GET
H3 200 2118422395132635 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 405ms
370ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2118422395132635?v=2.9.89&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1528df79edfea36259c2ff9bfa9a7d0a3ce0d1c1a4cd61931cc4f14d81d1209a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 09 Nov 2022 09:07:27 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: PZ07ByJVyO3KhCPw6QJSuhVEizLe9/Va141rSFXoifait9/wKyCOBH6+DrERAibeRlQnDM/vsG4PyYUmZDAY2Q==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 pubads_impl_2022110701.js Show response
securepubads.g.doubleclick.net/gpt/ 381 KB
129 KB 181ms
62ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022110701.js?cb=31070811

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

480c6d422ac35b202cb5c0ff3e440a24c46c4d598282004216321f24544ae625

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 08:14:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3174
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131675
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 09:35:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 09 Nov 2023 08:14:33 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 79 B
87 B 103ms
40ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=qiyada.me

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

22edc0c8610609c6b52d86633dcd99652aff64655893fb7ede9cf7c8fa400da1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 63
x-xss-protection: 0
expires: Wed, 09 Nov 2022 09:07:27 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/796567012/ 2 KB
1 KB 199ms
76ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/796567012/?random=1667984847636&cv=11&fst=1667984847636&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fqiyada.me%2F&tiba=Qiyada&auid=1646417394.1667984848&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-796567012

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d71a901362d382c49c8ec005d8fa763f7ec3fb51a9210733ccc5d5bbd317187

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 857
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/796567012/ 2 KB
2 KB 126ms
43ms Script
text/javascript 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/796567012/?random=1667984847647&cv=11&fst=1667984847647&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=9HRZCJn1goYBEOTL6vsC&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fqiyada.me%2F&tiba=Qiyada&gtm_ee=1&auid=1646417394.1667984848&uaw=0&data=event%3Dconversion&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-796567012

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

16a6b0df457b43ba6ff56db36c74cb8707dabb44a0613ef7f4e8b1511edbaf4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1175
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/796567012/ 2 KB
1 KB 125ms
43ms Script
text/javascript 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/796567012/?random=1667984847649&cv=11&fst=1667984847649&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=9HRZCJn1goYBEOTL6vsC&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fqiyada.me%2F&tiba=Qiyada&gtm_ee=1&auid=1646417394.1667984848&uaw=0&data=event%3Dconversion&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-796567012

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

407f1eb0d835551786663e5c2c30a4626332570ef2e86e1a1691a26657a346c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
438 B 96ms
31ms XHR
text/plain 2a00:1450:400c:c1b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-121791568-1&cid=2051332650.1667984847&jid=1111982802&gjid=528632592&_gid=1992142360.1667984847&_u=KEBAAEAAEAAAACAAI~&z=746082019

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

122fac0ffbb44fb8bba0388baa11afc67faec3b223a06871a40dbcab4c6cc787

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://qiyada.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 09 Nov 2022 09:07:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://qiyada.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 128ms
57ms Image
image/gif 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-121791568-1&cid=2051332650.1667984847&jid=1111982802&_u=KEBAAEAAEAAAACAAI~&z=1086520294

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.nl/ads/ 42 B
107 B 201ms
82ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.nl/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-121791568-1&cid=2051332650.1667984847&jid=1111982802&_u=KEBAAEAAEAAAACAAI~&z=1086520294

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.nl/pagead/1p-conversion/796567012/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/796567012/?random=312992989&cv=11&fst=1667984847649&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=9HRZCJn1goYBEOTL6vs...
https://www.google.com/pagead/1p-conversion/796567012/?random=312992989&cv=11&fst=1667984847649&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=9HRZCJn1goYBEOTL6vsC&hn=www.googleadserv...
https://www.google.nl/pagead/1p-conversion/796567012/?random=312992989&cv=11&fst=1667984847649&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=9HRZCJn1goYBEOTL6vsC&hn=www.googleadservi...

42 B
108 B

72ms
72ms

Image
image/gif

2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.nl/pagead/1p-conversion/796567012/?random=312992989&cv=11&fst=1667984847649&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=9HRZCJn1goYBEOTL6vsC&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fqiyada.me%2F&tiba=Qiyada&gtm_ee=1&auid=1646417394.1667984848&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ0x5dG13WVE0S3ZjNEtISGdwTFdBUkltQUNsaVBha0M5ZlFmOFNaS21tVUFjRHpJWThmWUdNcmdSVlhWbTdTUEtWMEltd1c1YWtrGlpDaEVJZ0x5dG13WVFnWUdxOFkzY3o2Q09BUkl1QUQyZXdWbHNBWnRjeFUtbDZvWEVRYjFlVGpwRUpaLXNiLTFxU1FVX203NmhCVHRXSmFDblJyUjY5NG81bmc&is_vtc=1&ocp_id=z21rY7qALoPy1gaP3aS4DA&random=2170822926&ipr=y&prhg=0

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.nl/pagead/1p-conversion/796567012/?random=312992989&cv=11&fst=1667984847649&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=9HRZCJn1goYBEOTL6vsC&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fqiyada.me%2F&tiba=Qiyada&gtm_ee=1&auid=1646417394.1667984848&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ0x5dG13WVE0S3ZjNEtISGdwTFdBUkltQUNsaVBha0M5ZlFmOFNaS21tVUFjRHpJWThmWUdNcmdSVlhWbTdTUEtWMEltd1c1YWtrGlpDaEVJZ0x5dG13WVFnWUdxOFkzY3o2Q09BUkl1QUQyZXdWbHNBWnRjeFUtbDZvWEVRYjFlVGpwRUpaLXNiLTFxU1FVX203NmhCVHRXSmFDblJyUjY5NG81bmc&is_vtc=1&ocp_id=z21rY7qALoPy1gaP3aS4DA&random=2170822926&ipr=y&prhg=0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.nl/pagead/1p-conversion/796567012/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/796567012/?random=1285964588&cv=11&fst=1667984847647&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=9HRZCJn1goYBEOTL6v...
https://www.google.com/pagead/1p-conversion/796567012/?random=1285964588&cv=11&fst=1667984847647&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=9HRZCJn1goYBEOTL6vsC&hn=www.googleadser...
https://www.google.nl/pagead/1p-conversion/796567012/?random=1285964588&cv=11&fst=1667984847647&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=9HRZCJn1goYBEOTL6vsC&hn=www.googleadserv...

42 B
108 B

74ms
74ms

Image
image/gif

2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.nl/pagead/1p-conversion/796567012/?random=1285964588&cv=11&fst=1667984847647&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=9HRZCJn1goYBEOTL6vsC&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fqiyada.me%2F&tiba=Qiyada&gtm_ee=1&auid=1646417394.1667984848&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ0x5dG13WVE0S3ZjNEtISGdwTFdBUkltQUNsaVBha0M5ZlFmOFNaS21tVUFjRHpJWThmWUdNcmdSVlhWbTdTUEtWMEltd1c1YWtrGlpDaEVJZ0x5dG13WVFnWUdxOFkzY3o2Q09BUkl1QUQyZXdWa1FBX2xvWFRWZzlMRDFpODJnTWZJVWRpeS1lN2ppR2UwamUzWnNvUkJZWmJyX1ZFUktEOElmbWc&is_vtc=1&ocp_id=z21rY8H-LZiy1wbG1peYCQ&random=2327548981&ipr=y&prhg=0

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.nl/pagead/1p-conversion/796567012/?random=1285964588&cv=11&fst=1667984847647&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=9HRZCJn1goYBEOTL6vsC&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fqiyada.me%2F&tiba=Qiyada&gtm_ee=1&auid=1646417394.1667984848&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ0x5dG13WVE0S3ZjNEtISGdwTFdBUkltQUNsaVBha0M5ZlFmOFNaS21tVUFjRHpJWThmWUdNcmdSVlhWbTdTUEtWMEltd1c1YWtrGlpDaEVJZ0x5dG13WVFnWUdxOFkzY3o2Q09BUkl1QUQyZXdWa1FBX2xvWFRWZzlMRDFpODJnTWZJVWRpeS1lN2ppR2UwamUzWnNvUkJZWmJyX1ZFUktEOElmbWc&is_vtc=1&ocp_id=z21rY8H-LZiy1wbG1peYCQ&random=2327548981&ipr=y&prhg=0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.nl/adsid/ 107 B
792 B 123ms
40ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=qiyada.me

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022110701.js?cb=31070811

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 190ms
66ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=qiyada.me

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022110701.js?cb=31070811

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 364 KB
38 KB 832ms
832ms XHR
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1498116786045031&correlator=1198151834938934&eid=31070743%2C31070747%2C31070811%2C31069353%2C31068367%2C44752586&output=ldjh&gdfp_req=1&vrg=2022110701&ptt=17&impl=fifs&iu_parts=27367402%3A22664868526%2CQiyada.me%2CHomepage1x1%2CHomepage%2Cqiyada_rm_interstitial&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F3%2C%2F0%2F1%2F3%2C%2F0%2F1%2F3%2C%2F0%2F4&prev_iu_szs=1x1%2C300x250%2C300x600%2C728x90%2C970x250%2C1x1&ifi=1&adks=2201146%2C3820384616%2C1383866763%2C309681221%2C1959580882%2C787980469&didk=2327882487~4006299826~4006299827~4006299824~4006299825~1138176891&sfv=1-0-39&ists=1&fas=0%2C0%2C0%2C0%2C0%2C8&prev_scp=lotame%3D%2525%2525PATTERN%253Alotame%2525%2525%7Clotame%3D%2525%2525PATTERN%253Alotame%2525%2525%7Clotame%3D%2525%2525PATTERN%253Alotame%2525%2525%7Clotame%3D%2525%2525PATTERN%253Alotame%2525%2525%7Clotame%3D%2525%2525PATTERN%253Alotame%2525%2525%7C&sc=1&cookie_enabled=1&abxe=1&dt=1667984847865&lmt=1667984847&dlt=1667984846908&idt=925&adxs=29%2C211%2C211%2C436%2C315%2C-9&adys=2150%2C1192%2C2150%2C131%2C4952%2C-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1%7C0%7C2%7C0%7C3%7C-1&ucis=1%7C2%7C3%7C4%7C5%7C6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fqiyada.me%2F&frm=20&vis=1&psz=481x0%7C481x0%7C481x0%7C728x-1%7C970x-1%7C0x-1&msz=481x0%7C481x0%7C481x0%7C728x-1%7C970x-1%7C0x-1&fws=4%2C4%2C4%2C4%2C4%2C2&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C0&ga_vid=2051332650.1667984847&ga_sid=1667984848&ga_hid=1440253106&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022110701.js?cb=31070811

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2c2d3243bbba81a9fd368afc0cea3933b8738c608c39a2db3218899ca002509

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17064940463162654720/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17064940463162654720/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CK7u6eLfoPsCFYaH_QcdPUYBJg&gqi=&layout=/sadbundle/%24csp%253Der3%24/17064940463162654720/index.html,child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CK3u6eLfoPsCFYaH_QcdPUYBJg&gqi=&layout=/sadbundle/%24csp%253Der3%24/15677297618621300736/index.html,child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKzu6eLfoPsCFYaH_QcdPUYBJg&gqi=&layout=/sadbundle/%24csp%253Der3%24/15677297618621300736/index.html,child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CK_u6eLfoPsCFYaH_QcdPUYBJg&gqi=&layout=/sadbundle/%24csp%253Der3%24/15677297618621300736/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17064940463162654720/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17064940463162654720/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CK7u6eLfoPsCFYaH_QcdPUYBJg&gqi=&layout=/sadbundle/%24csp%253Der3%24/17064940463162654720/index.html,child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CK3u6eLfoPsCFYaH_QcdPUYBJg&gqi=&layout=/sadbundle/%24csp%253Der3%24/15677297618621300736/index.html,child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKzu6eLfoPsCFYaH_QcdPUYBJg&gqi=&layout=/sadbundle/%24csp%253Der3%24/15677297618621300736/index.html,child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CK_u6eLfoPsCFYaH_QcdPUYBJg&gqi=&layout=/sadbundle/%24csp%253Der3%24/15677297618621300736/index.html
date: Wed, 09 Nov 2022 09:07:28 GMT
x-content-type-options: nosniff
content-encoding: br
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39343
x-xss-protection: 0
google-lineitem-id: 4751858041,-1,-1,-1,-1,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138239888598,-1,-1,-1,-1,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://qiyada.me
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/ Frame 5282 6 KB
3 KB 223ms
66ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022110701.js?cb=31070811

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://qiyada.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 2988
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 09:07:28 GMT
expires: Thu, 09 Nov 2023 09:07:28 GMT
last-modified: Tue, 25 Oct 2022 18:59:17 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads_2022110701.js Show response
securepubads.g.doubleclick.net/gpt/ 37 KB
14 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022110701.js?cb=31070811

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022110701.js?cb=31070811

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72ee86c2d51bda0926be00bf9c225c4327b49495ba502bc10b051c8eb09031bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 11:57:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76194
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13861
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 09:35:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 08 Nov 2023 11:57:33 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/796567012/ 42 B
154 B 43ms
43ms Image
image/gif 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/796567012/?random=1667984847636&cv=11&fst=1667984400000&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fqiyada.me%2F&tiba=Qiyada&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=439220742&rmt_tld=0&ipr=y

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.nl/pagead/1p-user-list/796567012/ 42 B
548 B 67ms
67ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.nl/pagead/1p-user-list/796567012/?random=1667984847636&cv=11&fst=1667984400000&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fqiyada.me%2F&tiba=Qiyada&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=439220742&rmt_tld=1&ipr=y

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 107ms
34ms Image
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2118422395132635&ev=PageView&dl=https%3A%2F%2Fqiyada.me%2F&rl=&if=false&ts=1667984847984&sw=1600&sh=1200&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1667984847983.1329418808&it=1667984847496&coo=false&rqm=GET

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 09 Nov 2022 09:07:28 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 144ms
74ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022110701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022110701.js?cb=31070811

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

474d47191724b12da235cc01864aa87cacdf2917f2aa04b1d7bd39ffd309faaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:28 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11330
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 210ms
140ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022110701.js?cb=31070811

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 09 Nov 2022 09:07:28 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 87B2 13 KB
5 KB 99ms
31ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://qiyada.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 4247
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 07:56:41 GMT
expires: Thu, 09 Nov 2023 07:56:41 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3E3A 783 B
533 B 109ms
42ms Document
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7c35f65a03d4c0e4d31e609f696e5b8efcc15998b64c6d0978dbdc75a1d9a15e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hKCczdHtU_vZOQOfVCgcNg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://qiyada.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-hKCczdHtU_vZOQOfVCgcNg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 09:07:28 GMT
expires: Wed, 09 Nov 2022 09:07:28 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 25A7 0
18 B 68ms
32ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://qiyada.me
Referer: https://qiyada.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://qiyada.me
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 09:07:28 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 vLbRz7g6TQ5oo3iSl-9A8cc-tNTKSUSKynQIdvKxkcY.js Show response
pagead2.googlesyndication.com/bg/ Frame 87B2 36 KB
16 KB 122ms
57ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vLbRz7g6TQ5oo3iSl-9A8cc-tNTKSUSKynQIdvKxkcY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bcb6d1cfb83a4d0e68a3789297ef40f1c73eb4d4ca49448aca740876f2b191c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 22:00:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40019
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16061
x-xss-protection: 0
last-modified: Thu, 20 Oct 2022 10:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Nov 2023 22:00:29 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3E3A 0
0 145ms
92ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022110701&jk=1498116786045031&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame EE7B 47 KB
12 KB 154ms
42ms Script
application/javascript 52.50.105.134
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=930977&campId=1x1&pubId=4588498719&chanId=21733545191&placementId=4751858041&pubCreative=138239888598&pubOrder=2361034312&cb=459974170&adsafe_par&impId=&custom=qiyada.me
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.105.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-105-134.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: c0a85ba06aa3339ece6aa2bc8cbe8d6c557cbb40f1e6414e7ada3c82bfbb6c85

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:28 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 2DB3 47 KB
13 KB 187ms
79ms Script
application/javascript 52.50.105.134
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=930977&campId=1x1&pubId=4588498719&chanId=21733545191&placementId=4751858041&pubCreative=138239888598&pubOrder=2361034312&cb=459974170&adsafe_par&impId=&custom=qiyada.me
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.105.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-105-134.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 0fa04972dc76cd42e68cb5e1c0a594b0228cf931f4121195d559800e62beeba0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:28 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 6D8D 47 KB
13 KB 142ms
41ms Script
application/javascript 52.50.105.134
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=930977&campId=1x1&pubId=4588498719&chanId=21733545191&placementId=4751858041&pubCreative=138239888598&pubOrder=2361034312&cb=459974170&adsafe_par&impId=&custom=qiyada.me
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.105.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-105-134.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: b96f3f595f690725175a47ad53e4528f0f4fdc4b5ac5ced8dc43e0f61ec9dc3a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:28 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 523F 0
0 97ms
96ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst3C0nexdP1Mi4A-qHWUFp4GMbOBAoC9Hza5_6ynnogEIybGJNGvyrXgdC17AjcaUuGzexfxmiyfvxqPkE2r_OyEGYmM8-_CetFCBmvzQbgkwoIJtPuH1oI_PoH9KVeLimDQKSbanftPC151x2R1CkYy18Oe3BvoUGO0w7O2zK6qxPmC8jbYR6wox_nV70i1241g5olYqKqvb2f6lQVdpA_alZKYmGEkMwLNy2_jhrfWAqyhPuM9SwDmcgFYOoN6kzZEEjhqM22svzl1FfqM708uJrEScrGUDj9JDAsVVPlyZOhdvrtBban64wdfZLTuUIXZXU&sai=AMfl-YQoiI8-OzoK5rT_DR0jGGI3yL2pHfGOB8XNFd3CPwG3IV_A1LNVcyYLCVu1hWMMBCqHm3eG5x51Xx1CM9ELElS1HVVnqkS8RrE7NmohJ6b27KiDq5llLtQOdWmZx192&sig=Cg0ArKJSzDvzjVbYSN64EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK sliderad.min.js Show response
cdn.stickyadstv.com/prime-time/ Frame 523F 367 KB
124 KB 138ms
26ms Script
application/x-javascript 2001:4de0:ac19::1:b:1b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.stickyadstv.com/prime-time/sliderad.min.js?zone=6531137&closeTimeout=5000&onOver=true&vAlign=bottom&hAlign=left&soundButton=true
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: /
Resource Hash: 199956cf2c75e6d45ce621444a6debcf6f7de42ab0c35045c09f1ab7a83db32a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:28 GMT
Content-Encoding: gzip
Last-Modified: Thu, 26 May 2022 08:13:01 GMT
ETag: "1653552781"
X-HW: 1667984848.dop243.am5.t,1667984848.cds310.am5.shn,1667984848.dop243.am5.t,1667984848.cds259.am5.c
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=7200
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 126067

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 523F 154 KB
48 KB 194ms
70ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022110701.js?cb=31070811

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6080610ed8ad1ec28b32a16cd5fb8be853a45dc27de0757acad068588e067a45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48209
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1667824238049716"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 09 Nov 2022 09:07:28 GMT

GET
H3 200 container.html Show response
1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/ Frame 573F 6 KB
3 KB 99ms
34ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022110701.js?cb=31070811

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://qiyada.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 2988
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 09:07:28 GMT
expires: Thu, 09 Nov 2023 09:07:28 GMT
last-modified: Tue, 25 Oct 2022 18:59:17 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/ Frame 293F 6 KB
3 KB 96ms
36ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022110701.js?cb=31070811

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://qiyada.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 2988
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 09:07:28 GMT
expires: Thu, 09 Nov 2023 09:07:28 GMT
last-modified: Tue, 25 Oct 2022 18:59:17 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/ Frame 1208 6 KB
3 KB 92ms
38ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022110701.js?cb=31070811

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://qiyada.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 2988
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 09:07:28 GMT
expires: Thu, 09 Nov 2023 09:07:28 GMT
last-modified: Tue, 25 Oct 2022 18:59:17 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/ Frame BE57 6 KB
3 KB 88ms
39ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022110701.js?cb=31070811

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://qiyada.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 2988
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 09:07:28 GMT
expires: Thu, 09 Nov 2023 09:07:28 GMT
last-modified: Tue, 25 Oct 2022 18:59:17 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/ Frame E20F 240 KB
25 KB 33ms
32ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3240753a3be38da5c8b2cc55747a11bd018dc12f4e927f45b7bdbb824c76979b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 507684
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 25069
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Thu, 03 Nov 2022 12:06:04 GMT
expires: Fri, 03 Nov 2023 12:06:04 GMT
last-modified: Thu, 06 Oct 2022 11:33:42 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 573F 0
0 105ms
105ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C7ykIz21rY-zKOoaP9u8PvYyFsAKIzLLfaMeZuundEJCSyePCARABIPeCgS1gkYSghYwYoAGduPvYA8gBCakC4V3k_lZFkj7gAgCoAwHIAwKqBO0BT9APeVXoTzcQC9Y-2Y5NHu3gePo6Y-QyekRwTOD0Dbb4_9IdIyWvtUGYd_SWpUoX6De77xGkTeC9LetXpTfonqI9ypTkyeH441UESkRnGA_6Jul0-PcWJgUfwpBZWJivlBpzYfwj97Hr8MuAH0Ors_1Qq2nVuZdX7xoMDEuqeAMqKI7NlBs-zfNPbiRgcivuwOUAWy5MCQ06SEZF8SLq2XE0Fv4fpgKmnaGfgpibDdmUwpdMIG4R0FX-oWbmJDuwLb4XFnSYVIm3DR_XxzWROpB1EVsM1y7nyq4blh8iCGmAieIRRjITveQ1wZ47wATxz_aT5APgBAGSBQQIBBgBkgUECAUYBKAGXYAHy8eEJ6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcDEOxi0ggRCIDhgBAQARgdMgKqAjoCgECACgPICwHYEw3QFQGYFgGAFwGyFx4KHAgAEhRwdWItMzk5MjM5MzA1NjE2NzUxNRiiyiI&sigh=9NQzmqTqIBo&uach_m=[UACH]&cid=CAQSOwDq26N9gjNx7crC5nCXkJS8tThzgpV8ResTaGHRjzbNT6OfWMe3d7PnGDwYCeatu4YFVBxubEtpmOnnGAEgEw
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D7E3 143 B
166 B 122ms
58ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 3123
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 08:15:26 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/ Frame 573F 3 KB
1 KB 46ms
44ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/window_focus_fy2021.js

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 06:49:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8290
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 23 Nov 2022 06:49:18 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/ Frame 573F 17 KB
7 KB 39ms
37ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

71d49d865114d9bb25bfdfc0272b738cdfd771749b21360ce5fb40eee3b4d986

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 14:38:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66523
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7305
x-xss-protection: 0
server: cafe
etag: 12747696668401323709
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 22 Nov 2022 14:38:45 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/ Frame C004 240 KB
25 KB 32ms
32ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3240753a3be38da5c8b2cc55747a11bd018dc12f4e927f45b7bdbb824c76979b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 507684
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 25069
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Thu, 03 Nov 2022 12:06:04 GMT
expires: Fri, 03 Nov 2023 12:06:04 GMT
last-modified: Thu, 06 Oct 2022 11:33:42 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 293F 0
0 105ms
104ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CbXI0z21rY-3KOoaP9u8PvYyFsAKIzLLfaMeZuundEJCSyePCARABIPeCgS1gkYSghYwYoAGduPvYA8gBCakC4V3k_lZFkj7gAgCoAwHIAwKqBOoBT9A556Sp63SE9E6XfifDXRLvdriI4LCOy6ibD1bGedtP9ahX7g4nLFr_CK8ki190Fft0Yic8tGyEUt7zu5gP1IoMN2Pajdoz7yZ044jhgttGYyWHiRRevGQcitu4Fl8wViCmv4lGNBk2t3u40TzZRSug_xQ6Ug7mIgw3wmOg-Zw45Yq88CLyFNpG4OrXVdl-5Ydv3SAm4JpRjsEyVeihyYSLKsOGlGb-GDwJOnU-wFtVcZ8rqlCfOvqGYScSVh3NltsmEmKxYztIgzI8Htd5T_XpgFV7w5PKJ73HFBfFGs-wtUYIOm7EQlX3wATxz_aT5APgBAGSBQQIBBgBkgUECAUYBKAGXYAHy8eEJ6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEN7DAtIIEQiA4YAQEAEYHTICqgI6AoBAgAoDyAsB2BMN0BUBmBYBgBcBshceChwIABIUcHViLTM5OTIzOTMwNTYxNjc1MTUYosoi&sigh=kMdX3uX5rSc&uach_m=[UACH]&cid=CAQSOwDq26N9gjNx7crC5nCXkJS8tThzgpV8ResTaGHRjzbNT6OfWMe3d7PnGDwYCeatu4YFVBxubEtpmOnnGAEgEw
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E49C 143 B
166 B 96ms
59ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 3123
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 08:15:26 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/ Frame 293F 3 KB
1 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/window_focus_fy2021.js

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 06:49:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8290
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 23 Nov 2022 06:49:18 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/ Frame 293F 17 KB
7 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

71d49d865114d9bb25bfdfc0272b738cdfd771749b21360ce5fb40eee3b4d986

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 14:38:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66523
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7305
x-xss-protection: 0
server: cafe
etag: 12747696668401323709
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 22 Nov 2022 14:38:45 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17064940463162654720/ Frame 882F 277 KB
36 KB 33ms
32ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17064940463162654720/index.html

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31f970eacd8293bfdc8e94c3ecb4d03b58dfb946ce25e776be88011984f9ebea

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 245051
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 36746
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Sun, 06 Nov 2022 13:03:18 GMT
expires: Mon, 06 Nov 2023 13:03:18 GMT
last-modified: Thu, 26 Aug 2021 12:44:04 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 1208 0
0 108ms
106ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CFXZfz21rY-7KOoaP9u8PvYyFsAKIzLLfaPe4hMLADpCSyePCARABIPeCgS1gkYSghYwYoAGduPvYA8gBCakC4V3k_lZFkj7gAgCoAwHIAwKqBOkBT9CdCcvpNHWLFS61foNhVwc4ckUkLZjvC20FtpHRQVrrOogUkqmVxktswR9exnUhVwxAI1tBjK_24PriL8w2CqoSzoZs8koPYUGtHmjooTuDeic4OjlKvdTYuTTmcAEaaqle72rcwxQboGBxhmvP0zoyrZwnc1QDUqO8t9k9ByLz3zyZvPEGSiQ0B-c8hzCpqD6zHHz7ppNcgkscU7LkGdtfrCmXdYU4icpH5OzGtq3l06Ba5Wr87F3l7kNnObRWxZN0a7SKpGXcOGzFBWJHO9a2rJ9iRyLzrL85UGFxxzuHEGmKR9Eu8_XABPHP9pPkA-AEAZIFBAgEGAGSBQQIBRgEoAZdgAfLx4QnqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQu94B0ggRCIDhgBAQARgdMgKqAjoCgECACgPICwHYEw3QFQGYFgGAFwGyFx4KHAgAEhRwdWItMzk5MjM5MzA1NjE2NzUxNRiiyiI&sigh=RI86XzMUWps&uach_m=[UACH]&cid=CAQSOwDq26N9gjNx7crC5nCXkJS8tThzgpV8ResTaGHRjzbNT6OfWMe3d7PnGDwYCeatu4YFVBxubEtpmOnnGAEgEw
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DFD3 143 B
166 B 76ms
60ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 3123
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 08:15:26 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/ Frame 1208 3 KB
1 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/window_focus_fy2021.js

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 06:49:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8291
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 23 Nov 2022 06:49:18 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/ Frame 1208 17 KB
7 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

71d49d865114d9bb25bfdfc0272b738cdfd771749b21360ce5fb40eee3b4d986

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 14:38:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66524
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7305
x-xss-protection: 0
server: cafe
etag: 12747696668401323709
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 22 Nov 2022 14:38:45 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/ Frame 3E6F 240 KB
25 KB 36ms
34ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Requested by

Host: qiyada.me
URL: https://qiyada.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3240753a3be38da5c8b2cc55747a11bd018dc12f4e927f45b7bdbb824c76979b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 507685
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 25069
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Thu, 03 Nov 2022 12:06:04 GMT
expires: Fri, 03 Nov 2023 12:06:04 GMT
last-modified: Thu, 06 Oct 2022 11:33:42 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BE57 0
0 110ms
109ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CwfM6z21rY-_KOoaP9u8PvYyFsAKIzLLfaMeZuundEJCSyePCARABIPeCgS1gkYSghYwYoAGduPvYA8gBCakC4V3k_lZFkj7gAgCoAwHIAwKqBOoBT9BjVMWTzrDwWEbIaJws9Jsv4kkQ2FAksyRhK6sG5F36TzB2anq5AGH87MjWr28Oy3gw4yew0uNqmN8_aT-i1WExdaArkKuSFAd5rMycYdBPXOQfothrbZSbGbzlbklOktRufG-RZpHu6d4Ink7MS059bhY50IkRl_3FyGPF5g1HsUz7wUnNNgEDn6OERi5Fb9WBDOV0Esyk8oGQQoaTbMgKw0UufSFz3bkTbk6MVF9jsB3-D4PExzZl4ALgYiyA5alac3HOCrpaPy8HDXvbXJA8k2WGdKEzg_wT7GnX_F68VxfUfCqb1T4NwATxz_aT5APgBAGSBQQIBBgBkgUECAUYBKAGXYAHy8eEJ6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEJGVAdIIEQiA4YAQEAEYHTICqgI6AoBAgAoDyAsB2BMN0BUBmBYBgBcBshceChwIABIUcHViLTM5OTIzOTMwNTYxNjc1MTUYosoi&sigh=ypkErYnsQ_A&uach_m=[UACH]&cid=CAQSOwDq26N9gjNx7crC5nCXkJS8tThzgpV8ResTaGHRjzbNT6OfWMe3d7PnGDwYCeatu4YFVBxubEtpmOnnGAEgEw
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B832 143 B
166 B 60ms
58ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 3123
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 08:15:26 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/ Frame BE57 3 KB
1 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/window_focus_fy2021.js

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 06:49:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8291
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 23 Nov 2022 06:49:18 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/ Frame BE57 17 KB
7 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

71d49d865114d9bb25bfdfc0272b738cdfd771749b21360ce5fb40eee3b4d986

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 14:38:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66524
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7305
x-xss-protection: 0
server: cafe
etag: 12747696668401323709
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 22 Nov 2022 14:38:45 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame E20F 1 KB
450 B 187ms
67ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Josefin+Sans:regular

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5cc1f33d2e98255a07f024524dc8e4301353898b61537067731fe4a0d81fe900

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 09 Nov 2022 09:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 07:47:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 09 Nov 2022 09:07:29 GMT

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame E20F 16 KB
6 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 10:31:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81334
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 09 Nov 2022 10:31:55 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame E20F 34 KB
13 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 09:40:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84391
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 09 Nov 2022 09:40:58 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame C004 1 KB
450 B 167ms
66ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Josefin+Sans:regular

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5cc1f33d2e98255a07f024524dc8e4301353898b61537067731fe4a0d81fe900

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 09 Nov 2022 09:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 07:52:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 09 Nov 2022 09:07:29 GMT

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame C004 16 KB
6 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 10:31:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81334
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 09 Nov 2022 10:31:55 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame C004 34 KB
13 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 09:40:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84391
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 09 Nov 2022 09:40:58 GMT

GET
H2 200 main.19.8.360.js Show response
static.adsafeprotected.com/ Frame 6D8D 195 KB
61 KB 125ms
37ms Script
application/javascript 2600:9000:21f3:1000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.360.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=930977&campId=1x1&pubId=4588498719&chanId=21733545191&placementId=4751858041&pubCreative=138239888598&pubOrder=2361034312&cb=459974170&adsafe_par&impId=&custom=qiyada.me
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:1000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a7944fa8956e5132171129e3a7d75aba0c72c4b0fb6b85b3c5568be0b85c5503

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 20:34:55 GMT
x-amz-version-id: GfoGqSnaIXqV2EKfjDcUZNa3ZM70K864
content-encoding: gzip
via: 1.1 217b7bc19321a4945b685521fa4f11ac.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 45155
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 08 Nov 2022 15:45:29 GMT
server: AmazonS3
etag: W/"5f413e624d7882d6e5b815b95e9dc07d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: vSymo4Tjpu_9l-dYQtpQ5qy9g-i8dOOdrDxShyfxfzNWC_kwEufnGw==

GET
H2 200 main.19.8.360.js Show response
static.adsafeprotected.com/ Frame EE7B 195 KB
61 KB 163ms
79ms Script
application/javascript 2600:9000:21f3:1000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.360.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=930977&campId=1x1&pubId=4588498719&chanId=21733545191&placementId=4751858041&pubCreative=138239888598&pubOrder=2361034312&cb=459974170&adsafe_par&impId=&custom=qiyada.me
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:1000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a7944fa8956e5132171129e3a7d75aba0c72c4b0fb6b85b3c5568be0b85c5503

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 20:34:55 GMT
x-amz-version-id: GfoGqSnaIXqV2EKfjDcUZNa3ZM70K864
content-encoding: gzip
via: 1.1 217b7bc19321a4945b685521fa4f11ac.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 45155
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 08 Nov 2022 15:45:29 GMT
server: AmazonS3
etag: W/"5f413e624d7882d6e5b815b95e9dc07d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: 7H0h78uwbcpoPdMY0nZWf9OvcodHaLptHJ_ApKGRMs0Z-NF3WKbbiA==

GET
H3 200 css
fonts.googleapis.com/ Frame 882F 1 KB
451 B 141ms
68ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Josefin+Sans:700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17064940463162654720/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b4aa5573b2544e410fc3dc98d534b9fabcc655b8024d7f9bd5cbeac816587c15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 09 Nov 2022 09:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 08:19:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 09 Nov 2022 09:07:29 GMT

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 882F 16 KB
6 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17064940463162654720/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 10:31:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81334
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 09 Nov 2022 10:31:55 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 882F 34 KB
13 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17064940463162654720/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 09:40:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84391
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 09 Nov 2022 09:40:58 GMT

GET
DATA 200
OK truncated
/ Frame 523F 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5ce33325b6ae0d91bbe7cfba9b542e808b0e07137fbc0ed648d505c50376c0a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 87B2 0
10 B 32ms
31ms Image
text/plain 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?hpDxGg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:29 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1 200
OK bandwidth-test-25ko Show response
cdn.stickyadstv.com/mustang/ Frame 523F 25 KB
25 KB 97ms
24ms XHR
application/octet-stream 2001:4de0:ac19::1:b:1b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.stickyadstv.com/mustang/bandwidth-test-25ko?cachebuster=1667984849157
Requested by: Host: cdn.stickyadstv.com
URL: https://cdn.stickyadstv.com/prime-time/sliderad.min.js?zone=6531137&closeTimeout=5000&onOver=true&vAlign=bottom&hAlign=left&soundButton=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: /
Resource Hash: 9f995b1c42942ededcce16bba381a19d3b30e0e75a36e0ea956f6a54e040dffe

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 09:07:29 GMT
Last-Modified: Thu, 26 May 2022 08:10:45 GMT
ETag: "1653552645"
X-HW: 1667984849.dop130.am5.t,1667984849.cds247.am5.shn,1667984849.cds247.am5.c
Content-Type: application/octet-stream
Access-Control-Allow-Origin: https://qiyada.me
Cache-Control: max-age=86400
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 25600

GET
H/1.1 200
OK / Show response
ads.stickyadstv.com/additional-scripts/ Frame 523F 301 B
790 B 314ms
39ms XHR
text/xml 193.108.153.18
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/additional-scripts/?zoneId=6531137&loc=https%3A%2F%2Fqiyada.me%2F
Requested by: Host: cdn.stickyadstv.com
URL: https://cdn.stickyadstv.com/prime-time/sliderad.min.js?zone=6531137&closeTimeout=5000&onOver=true&vAlign=bottom&hAlign=left&soundButton=true
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 193.108.153.18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a193-108-153-18.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 64a14c1566ed5e882e60ea9d6e3722949c5767823cd23dc1244503991661dc27

Request headers

Accept: application/xml, text/xml
Referer: https://qiyada.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Nov 2022 09:07:29 GMT
Server: nginx
Access-Control-Allow-Origin: https://qiyada.me
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 301
x-sticky-vk: 1667984849443031-505
Expires: Wed, 09 Nov 2022 09:07:29 GMT

GET
H/1.1 200
OK swfIndex.php Show response
ads.stickyadstv.com/www/delivery/ Frame 523F 76 B
414 B 1294ms
1041ms XHR
application/xml 193.108.153.18
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/www/delivery/swfIndex.php?reqType=AdsSetup&protocolVersion=2.0&mustangVersion=1.12.5.2&focus=true&percentViewable=100&componentId=sliderad&playbackMethod=1&playbackEnd=1&componentVersion=2.6.6.2&loc=https%3A%2F%2Fqiyada.me%2F&zoneId=6531137&videoSlotCanAutoPlay=true&fullscreen=false&hasCloseTimeout=true&playerSize=320x180&supportsFlash=false&supportsJavascript=true
Requested by: Host: cdn.stickyadstv.com
URL: https://cdn.stickyadstv.com/prime-time/sliderad.min.js?zone=6531137&closeTimeout=5000&onOver=true&vAlign=bottom&hAlign=left&soundButton=true
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 193.108.153.18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a193-108-153-18.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a65856cbf35a3356aedc04b824a572bdabeecb6a9661a8eb42065371c89512e7

Request headers

Accept: application/xml, text/xml
Referer: https://qiyada.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Nov 2022 09:07:30 GMT
Server: nginx
Content-Type: application/xml
Access-Control-Allow-Origin: https://qiyada.me
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 76
Expires: Wed, 09 Nov 2022 09:07:30 GMT

GET
H/1.1 200
OK auto-user-sync
ads.stickyadstv.com/ 43 B
541 B 296ms
43ms Image
image/gif 193.108.153.18
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.stickyadstv.com/auto-user-sync?gdpr=0&gdpr_consent=null
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 193.108.153.18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a193-108-153-18.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Nov 2022 09:07:29 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43
x-sticky-vk: 1667984849410061-579
Expires: Wed, 09 Nov 2022 09:07:29 GMT

GET
DATA 200
OK truncated
/ 610 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8af2e5c61b55d6cea2c82227a7177ed78e1a2ce3b384760936e429b20bad1918

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 css
fonts.googleapis.com/ Frame 3E6F 1 KB
450 B 80ms
79ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Josefin+Sans:regular

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5cc1f33d2e98255a07f024524dc8e4301353898b61537067731fe4a0d81fe900

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 09 Nov 2022 09:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 08:52:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 09 Nov 2022 09:07:29 GMT

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 3E6F 16 KB
6 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 10:31:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81334
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 09 Nov 2022 10:31:55 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 3E6F 34 KB
13 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 09:40:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84391
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 09 Nov 2022 09:40:58 GMT

GET
H2 200 main.19.8.360.js Show response
static.adsafeprotected.com/ Frame 2DB3 195 KB
61 KB 34ms
34ms Script
application/javascript 2600:9000:21f3:1000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.360.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=930977&campId=1x1&pubId=4588498719&chanId=21733545191&placementId=4751858041&pubCreative=138239888598&pubOrder=2361034312&cb=459974170&adsafe_par&impId=&custom=qiyada.me
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:1000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a7944fa8956e5132171129e3a7d75aba0c72c4b0fb6b85b3c5568be0b85c5503

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 20:34:55 GMT
x-amz-version-id: GfoGqSnaIXqV2EKfjDcUZNa3ZM70K864
content-encoding: gzip
via: 1.1 217b7bc19321a4945b685521fa4f11ac.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 45155
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 08 Nov 2022 15:45:29 GMT
server: AmazonS3
etag: W/"5f413e624d7882d6e5b815b95e9dc07d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: kR9oubzqqtzSdd4toseQFGk8DdaSGCNkt5BhgsWHsQYlFTCd4V1Ybw==

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 523F 0
0 74ms
73ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsshpcek6vE_3JeE7BFbEp7llnAa5v5Ws-qDVqSbsq3N6_L-RJNrnzC9lr83YUdC2d0S3fGfui_PVlEtYGfV73cBCqotbdpYWTsKnGLF9uatkR7PTr25C0ELB8xHFb5N2TOzMTW12nrxdiVsC7ln_upJXCQtc8MjYBy3umWXqYxbc_IWEQje56NTu6ayEIyfQYcVIpAUe6QVuG3fwYubOpS5xarN149swxZhSnHcnO0W2XPkm3H4k-Pwkdodrl9a0H9ojm95ctvkG15I_S2YjI4r1Scbph6mNiwac1XyDWNe-tal9gAusLhfA9AY4_jADSKo6J8A-g&sai=AMfl-YQwFh8Ja1C5fogmJJa4nJ_xWPm5DhJpanAzqjUcPSZW0WLEKtxdVpg7940z4GdIqkHTxjLIAo49xQcu9hR1ieddcT7zZrpOJPVXZMNpdizlgFT8z_FJP7oibU3edXEr&sig=Cg0ArKJSzCx5muFuU2_oEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 09 Nov 2022 09:07:29 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 573F 0
0 40ms
40ms Image
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRZ7KBx9QzL9EXwMj0nC9lArkY3CGv1gQI0LQ5QwqMZWxRYrFDA5PkPIyGADwXrrbqD2pxKtMyO_wly2mnymMi9FPC3zQ
Requested by: Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 573F 154 KB
47 KB 141ms
76ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6080610ed8ad1ec28b32a16cd5fb8be853a45dc27de0757acad068588e067a45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48209
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1667824238049716"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 09 Nov 2022 09:07:29 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 293F 0
0 39ms
39ms Image
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRILngxqJWEE_7XCuz6SZgd4m6Iqyw-d297u7rqpxJaHQO0p3aPcAOmnJpvVfyO3l0dg68z11H2xCMifHmfSf6yec5w3A
Requested by: Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 293F 154 KB
47 KB 170ms
112ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6080610ed8ad1ec28b32a16cd5fb8be853a45dc27de0757acad068588e067a45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48209
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1667824238049716"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 09 Nov 2022 09:07:29 GMT

GET
DATA 200
OK truncated
/ Frame 573F 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 089a58cad96527d3365c0649c90f30d77c1a62f3c643b2ab4c1c3cb9edc057e5

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 6964 91 KB
23 KB 34ms
34ms Script
application/javascript 2600:9000:21f3:1000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:1000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 217b7bc19321a4945b685521fa4f11ac.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 4210273
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: qBdnX_ffXDpRVFURmRtHTwhuI8vkQbYB4BG74IO2IMDYMIACPq5z2Q==

GET
H2 200 mon
pixel.adsafeprotected.com/ 43 B
215 B 48ms
47ms Image
image/gif 52.50.105.134
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=930977&campId=1x1&pubId=4588498719&chanId=21733545191&placementId=4751858041&pubCreative=138239888598&pubOrder=2361034312&cb=459974170&adsafe_par&impId=&custom=qiyada.me&adsafe_url=https%3A%2F%2Fqiyada.me%2F&adsafe_type=abcedfq&adsafe_jsinfo=,id:77ade234-4df1-369e-153a-415824361d35,c:tsxOKv,sl:outOfView,em:true,fr:true,thd:1,mn:jsserver-primary-5b6f9ddd7c-f5t7d,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:269.3041.1.1,am:i,cc:269.3041.1.1,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:publ1.grpm1,mtim:345,mot:0,app:0,maw:0,fm:tmGarqL+11%7C12%7C13%7C14%7C15%7C16%7C17*.930977%7C171%7C172%7C173%7C181%7C182%7C183%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3%7C1b1%7C1b2%7C1b3,idMap:17*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV.us.sn,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:365,oid:ef9676fe-600d-11ed-8a25-722327a5d55a,v:19.8.360,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.105.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-105-134.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:29 GMT
server: nginx
x-server-name: app20.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D7E3
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

77ms
76ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 09:07:29 GMT
expires: Wed, 09 Nov 2022 09:07:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 09:07:29 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E49C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

79ms
78ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 09:07:29 GMT
expires: Wed, 09 Nov 2022 09:07:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 09:07:29 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DFD3
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

80ms
79ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 09:07:29 GMT
expires: Wed, 09 Nov 2022 09:07:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 09:07:29 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 l
www.google.com/ads/measurement/ Frame BE57 0
0 40ms
39ms Image
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQgMdeobxcqjrg-Y5R9vlUPLAZNbR4rry7BUbMwBCC7efCPpW-pTm_D9lM7KRTz1CFVDFw5pZ_1WlKN1i4wKzE7knCmZQ
Requested by: Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BE57 154 KB
47 KB 125ms
124ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6080610ed8ad1ec28b32a16cd5fb8be853a45dc27de0757acad068588e067a45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48209
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1667824238049716"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 09 Nov 2022 09:07:29 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B832
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

76ms
76ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 09:07:29 GMT
expires: Wed, 09 Nov 2022 09:07:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 09:07:29 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Qw3PZQNVED7rKGKxtqIqX5E-AVSJrOCfjY46_DjQbMZhLw.woff2
fonts.gstatic.com/s/josefinsans/v25/ Frame E20F 11 KB
11 KB 60ms
58ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/josefinsans/v25/Qw3PZQNVED7rKGKxtqIqX5E-AVSJrOCfjY46_DjQbMZhLw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Josefin+Sans:regular

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a79b18e7744f210f2400940cbd7e4b7767391e833645f761b759e9a1a365af7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 00:59:59 GMT
x-content-type-options: nosniff
age: 29250
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10892
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 20:56:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 Nov 2023 00:59:59 GMT

GET
DATA 200
OK truncated
/ Frame 293F 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 461bbbda0ceea8687771d84729024501a6c291a90c26320abb3deaf3a6609573

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame BE57 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8a8406a1f98f88e355c512129115a05107293f419b0f4b80739768f176f35e63

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 l
www.google.com/ads/measurement/ Frame 1208 0
0 40ms
39ms Image
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQoXbrbIlNbg8eZtwB8qFZttfNROE6o9R8Z4nya0mEx5idrL6_8FQprUpd2MaRoWOUtjL8RhMDA9FRKg_AEWHuzmZzykg
Requested by: Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1208 154 KB
47 KB 72ms
72ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6080610ed8ad1ec28b32a16cd5fb8be853a45dc27de0757acad068588e067a45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 09:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48209
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1667824238049716"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 09 Nov 2022 09:07:29 GMT

GET
H3 200 Qw3PZQNVED7rKGKxtqIqX5E-AVSJrOCfjY46_DjQbMZhLw.woff2
fonts.gstatic.com/s/josefinsans/v25/ Frame C004 11 KB
11 KB 60ms
60ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/josefinsans/v25/Qw3PZQNVED7rKGKxtqIqX5E-AVSJrOCfjY46_DjQbMZhLw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Josefin+Sans:regular

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a79b18e7744f210f2400940cbd7e4b7767391e833645f761b759e9a1a365af7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 00:59:59 GMT
x-content-type-options: nosniff
age: 29250
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10892
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 20:56:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 Nov 2023 00:59:59 GMT

GET
DATA 200
OK truncated
/ Frame 1208 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1219b8e4e826f1a4d79b3ca238bd02d4b00b4c3fabc301411d43311da31aafd7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Qw3PZQNVED7rKGKxtqIqX5E-AVSJrOCfjY46_N_XbMZhLw.woff2
fonts.gstatic.com/s/josefinsans/v25/ Frame 882F 10 KB
10 KB 58ms
57ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/josefinsans/v25/Qw3PZQNVED7rKGKxtqIqX5E-AVSJrOCfjY46_N_XbMZhLw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Josefin+Sans:700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

650483f49c94c6f05181c4008dde5c6cc0adf771629aca6cffb758e24327316c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Thu, 03 Nov 2022 12:15:36 GMT
x-content-type-options: nosniff
age: 507113
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10488
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 20:56:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Nov 2023 12:15:36 GMT

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame CDF2 91 KB
23 KB 35ms
34ms Script
application/javascript 2600:9000:21f3:1000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:1000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 217b7bc19321a4945b685521fa4f11ac.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 4210273
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: sLDkyYSOO_tZKu3pCc98YdkjkqW8fEF16nlw5deZdKu12V7Iki1V8w==

GET
H2 200 mon
pixel.adsafeprotected.com/ 43 B
216 B 47ms
47ms Image
image/gif 52.50.105.134
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=930977&campId=1x1&pubId=4588498719&chanId=21733545191&placementId=4751858041&pubCreative=138239888598&pubOrder=2361034312&cb=459974170&adsafe_par&impId=&custom=qiyada.me&adsafe_url=https%3A%2F%2Fqiyada.me%2F&adsafe_type=abcedfq&adsafe_jsinfo=,id:a38db537-bf53-ce3e-fcbf-0966f853376f,c:tsxOLA,sl:outOfView,em:true,fr:true,thd:1,mn:jsserver-primary-5b6f9ddd7c-bnpc4,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:269.3041.1.1,am:i,cc:269.3041.1.1,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:publ1.grpm1,mtim:224,mot:0,app:0,maw:0,fm:tmGartW+11%7C12%7C13%7C14%7C15%7C16%7C17*.930977%7C171%7C172%7C173%7C174%7C181%7C182%7C183%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3%7C1b1%7C1b2%7C1b3,idMap:17*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV.us.sn,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:234,oid:ef9676ed-600d-11ed-a57f-2a4b5ba2d7c0,v:19.8.360,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.105.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-105-134.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:29 GMT
server: nginx
x-server-name: app05.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Qw3PZQNVED7rKGKxtqIqX5E-AVSJrOCfjY46_DjQbMZhLw.woff2
fonts.gstatic.com/s/josefinsans/v25/ Frame 3E6F 11 KB
11 KB 57ms
57ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/josefinsans/v25/Qw3PZQNVED7rKGKxtqIqX5E-AVSJrOCfjY46_DjQbMZhLw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Josefin+Sans:regular

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a79b18e7744f210f2400940cbd7e4b7767391e833645f761b759e9a1a365af7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 00:59:59 GMT
x-content-type-options: nosniff
age: 29250
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10892
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 20:56:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 Nov 2023 00:59:59 GMT

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 88BD 91 KB
23 KB 34ms
34ms Script
application/javascript 2600:9000:21f3:1000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: qiyada.me
URL: https://qiyada.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:1000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 217b7bc19321a4945b685521fa4f11ac.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 4210273
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: oK71P8BNpk0J8yLzpfVM5E6BgwK_zO5eZnX2GBZ8lH3qjurs5mp_kg==

GET
H2 200 mon
pixel.adsafeprotected.com/ 43 B
216 B 47ms
47ms Image
image/gif 52.50.105.134
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=930977&campId=1x1&pubId=4588498719&chanId=21733545191&placementId=4751858041&pubCreative=138239888598&pubOrder=2361034312&cb=459974170&adsafe_par&impId=&custom=qiyada.me&adsafe_url=https%3A%2F%2Fqiyada.me%2F&adsafe_type=abcedfq&adsafe_jsinfo=,id:37a724e2-15f7-ba9f-7175-3d7d7609c692,c:tsxOMe,sl:outOfView,em:true,fr:true,thd:1,mn:jsserver-primary-5b6f9ddd7c-7swsv,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:269.3041.1.1,am:i,cc:269.3041.1.1,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:publ1.grpm1,mtim:457,mot:0,app:0,maw:0,fm:tmGarqP+11%7C12%7C13%7C14%7C15%7C16%7C17*.930977%7C171%7C172%7C173%7C174%7C175%7C181%7C182%7C183%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3%7C1b1%7C1b2%7C1b3,idMap:17*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV.us.sn,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:467,oid:ef96767f-600d-11ed-b4d5-eec919257601,v:19.8.360,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.105.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-105-134.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:29 GMT
server: nginx
x-server-name: app14.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
216 B 593ms
188ms Image
image/gif 2600:1f13:800:7781:70ba:6a18:c66a:4b88
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=930977&asId=77ade234-4df1-369e-153a-415824361d35&tv=%7Bc:tsxOMs,pingTime:-2,time:485,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:327,beZ:328,mfA:672,cmA:674,inA:674,inZ:679,prA:679,prZ:685,si:692,poA:692,poZ:709,cmZ:709,mfZ:709,loA:743,loZ:746,ltA:811,ltZ:811,mdA:328,mdZ:490%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:1,h:1,t:364%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:485,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:364,wc:0.0.1600.1200,ac:269.3041.1.1,am:i,cc:269.3041.1.1,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B136~0%5D,as:%5B136~1.1%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:tmGarqL+11%7C12%7C13%7C14%7C15%7C16%7C17*.930977%7C171%7C172%7C173%7C181%7C182%7C183%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3%7C1b1%7C1b2%7C1b3,idMap:17*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:DIV.us.sn,siq:365,slid:%5Bgoogle_ads_iframe_/2736740222664868526/Qiyada.me/Homepage1x1_0,google_ads_iframe_/2736740222664868526/Qiyada.me/Homepage1x1_0__container__,div-gpt-ad-1640598277420-0,content%5D,sinceFw:118,readyFired:true%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:70ba:6a18:c66a:4b88 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:30 GMT
server: nginx
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 776ms
374ms Image
image/gif 2600:1f13:800:7781:70ba:6a18:c66a:4b88
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=930977&asId=77ade234-4df1-369e-153a-415824361d35&tv=%7Bc:tsxOMv,pingTime:-2.1,time:488,type:a,clog:%5B%7Bpiv:0,vs:o,r:r,w:1,h:1,t:364%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:488,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:364,wc:0.0.1600.1200,ac:269.3041.1.1,am:i,cc:269.3041.1.1,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B139~0%5D,as:%5B139~1.1%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:tmGarqL+11%7C12%7C13%7C14%7C15%7C16%7C17*.930977%7C171%7C172%7C173%7C181%7C182%7C183%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3%7C1b1%7C1b2%7C1b3,idMap:17.a38db537-bf53-ce3e-fcbf-0966f853376f.61_930977%7C17*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:DIV.us.sn,siq:365,slid:%5Bgoogle_ads_iframe_/2736740222664868526/Qiyada.me/Homepage1x1_0,google_ads_iframe_/2736740222664868526/Qiyada.me/Homepage1x1_0__container__,div-gpt-ad-1640598277420-0,content%5D,sinceFw:118,readyFired:true%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:70ba:6a18:c66a:4b88 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:30 GMT
server: nginx
x-server-name: dt13.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2

200

pixel
cm.g.doubleclick.net/
Redirect Chain

https://ads.stickyadstv.com/user-matching?id=11&_fw_gdpr=0&_fw_gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=MTZhOGI0MDcyMzgxZGZmZGZhOTU3ODhiMDZlMTU0ZA==&gdpr=0&gdpr_consent=&_fw_gdpr=0&_fw_gdpr_consent=

170 B
502 B

125ms
41ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=MTZhOGI0MDcyMzgxZGZmZGZhOTU3ODhiMDZlMTU0ZA==&gdpr=0&gdpr_consent=&_fw_gdpr=0&_fw_gdpr_consent=

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 09 Nov 2022 09:07:29 GMT
Server: nginx
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=MTZhOGI0MDcyMzgxZGZmZGZhOTU3ODhiMDZlMTU0ZA==&gdpr=0&gdpr_consent=&_fw_gdpr=0&_fw_gdpr_consent=
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
x-sticky-vk: 1667984849576012-509
Expires: Wed, 09 Nov 2022 09:07:29 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/
Redirect Chain

https://ads.stickyadstv.com/user-matching?id=2545&_fw_gdpr=0&_fw_gdpr_consent=
https://s.amazon-adsystem.com/ecm3?id=16a8b4072381dffdfa95788b06e154d&ex=freewheel.tv&gdpr=0&gdpr_consent=&_fw_gdpr=0&_fw_gdpr_consent=

43 B
479 B

415ms
105ms

Image
image/gif

52.46.143.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=16a8b4072381dffdfa95788b06e154d&ex=freewheel.tv&gdpr=0&gdpr_consent=&_fw_gdpr=0&_fw_gdpr_consent=

Protocol

HTTP/1.1

Server

52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Nov 2022 09:07:30 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 4W0S61FYRDYH3WX84556
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 09 Nov 2022 09:07:29 GMT
Server: nginx
Access-Control-Allow-Origin: *
Location: https://s.amazon-adsystem.com/ecm3?id=16a8b4072381dffdfa95788b06e154d&ex=freewheel.tv&gdpr=0&gdpr_consent=&_fw_gdpr=0&_fw_gdpr_consent=
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
x-sticky-vk: 1667984849581011-408
Expires: Wed, 09 Nov 2022 09:07:29 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 572ms
189ms Image
image/gif 2600:1f13:800:7781:70ba:6a18:c66a:4b88
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=930977&asId=77ade234-4df1-369e-153a-415824361d35&tv=%7Bc:tsxOMP,pingTime:-2.2,time:508,type:a,clog:%5B%7Bpiv:0,vs:o,r:r,w:1,h:1,t:364%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:508,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:364,wc:0.0.1600.1200,ac:269.3041.1.1,am:i,cc:269.3041.1.1,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B159~0%5D,as:%5B159~1.1%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:tmGarqL+11%7C12%7C13%7C14%7C15%7C16%7C17*.930977%7C171%7C172%7C173%7C181%7C182%7C183%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3%7C1b1%7C1b2%7C1b3,idMap:17.a38db537-bf53-ce3e-fcbf-0966f853376f.61_930977%7C17.37a724e2-15f7-ba9f-7175-3d7d7609c692.42_930977%7C17*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:DIV.us.sn,siq:365,slid:%5Bgoogle_ads_iframe_/2736740222664868526/Qiyada.me/Homepage1x1_0,google_ads_iframe_/2736740222664868526/Qiyada.me/Homepage1x1_0__container__,div-gpt-ad-1640598277420-0,content%5D,sinceFw:118,readyFired:true%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:70ba:6a18:c66a:4b88 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:30 GMT
server: nginx
x-server-name: dt01.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 562ms
190ms Image
image/gif 2600:1f13:800:7781:70ba:6a18:c66a:4b88
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=930977&asId=a38db537-bf53-ce3e-fcbf-0966f853376f&tv=%7Bc:tsxOMZ,pingTime:-2,time:321,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:528,beZ:529,mfA:752,cmA:752,inA:752,inZ:754,prA:754,prZ:759,si:762,poA:763,poZ:774,cmZ:774,mfZ:774,loA:825,loZ:827,ltA:849,ltZ:849,mdA:530,mdZ:573%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:1,h:1,t:234%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:321,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:234,wc:0.0.1600.1200,ac:269.3041.1.1,am:i,cc:269.3041.1.1,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B96~0%5D,as:%5B96~1.1%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:tmGarqP+11%7C12%7C13%7C14%7C15%7C16%7C17*.930977%7C171%7C172%7C173%7C174%7C181%7C182%7C183%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3%7C1b1%7C1b2%7C1b3,idMap:17.37a724e2-15f7-ba9f-7175-3d7d7609c692.43_930977%7C17*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:DIV.us.sn,siq:235,slid:%5Bgoogle_ads_iframe_/2736740222664868526/Qiyada.me/Homepage1x1_0,google_ads_iframe_/2736740222664868526/Qiyada.me/Homepage1x1_0__container__,div-gpt-ad-1640598277420-0,content%5D,sinceFw:86,readyFired:true%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:70ba:6a18:c66a:4b88 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:30 GMT
server: nginx
x-server-name: dt08.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 739ms
374ms Image
image/gif 2600:1f13:800:7781:70ba:6a18:c66a:4b88
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=930977&asId=37a724e2-15f7-ba9f-7175-3d7d7609c692&tv=%7Bc:tsxON6,pingTime:-2,time:521,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:339,beZ:340,mfA:797,cmA:797,inA:797,inZ:798,prA:798,prZ:803,si:807,poA:807,poZ:818,cmZ:818,mfZ:818,loA:848,loZ:850,ltA:859,ltZ:860,mdA:341,mdZ:527%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:1,h:1,t:467%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:521,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:467,wc:0.0.1600.1200,ac:269.3041.1.1,am:i,cc:269.3041.1.1,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B63~0%5D,as:%5B63~1.1%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:tmGarqP+11%7C12%7C13%7C14%7C15%7C16%7C17*.930977%7C171%7C172%7C173%7C174%7C175%7C181%7C182%7C183%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3%7C1b1%7C1b2%7C1b3,idMap:17.a38db537-bf53-ce3e-fcbf-0966f853376f.63_930977%7C17*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:DIV.us.sn,siq:468,slid:%5Bgoogle_ads_iframe_/2736740222664868526/Qiyada.me/Homepage1x1_0,google_ads_iframe_/2736740222664868526/Qiyada.me/Homepage1x1_0__container__,div-gpt-ad-1640598277420-0,content%5D,sinceFw:52,readyFired:true%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:70ba:6a18:c66a:4b88 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:30 GMT
server: nginx
x-server-name: dt16.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Fly-Private.gif
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/ Frame E20F 8 KB
8 KB 34ms
33ms Image
image/gif 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/Fly-Private.gif

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

286db8201669aab3dd137a15a32ff4bdba65ca0b10cbead97cab8664a08ea086

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Thu, 03 Nov 2022 12:06:04 GMT
x-content-type-options: nosniff
age: 507685
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7681
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 11:33:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 03 Nov 2023 12:06:04 GMT

GET
H3 200 Jetex-w.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/ Frame E20F 2 KB
1 KB 34ms
33ms Image
image/svg+xml 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/Jetex-w.svg

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34900ef5823ce7380ed18b7cabea4f295587bb779ed6118fbb35418c1b655970

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 03 Nov 2022 12:06:04 GMT
age: 507685
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1134
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 11:33:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 03 Nov 2023 12:06:04 GMT

GET
H3 200 Aircraft.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/ Frame E20F 20 KB
20 KB 36ms
35ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/Aircraft.png

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

784befbb2dad2ce737feba7c425d4a8ace17d6de93953350715acafdd8847e82

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Thu, 03 Nov 2022 08:32:28 GMT
x-content-type-options: nosniff
age: 520501
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20920
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 11:33:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 03 Nov 2023 08:32:28 GMT

GET
H3 200 Pattern.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/ Frame E20F 79 KB
79 KB 38ms
37ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/Pattern.png

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9dd57fde1741937a4f247ece8895b9058ba310eeac55193441c79103b5e5915

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 04 Nov 2022 13:44:35 GMT
x-content-type-options: nosniff
age: 415374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 81004
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 11:33:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 04 Nov 2023 13:44:35 GMT

GET
H3 200 Fly-Private.gif
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/ Frame C004 8 KB
8 KB 38ms
37ms Image
image/gif 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/Fly-Private.gif

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

286db8201669aab3dd137a15a32ff4bdba65ca0b10cbead97cab8664a08ea086

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Thu, 03 Nov 2022 12:06:04 GMT
x-content-type-options: nosniff
age: 507685
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7681
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 11:33:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 03 Nov 2023 12:06:04 GMT

GET
H3 200 Jetex-w.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/ Frame C004 2 KB
1 KB 39ms
37ms Image
image/svg+xml 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/Jetex-w.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34900ef5823ce7380ed18b7cabea4f295587bb779ed6118fbb35418c1b655970

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 03 Nov 2022 12:06:04 GMT
age: 507685
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1134
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 11:33:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 03 Nov 2023 12:06:04 GMT

GET
H3 200 Aircraft.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/ Frame C004 20 KB
20 KB 40ms
38ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/Aircraft.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

784befbb2dad2ce737feba7c425d4a8ace17d6de93953350715acafdd8847e82

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Thu, 03 Nov 2022 08:32:28 GMT
x-content-type-options: nosniff
age: 520501
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20920
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 11:33:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 03 Nov 2023 08:32:28 GMT

GET
H3 200 Pattern.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/ Frame C004 79 KB
79 KB 42ms
41ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/Pattern.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9dd57fde1741937a4f247ece8895b9058ba310eeac55193441c79103b5e5915

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 04 Nov 2022 13:44:35 GMT
x-content-type-options: nosniff
age: 415374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 81004
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 11:33:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 04 Nov 2023 13:44:35 GMT

GET
H3 200 image.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17064940463162654720/ Frame 882F 79 KB
79 KB 46ms
45ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17064940463162654720/image.jpg

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf455efa736232e0481e7c44b04290f0dfed4982d7babe4b3cadc99501e31f43

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Mon, 07 Nov 2022 20:20:03 GMT
x-content-type-options: nosniff
age: 132446
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 80545
x-xss-protection: 0
last-modified: Thu, 26 Aug 2021 12:44:04 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 07 Nov 2023 20:20:03 GMT

GET
H3 200 Jetex.gif
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17064940463162654720/ Frame 882F 5 KB
5 KB 45ms
44ms Image
image/gif 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17064940463162654720/Jetex.gif

Requested by

Host: 1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14f26d376a773fbbb6cbb816216dad5f6d0271a4199f3ac5944a6001666d3eb6

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Mon, 07 Nov 2022 20:29:38 GMT
x-content-type-options: nosniff
age: 131871
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5259
x-xss-protection: 0
last-modified: Thu, 26 Aug 2021 12:44:04 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 07 Nov 2023 20:29:38 GMT

GET
H3 200 Fly-Private.gif
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/ Frame 3E6F 8 KB
8 KB 49ms
48ms Image
image/gif 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/Fly-Private.gif

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

286db8201669aab3dd137a15a32ff4bdba65ca0b10cbead97cab8664a08ea086

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Thu, 03 Nov 2022 12:06:04 GMT
x-content-type-options: nosniff
age: 507685
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7681
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 11:33:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 03 Nov 2023 12:06:04 GMT

GET
H3 200 Jetex-w.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/ Frame 3E6F 2 KB
1 KB 50ms
49ms Image
image/svg+xml 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/Jetex-w.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34900ef5823ce7380ed18b7cabea4f295587bb779ed6118fbb35418c1b655970

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 03 Nov 2022 12:06:04 GMT
age: 507685
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1134
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 11:33:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 03 Nov 2023 12:06:04 GMT

GET
H3 200 Aircraft.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/ Frame 3E6F 20 KB
20 KB 50ms
50ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/Aircraft.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

784befbb2dad2ce737feba7c425d4a8ace17d6de93953350715acafdd8847e82

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Thu, 03 Nov 2022 08:32:28 GMT
x-content-type-options: nosniff
age: 520501
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20920
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 11:33:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 03 Nov 2023 08:32:28 GMT

GET
H3 200 Pattern.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/ Frame 3E6F 79 KB
79 KB 52ms
51ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/Pattern.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15677297618621300736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9dd57fde1741937a4f247ece8895b9058ba310eeac55193441c79103b5e5915

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 04 Nov 2022 13:44:35 GMT
x-content-type-options: nosniff
age: 415374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 81004
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 11:33:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 04 Nov 2023 13:44:35 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 240ms
189ms Image
image/gif 2600:1f13:800:7781:70ba:6a18:c66a:4b88
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=930977&asId=77ade234-4df1-369e-153a-415824361d35&tv=%7Bc:tsxOS8,pingTime:-10,time:837,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTA3LjAuNTMwNC44NyBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000022202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1667984849916%7C%7C15fc4d2a86998eaa20dab57272a10a5d%7C%7Cf8a61638d246180133c226b527e2398b%7C%7Cfa40fb14cbc01f11ac1a1bd89d4865ed%7C%7Cfd76553cd602db4a1a1724b650a26535%7C%7Cdfd9702faa94d4f6811f2cc3dd20920a%7C%7C59dc07108d67d2ca8de98586dab5281e%7C%7C709446d341133d68deff95b73d22dd12%7C%7C1663701684%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:70ba:6a18:c66a:4b88 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:30 GMT
server: nginx
x-server-name: dt05.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 95ms
94ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022110701&jk=1498116786045031&bg=!cnGlcTXNAAZPh4lnb4c7ACkAdvg8WkERK1VZE7KNVSW1aFnRCv-cG5H4XuLgjQ0USrIxsW-Oqwie3wIAAAI9UgAAAANoAQeZApXcu8BgUag-Bs6skjq3IOGEySovpwympwWZobwWGJ8hVoxFaei1GCUGWbcurldu042VzVJ3HhanCNoQ_B1Uuoj2cEzSBgVVxNfnGPMlV6aNJQl9EexGfx9qbJd9SBqqiLK_DRAG591j5Q1Qx0NfeNhmDbtjvWDrfmHhhlic_Dc9F16qdCgVd38EsJ3f2qSk0IOnw_-7mYD7zY0qD2dlIplB1rrTr3i8WuG1pRC80z7Jz_fl4q-hRr-k4nWBWtQBrz6VgTMM9pB7E39dmKDZcQa1OQKGCzL8W9LcpmyvyC4ipcWvW7lu3nXCmvu70jB4owtyjcFQ_pt4dl3hvVxQYyXt0FOH_B3o2SR9f7_-MlNyLLx1_6R45DZ7mxnizHS1H7VVxCQ99xrl_huz-ER4W8RnFGsSdJBjFEuNik4YaBi4nEmIlG3SbQ8K-YgDGfF6KM5jp2cXxmPbVWuOWSBaAiN9mLwkypTKycxoQmpNzpXJS5IL5nojXmiHhXwQmw7UtHhwtp0icj19mGWvpj9_UXaqfNPeu71drUiHs8sys_uWw5fhIYkDmaWu_oYCcB-Q7Pj5MhWJQFtAnJbrhXh-bhSCwHgaxqL5JpVPKWV6JtL_Yu-gIMrAi8WQscb-G4U7J1eZvi92yGEiiYCKyUAXtoBI6BHC__RLzzzcky4ADNFokU0wLGIonNeSunoyNuhUn2C4H-zHbWIS_0Dwa9yT8wyPIyudfy57kmbtgBro3tRagT1PtZWWCM0MZWWbB9AJeyreUawJlptJf51jnzvJm0KIPq1x-80Q9T1edItE9JV90a_VPeCtngOb5mYZ_bv9dip01vhm4q_m4blGQ0-jBiFJqREEWVnm4VxaA0V9zMAgD7f4cftM
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 190ms
189ms Image
image/gif 2600:1f13:800:7781:70ba:6a18:c66a:4b88
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=930977&asId=37a724e2-15f7-ba9f-7175-3d7d7609c692&tv=%7Bc:tsxOYE,pingTime:-10,time:1237,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTA3LjAuNTMwNC44NyBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000022202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1667984849916%7C%7C15fc4d2a86998eaa20dab57272a10a5d%7C%7Cf8a61638d246180133c226b527e2398b%7C%7Cfa40fb14cbc01f11ac1a1bd89d4865ed%7C%7Cfd76553cd602db4a1a1724b650a26535%7C%7Cdfd9702faa94d4f6811f2cc3dd20920a%7C%7C59dc07108d67d2ca8de98586dab5281e%7C%7C709446d341133d68deff95b73d22dd12%7C%7C1663701684,sca:%7Bspg:77ade234-4df1-369e-153a-415824361d35%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:70ba:6a18:c66a:4b88 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:30 GMT
server: nginx
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 189ms
188ms Image
image/gif 2600:1f13:800:7781:70ba:6a18:c66a:4b88
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=930977&asId=a38db537-bf53-ce3e-fcbf-0966f853376f&tv=%7Bc:tsxP3a,pingTime:-10,time:1324,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTA3LjAuNTMwNC44NyBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000022202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1667984849916%7C%7C15fc4d2a86998eaa20dab57272a10a5d%7C%7Cf8a61638d246180133c226b527e2398b%7C%7Cfa40fb14cbc01f11ac1a1bd89d4865ed%7C%7Cfd76553cd602db4a1a1724b650a26535%7C%7Cdfd9702faa94d4f6811f2cc3dd20920a%7C%7C59dc07108d67d2ca8de98586dab5281e%7C%7C709446d341133d68deff95b73d22dd12%7C%7C1663701684,sca:%7Bspg:77ade234-4df1-369e-153a-415824361d35%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:70ba:6a18:c66a:4b88 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qiyada.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:30 GMT
server: nginx
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1208 42 B
64 B 217ms
101ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsthfF-7-xBF3-wSn55Joi1OFrD7gUFtNkpWRRWm_XxFou_B3djP8mvVS3EVIUkb3lm_AKTuRVR6kbuAsTPUuXMqwuopkOellxm0QSUbJabN-eRwH5FlJHvO0y5kxnOM6oOwm4tjg1sTDyYEmgeMp3o0LrduWURj6es7&sai=AMfl-YTNpoCwjygCVLov_33I6cr9Z-8qcCsLHkEK8e1NSqFcrcPMhRoH6fJnYuPm5UhvpvxlzzPfwSulU4puRm3JlZcWxMC9jzhXgU0UQq0T3cdQYeay_ezVxuCOKMzKcg&sig=Cg0ArKJSzMylLypqv4XbEAE&cid=CAQSOwDq26N9gjNx7crC5nCXkJS8tThzgpV8ResTaGHRjzbNT6OfWMe3d7PnGDwYCeatu4YFVBxubEtpmOnnGAEgEw&id=lidar2&mcvt=1000&p=131,436,221,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221107&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=309681221&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1667984848794&rpt=903&isd=0&lsd=0&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Nov 2022 09:07:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

165 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.qiyada.me/	1970-01-20 16:55:44	Name: _ga Value: GA1.2.2051332650.1667984847
.qiyada.me/	1970-01-20 07:21:11	Name: _gid Value: GA1.2.1992142360.1667984847
.qiyada.me/	1970-01-20 07:19:44	Name: _gat Value: 1
.izooto.com/	1970-01-20 16:55:44	Name: IZCID Value: f252a8ca-d42b-4fba-88f8-ae67c9da7eca
.qiyada.me/	1970-01-20 09:29:20	Name: _gcl_au Value: 1.1.1646417394.1667984848
.qiyada.me/	1970-01-20 09:29:20	Name: _fbp Value: fb.1.1667984847983.1329418808
.doubleclick.net/	1970-01-20 16:41:20	Name: IDE Value: AHWqTUmqbnnxb7NqqAYt4nu6GXe_Er3PuY772icKtQa4eE_D7qrVs_rBbJMFbCu9uJ0
.qiyada.me/	1970-01-20 16:41:20	Name: __gads Value: ID=14e87fbf41e98f77:T=1667984847:S=ALNI_MaeJWYQYP65QQjSNMr0i2vZJYgKMA
.qiyada.me/	1970-01-20 16:41:20	Name: __gpi Value: UID=00000b7ebcd29be7:T=1667984847:RT=1667984847:S=ALNI_MayZ23btt4H9hR_HaclQwJdb-eMDQ
.ads.stickyadstv.com/	1970-01-20 08:02:56	Name: UID Value: 16a8b4072381dffdfa95788b06e154d
.doubleclick.net/	1970-01-20 07:19:48	Name: DSID Value: NO_DATA
.ads.stickyadstv.com/	1970-01-20 08:46:08	Name: uid-bp-159 Value: 1
.ads.stickyadstv.com/	1970-01-20 07:39:54	Name: uid-bp-30833 Value: 1

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html(Line 15) Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/15677297618621300736/index.html".
security	error	URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html(Line 15) Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/15677297618621300736/index.html".
security	error	URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html(Line 15) Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/17064940463162654720/index.html".
security	error	URL: https://1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com/safeframe/1-0-39/html/container.html(Line 15) Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/15677297618621300736/index.html".
javascript	warning	URL: https://qiyada.me/ Message: The resource https://fonts.gstatic.com/s/cairo/v10/SLXLc1nY6Hkvalqaa46O59Zea3ZlqSo.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://qiyada.me/ Message: The resource https://fonts.gstatic.com/s/cairo/v10/SLXGc1nY6HkvalIhTpumxdt0.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://qiyada.me/ Message: The resource https://fonts.gstatic.com/s/cairo/v10/SLXLc1nY6Hkvalqaa46L59Zea3Zl.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://qiyada.me/ Message: The resource https://fonts.gstatic.com/s/cairo/v10/SLXGc1nY6HkvalIkTpumxdt0UX8.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://qiyada.me/ Message: The resource https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1a828c7f33c9a2932fcdf5c5b4e86da5.safeframe.googlesyndication.com
ads.stickyadstv.com
adservice.google.com
adservice.google.nl
cdn.izooto.com
cdn.stickyadstv.com
cm.g.doubleclick.net
connect.facebook.net
d10lpsik1i8c69.cloudfront.net
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
pixel.adsafeprotected.com
qiyada.me
qiyada.thewickfirm.com
s.amazon-adsystem.com
securepubads.g.doubleclick.net
settings.luckyorange.net
static.adsafeprotected.com
stats.g.doubleclick.net
tpc.googlesyndication.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.nl
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
104.26.10.16
13.225.84.220
142.250.184.226
172.217.18.2
193.108.153.18
2001:4de0:ac19::1:b:1b
2600:1f13:800:7781:70ba:6a18:c66a:4b88
2600:9000:21f3:1000:8:48e:53c0:93a1
2606:4700::6812:d841
2a00:1450:4001:801::2004
2a00:1450:4001:802::2002
2a00:1450:4001:803::2001
2a00:1450:4001:803::2002
2a00:1450:4001:80b::2001
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:812::2003
2a00:1450:4001:827::200a
2a00:1450:4001:829::2002
2a00:1450:4001:82f::200e
2a00:1450:4001:831::2003
2a00:1450:4001:831::2008
2a00:1450:400c:c1b::9d
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a06:98c1:3120::3
52.46.143.56
52.50.105.134
85.17.64.49
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
03ca56ec5ded9805d7e0c8b61ff5eff744111e59d37567b3083aece3c0677fd2
06eb9b648fd1429d0cef25265009259c35f053a76118194b4073c98e161812be
076956289c202e94f3657469ef81a4d47dc69d2441d088de292918d6b07d30c9
089a58cad96527d3365c0649c90f30d77c1a62f3c643b2ab4c1c3cb9edc057e5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0fa04972dc76cd42e68cb5e1c0a594b0228cf931f4121195d559800e62beeba0
10afd750dd7bb8f813c043fa90426a66191c9d0832b7751cff49b72a6567bfdc
1219b8e4e826f1a4d79b3ca238bd02d4b00b4c3fabc301411d43311da31aafd7
122fac0ffbb44fb8bba0388baa11afc67faec3b223a06871a40dbcab4c6cc787
14f26d376a773fbbb6cbb816216dad5f6d0271a4199f3ac5944a6001666d3eb6
1528df79edfea36259c2ff9bfa9a7d0a3ce0d1c1a4cd61931cc4f14d81d1209a
16a6b0df457b43ba6ff56db36c74cb8707dabb44a0613ef7f4e8b1511edbaf4d
1794aaf7bfce250af992f76301c1ae7d411f393b7684c898f6df9dcc3fa820b0
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
199956cf2c75e6d45ce621444a6debcf6f7de42ab0c35045c09f1ab7a83db32a
1dfb04f202a8de07b06db8dac2ef76dbd4455296864f31f6827f59f34c4d09be
1f929764de55ac5f074419e6ad4085c39840f65ede66336cc32dc7b6a542afd0
1fba01948b673d1683ec24069c1a2e7f1ea736fcc64abb5abee897fbb63bd02b
21bad2a2b3decd776b9f1c369962ceb561f4e723b1312b5714f5527b813daa1e
22edc0c8610609c6b52d86633dcd99652aff64655893fb7ede9cf7c8fa400da1
286db8201669aab3dd137a15a32ff4bdba65ca0b10cbead97cab8664a08ea086
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2d71a901362d382c49c8ec005d8fa763f7ec3fb51a9210733ccc5d5bbd317187
2dfe970dcacf61e3fa410a4a553690964e2b295f95ce3ebae5ce9f16ed0514d2
30a07b9b995d032634946936eadd0bde6474e8ea00bb66dcbf9f2f8a8533fcc3
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31c6143e7b31880652dbfcd10e17c4d9688031db12163c802758ffca4229294b
31f02fb9a8ae77e5d8bb229bf73f473f783e8155042655926cafca211cd11c98
31f970eacd8293bfdc8e94c3ecb4d03b58dfb946ce25e776be88011984f9ebea
3240753a3be38da5c8b2cc55747a11bd018dc12f4e927f45b7bdbb824c76979b
34900ef5823ce7380ed18b7cabea4f295587bb779ed6118fbb35418c1b655970
34a9b0498772690b14d3519a3bd0e855664fd793a68b27fb305f897fc5d9f662
34eaadba0729e3c08ac20cfe3bb25c6259d9884e2984b4dc9cc390ebd9bd646a
35da628dcb8849cc8153045c34ec07a7616177bb150196ba33cff63880d55e30
37346a0c56b701000db6c3408109a23b92e75bb52f770aabcc266f8b89cf0835
389e7668a1ebd8a04eca206d27b7147519be465eed883f6a2d68bd419ada24b4
3f9518b91b38e946ebd308e0201a9dfb47de68703a6eede2f96f12c90b9ae234
407f1eb0d835551786663e5c2c30a4626332570ef2e86e1a1691a26657a346c8
461bbbda0ceea8687771d84729024501a6c291a90c26320abb3deaf3a6609573
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
474d47191724b12da235cc01864aa87cacdf2917f2aa04b1d7bd39ffd309faaa
480c6d422ac35b202cb5c0ff3e440a24c46c4d598282004216321f24544ae625
4a79b18e7744f210f2400940cbd7e4b7767391e833645f761b759e9a1a365af7
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
55632025f6c3687b30817e2536b22b697ba584ef31faca1d7c4ed1f13207c45e
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5cc1f33d2e98255a07f024524dc8e4301353898b61537067731fe4a0d81fe900
5cce843a757127533d672fa3e2cc81b31532a28ad5fd0f447ade935fd12fa96a
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
6080610ed8ad1ec28b32a16cd5fb8be853a45dc27de0757acad068588e067a45
6117409455687ef372ed13a5cbc9e1bb4c11a2689d96d89f1adfec219aa16427
61a2ee23f665431f0e0fb1eaa7e3c96ab2ce02cb4314051434abaf05d833c205
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64a14c1566ed5e882e60ea9d6e3722949c5767823cd23dc1244503991661dc27
64c483cbd312a02a7c207bc72021720a09dea16d25277c788cbf71ccfb8aeda3
650483f49c94c6f05181c4008dde5c6cc0adf771629aca6cffb758e24327316c
6788cab29b394586a4eb34b851240310d077e2c07d9918135b3aab334f4f616d
679e44f9b4bbbc2ad0c4000c1413fd3a88627d83f1cba8ebdac26f81bc7edb78
71d49d865114d9bb25bfdfc0272b738cdfd771749b21360ce5fb40eee3b4d986
72ee86c2d51bda0926be00bf9c225c4327b49495ba502bc10b051c8eb09031bb
7552c02b3188c5e1e2f67595e04ca979f2a07707e1dfaa194b1384d4017124f2
784befbb2dad2ce737feba7c425d4a8ace17d6de93953350715acafdd8847e82
78db0c19e5a798b2d976860008d763df31443c617f8d103170905932d1c8abeb
7a4c34c57ebe1d260bb29d8c0d8794a516b38c94c0f39caa26588c65c9a371db
7a9b136844d61d5614a77f5f65bca648edcd8368eaa64be0571ce2dad2817ff5
7c35f65a03d4c0e4d31e609f696e5b8efcc15998b64c6d0978dbdc75a1d9a15e
7c5d38bbf64df440fcb31805703e2560b576ca72d7cb435b8e3d1f6cfe648b2b
7d8a984bf6b28cfb6dc1e297afe131ddb7ce997f2388f52bc2ddcd17fb02f4eb
82b1172bf1a464f69261f402cd79f02fcf7caa7fd58e59bea5297731d807affc
861dad47916f3df9254a213a0392b0f9e1178790dbcab6897f1266d008693f63
86575a4520b6bbbc8240906dadae560fa68efcb44f3c96c968b1dd0b29cc679b
8a8406a1f98f88e355c512129115a05107293f419b0f4b80739768f176f35e63
8af2e5c61b55d6cea2c82227a7177ed78e1a2ce3b384760936e429b20bad1918
8bd7e75c205b1650b2b9feb33de1565ec74c9213a030f287e5005e726daf9d6c
8bfffa2ebd7c611f0f42f8eb01a6587ba01cfe237d9cbe003f63b2998fa564ba
8f31380a8ffc553ae12b2516f48d752a00457b9c6b9e7b3d8e578502af7de7fb
99478beede4136db6c922e8d97e937f1a501c749ab3b56c1bfb3c3d8d77f497f
9a4879818e21e711cb2697a0e0237e3760a55823a5bfd5cd3d8057df74f07a64
9ba8ceaea46933b8fc9e6208ee00ace3cd6f7afaf3b45f4406a8def4a444c8cc
9bb1ab7eff6e456d6b159fd68f737e30a0085b41a8f252c10242697746d1653e
9be6923457d76debf4c512fac0a2173aaa94748868d26566515ce2a4156d083d
9cb2a05566c35729815595677a37a3650135cdbde1535d5d805e419da19a63a0
9f995b1c42942ededcce16bba381a19d3b30e0e75a36e0ea956f6a54e040dffe
a05f4d316a99f05a17f390c76a95a0df1f37d962a98008be6147b9f22abb233e
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a2c2d3243bbba81a9fd368afc0cea3933b8738c608c39a2db3218899ca002509
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ce33325b6ae0d91bbe7cfba9b542e808b0e07137fbc0ed648d505c50376c0a
a65856cbf35a3356aedc04b824a572bdabeecb6a9661a8eb42065371c89512e7
a7944fa8956e5132171129e3a7d75aba0c72c4b0fb6b85b3c5568be0b85c5503
aadce9f6fd0d57a94e5445c86ece1045ad473ac62521505f0f5786a406887edd
aaf2547b98fe1c676f305940d81ebd43c61511ec98891b5a509031d418945494
aca909e410fe592e712c48b4a706623e93752ca61c629c7cb63a880ccde74cbe
ae3ba22cdac43cd890e6eb78236f1866c2c86511593574935aa8023be061eb9c
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
afac56b59f8f49eb5aeaf81775787375538f5639c2aa5d4b2b82c2ccbac501b7
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2c5c558a18f832bc563e58fd017c64111aad613a29208eb5f413867624ac6fe
b2d1e152efc2a394d540e62296921c1a1da5fa21ab6b5f56fa1eaabb68d4b3f7
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b4aa5573b2544e410fc3dc98d534b9fabcc655b8024d7f9bd5cbeac816587c15
b96f3f595f690725175a47ad53e4528f0f4fdc4b5ac5ced8dc43e0f61ec9dc3a
b9fb8d655e386b9d1e3c9c065eeb5284df3b9557fc45240352cb4be9a46950f0
bcb6d1cfb83a4d0e68a3789297ef40f1c73eb4d4ca49448aca740876f2b191c6
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bf455efa736232e0481e7c44b04290f0dfed4982d7babe4b3cadc99501e31f43
c0a85ba06aa3339ece6aa2bc8cbe8d6c557cbb40f1e6414e7ada3c82bfbb6c85
c15ade1a11c10e9dc5629d3e30a49582931f73a94d90d4b11fd4e757276f2cb8
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
cebfa75512f12a4d2f05cacae40f83ddc3e1efaf90aba3d5c9eabe0625a94858
d2145070a8525d28e5c6e41f9502578728f6d98c9b302a508b8f1705b6e33015
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e1a566a59006b3c932270dbeb313483186d0f42a17b2b7fb9a9a4e570cb1d39b
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c
e2565fcd8f4b74820d98a57ec1c8bbcbef4ea164432b3b04a17d27d899a0d493
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181
e87849f221bbdc16a325dca3a1474301c20b365d2a27dce81ffe6ef2beb7eb44
e9dd57fde1741937a4f247ece8895b9058ba310eeac55193441c79103b5e5915
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f02445f7bda0a5b7eaa31d9aad6a899407cbcd2b41de38a5ae8ccb009e86dc01
f1c5bc8c04a5d635e4faee3152aeea552a7786e76cb44cd2fc6c64925a8aad2d
f62ceca9ef138dfdc048d23f57792999c7a6742e6f95f157ad81fd12795252a5
f896040524443394b8b1ba4fbd1de94be74378ab901e53b3b40c1323d1735143
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

qiyada.me Open in urlscan Pro 85.17.64.49 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

199 Requests

98 %HTTPS

72 %IPv6

20 Domains

30 Subdomains

30 IPs

5 Countries

3030 kBTransfer

8675 kBSize

13 Cookies

1 Outgoing links

Page URL History

Redirected requests

199 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

qiyada.me Open in urlscan Pro
85.17.64.49 Public Scan

Screenshot
Live screenshot

Full Image

199
Requests

98 %
HTTPS

72 %
IPv6

20
Domains

30
Subdomains

30
IPs

5
Countries

3030 kB
Transfer

8675 kB
Size

13
Cookies

199 HTTP transactions
6 data transactions