www.edocr.com Open in urlscan Pro
3.222.244.201 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/Changing-Kitchen-Area-Style
Effective URL:
https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style
Submission: On June 05 via manual (June 5th 2021, 7:45:38 pm UTC) from DE

Summary HTTP 45 Redirects Behaviour Indicators

Summary

This website contacted 16 IPs in 3 countries across 12 domains to perform 45 HTTP transactions. The main IP is 3.222.244.201, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.edocr.com.
TLS certificate: Issued by Amazon on April 28th 2021. Valid for: a year.

This is the only time www.edocr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 9	3.222.244.201 3.222.244.201	14618 (AMAZON-AES) (AMAZON-AES)
8	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
3	185.29.135.190 185.29.135.190	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	138.201.220.30 138.201.220.30	24940 (HETZNER-AS) (HETZNER-AS)
1	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1 5	138.201.84.245 138.201.84.245	24940 (HETZNER-AS) (HETZNER-AS)
1 2	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
2	85.114.131.234 85.114.131.234	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
45	16

9 3.222.244.201 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-222-244-201.compute-1.amazonaws.com

www.edocr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.135.190 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 138.201.220.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.30.220.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 138.201.84.245 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.245.84.201.138.clients.your-server.de

hal900025.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.239.217 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.131.234 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: srv21038.dus4.fastwebserver.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	166 KB
9	edocr.com 1 redirects www.edocr.com	594 KB
6	redintelligence.net 1 redirects hal9000.redintelligence.net hal900025.redintelligence.net	9 KB
5	doubleclick.net googleads.g.doubleclick.net	10 KB
4	mathtag.com tags.mathtag.com pixel.mathtag.com	3 KB
2	contentspread.net cdn.contentspread.net	39 KB
2	awin1.com 1 redirects www.awin1.com	1 KB
2	googletagservices.com www.googletagservices.com	65 KB
2	google.com adservice.google.com www.google.com	2 KB
2	google-analytics.com www.google-analytics.com	20 KB
1	google.de adservice.google.de	799 B
1	googleadservices.com partner.googleadservices.com	638 B
45	12

	Domain	Requested by
9	www.edocr.com	1 redirects www.edocr.com
8	pagead2.googlesyndication.com	www.edocr.com pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com
5	hal900025.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900025.redintelligence.net
5	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
4	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
3	tags.mathtag.com	googleads.g.doubleclick.net tags.mathtag.com
2	cdn.contentspread.net	hal900025.redintelligence.net
2	www.awin1.com	1 redirects googleads.g.doubleclick.net
2	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
2	www.google-analytics.com	www.edocr.com www.google-analytics.com
1	pixel.mathtag.com	tags.mathtag.com
1	hal9000.redintelligence.net	www.edocr.com
1	www.google.com	tpc.googlesyndication.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
45	16

This site contains no links.

Subject Issuer	Validity	Valid
edocr.com Amazon	`2021-04-28` - `2022-05-27`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2022-04-22`	2 years	crt.sh
redintelligence.net R3	`2021-04-21` - `2021-07-20`	3 months	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2021-07-15`	a year	crt.sh
www.awin1.com DigiCert Secure Site ECC CA-1	`2020-04-21` - `2021-07-21`	a year	crt.sh
contentspread.net R3	`2021-04-05` - `2021-07-04`	3 months	crt.sh

This page contains 8 frames:

Primary Page: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style
Frame ID: E6D4DBBB00251CACD8A60C210874BE66
Requests: 24 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210601/r20190131/zrt_lookup.html
Frame ID: B0CAB8CE3F2B51A0F65A59ABE4EA17B6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=600&slotname=3952982610&adk=937441900&adf=750878660&pi=t.ma~as.3952982610&w=120&lmt=1622922322&psa=0&format=120x600&url=https%3A%2F%2Fwww.edocr.com%2Fv%2Fnarav7rp%2Fsweetslindapeony89peacekramersheltonpigeonhood73%2Fchanging-kitchen-area-style&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622922322008&bpp=4&bdt=1069&idt=95&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=2318248038001&frm=20&pv=2&ga_vid=589232484.1622922321&ga_sid=1622922322&ga_hid=1442062396&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=25&ady=295&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3598084296949102&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Cd%7CeE%7Cp&abl=XS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=JuQEdpsP4Z&p=https%3A//www.edocr.com&dtd=110
Frame ID: 789316AF762405A239D46A5638F626A9
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=250&slotname=4103433139&adk=402904232&adf=2030016460&pi=t.ma~as.4103433139&w=300&lmt=1622922322&psa=0&format=300x250&url=https%3A%2F%2Fwww.edocr.com%2Fv%2Fnarav7rp%2Fsweetslindapeony89peacekramersheltonpigeonhood73%2Fchanging-kitchen-area-style&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622922322012&bpp=1&bdt=1073&idt=112&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=120x600&correlator=2318248038001&frm=20&pv=1&ga_vid=589232484.1622922321&ga_sid=1622922322&ga_hid=1442062396&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1270&ady=184&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3598084296949102&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Cd%7CeE%7Cp&abl=XS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=bwoPI0kXNE&p=https%3A//www.edocr.com&dtd=116
Frame ID: A91CF1C03BAD45BDA1D75B72A9D14B6F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&adk=1812271804&adf=3025194257&lmt=1622922322&plat=1%3A16809992%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.edocr.com%2Fv%2Fnarav7rp%2Fsweetslindapeony89peacekramersheltonpigeonhood73%2Fchanging-kitchen-area-style&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622922322042&bpp=1&bdt=1103&idt=88&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=120x600%2C300x250&nras=1&correlator=2318248038001&frm=20&pv=1&ga_vid=589232484.1622922321&ga_sid=1622922322&ga_hid=1442062396&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3598084296949102&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=94
Frame ID: 15A5BA96F1B1431D4B3CB87B7B75202B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 2A38C05271981BE27D674C720C66B175
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5A360F9086B89F8A58BACE0A0B2B2AA2
Requests: 1 HTTP requests in this frame

Frame: https://hal900025.redintelligence.net/request_content.php?s=13561000184666702179197011616025&a=dbbc8801
Frame ID: 4852BAC608D0C4E70F4594E8A752A4E2
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/Changing-Kitchen... HTTP 302
https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen... Page URL

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

45
Requests

100 %
HTTPS

47 %
IPv6

12
Domains

16
Subdomains

16
IPs

3
Countries

915 kB
Transfer

2915 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/Changing-Kitchen-Area-Style HTTP 302
https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://hal900025.redintelligence.net/request.php?zone=437qqb2vcmsn&nw=20&renderingType=javascript&namespace=06d9bcab4e&subid=&uid=6e16bcce8038ad04&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=120x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7313451425068533388%26mt_id%3D8675607%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D861460bb-d452-4601-9a53-f2e4ca5b1362%26mt_cid%3D861460bb-d452-4601-9a53-f2e4ca5b1362%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCTLUhUtS7YI-kCc2d1fAPo6OP8A3Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTY5MzM0NjE5NDA2Mjc2NDHIAQmoAwGqBPQBT9BV0pxWpsGUL3X_cMfKKTmAQTAAnhmrP0-cQ9ZNe6ZpohyoCyFHwMEmHwIEu9mm6QXONBf-n6i7ph5R_XMWrWQg5uHxXBVasL-QaN_NchqgAGb9FwIMefhMyGUGbNkkmwmOhgiCLZudA5ZnZ3ndWErX2in0hJ_0zwhiXuvO0k7PRPe9cb4ksaURonpWRR-I7jJ8l-FxVQKKqx9G5E8P1fuANJb3EH5QtxscN3O-2-X1DBbvzL9s1zzBhgBX_qxAezl5sZRREttMuXvbOHHrAqpjjmmVkg1kVhl2IgfFM3O3ezyniIk8nBy2Ahs_cBk3q-CC74AG98y_582tn8zJAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1qDNTO-D928HKlDgJXCyuyw2aPLg%2526client%253Dca-pub-6933461940627641%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.edocr.com%2F&ancestorOrigins=https%3A%2F%2Fwww.edocr.com&random=3854745827297&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900025.redintelligence.net/request.php?zone=437qqb2vcmsn&nw=20&renderingType=javascript&namespace=06d9bcab4e&subid=&uid=6e16bcce8038ad04&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=120x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7313451425068533388%26mt_id%3D8675607%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D861460bb-d452-4601-9a53-f2e4ca5b1362%26mt_cid%3D861460bb-d452-4601-9a53-f2e4ca5b1362%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCTLUhUtS7YI-kCc2d1fAPo6OP8A3Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTY5MzM0NjE5NDA2Mjc2NDHIAQmoAwGqBPQBT9BV0pxWpsGUL3X_cMfKKTmAQTAAnhmrP0-cQ9ZNe6ZpohyoCyFHwMEmHwIEu9mm6QXONBf-n6i7ph5R_XMWrWQg5uHxXBVasL-QaN_NchqgAGb9FwIMefhMyGUGbNkkmwmOhgiCLZudA5ZnZ3ndWErX2in0hJ_0zwhiXuvO0k7PRPe9cb4ksaURonpWRR-I7jJ8l-FxVQKKqx9G5E8P1fuANJb3EH5QtxscN3O-2-X1DBbvzL9s1zzBhgBX_qxAezl5sZRREttMuXvbOHHrAqpjjmmVkg1kVhl2IgfFM3O3ezyniIk8nBy2Ahs_cBk3q-CC74AG98y_582tn8zJAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1qDNTO-D928HKlDgJXCyuyw2aPLg%2526client%253Dca-pub-6933461940627641%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.edocr.com%2F&ancestorOrigins=https%3A%2F%2Fwww.edocr.com&random=3854745827297&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 41

https://www.awin1.com/cshow.php?s=2846668&v=14098&q=409715&r=296283&pref1=13561000184666702179197011616025&pv=0 HTTP 302
https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kts_120x600px.jpg

45 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request changing-kitchen-area-style Show response
www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/
Redirect Chain

https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/Changing-Kitchen-Area-Style
https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style

5 KB
2 KB

114ms
114ms

Document
text/html

3.222.244.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.222.244.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-222-244-201.compute-1.amazonaws.com

Software

/ Express

Resource Hash

5d96587812c5db0e5b60f2f53ba3f04de229d0db9a8e4e4250ce7d2733f491dd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff

Request headers

Host: www.edocr.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

build-number: 2087
content-encoding: gzip
content-security-policy: frame-ancestors 'none'
content-type: text/html; charset=utf-8
date: Sat, 05 Jun 2021 19:45:20 GMT
etag: W/"1333-8aDgVPllPcxieYklWJ0gc4k2MAU"
vary: Accept-Encoding
X-Content-Type-Options: nosniff
x-powered-by: Express
Content-Length: 2181
Connection: keep-alive

Redirect headers

build-number: 2087
content-security-policy: frame-ancestors 'none'
content-type: text/html; charset=utf-8
date: Sat, 05 Jun 2021 19:45:20 GMT
location: /v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style
vary: Accept, Accept-Encoding
X-Content-Type-Options: nosniff
x-powered-by: Express
Content-Length: 220
Connection: keep-alive

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 134 KB
48 KB 44ms
22ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bca58cb91d0442fbc4394a6675603165ecaa067a92f4f6e115e34dfa2833a37a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 19:45:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48419
x-xss-protection: 0
server: cafe
etag: 13744972075384101287
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 05 Jun 2021 19:45:20 GMT

GET
H/1.1 200
OK main.00f291007fc7948c83c0.css
www.edocr.com/v/static/ 2 KB
1 KB 107ms
107ms Stylesheet
text/css 3.222.244.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/v/static/main.00f291007fc7948c83c0.css

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.222.244.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-222-244-201.compute-1.amazonaws.com

Software

/ Express

Resource Hash

65e4e63638e9c69fe634cc25b595b20afe3e704f5eb8adf36a551e3c23a12ecf

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.edocr.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style
Connection: keep-alive
Referer: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
content-encoding: gzip
X-Content-Type-Options: nosniff
last-modified: Fri, 04 Jun 2021 20:37:04 GMT
x-powered-by: Express
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
date: Sat, 05 Jun 2021 19:45:20 GMT
Connection: keep-alive
accept-ranges: bytes
transfer-encoding: chunked
etag: W/"814-179d8be5980"
build-number: 2087

GET
H/1.1 200
OK bundle.js Show response
www.edocr.com/v/static/ 2 MB
559 KB 115ms
115ms Script
application/javascript 3.222.244.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/v/static/bundle.js

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.222.244.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-222-244-201.compute-1.amazonaws.com

Software

/ Express

Resource Hash

026e2bb99bffa28f8904e44809f6766b5a66690c1d3d1429f36ec56efbf12ce8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.edocr.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style
Connection: keep-alive
Referer: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
content-encoding: gzip
X-Content-Type-Options: nosniff
last-modified: Fri, 04 Jun 2021 21:08:57 GMT
x-powered-by: Express
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
date: Sat, 05 Jun 2021 19:45:20 GMT
Connection: keep-alive
accept-ranges: bytes
transfer-encoding: chunked
etag: W/"2011d8-179d8db8c83"
build-number: 2087

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 2037
date: Sat, 05 Jun 2021 19:11:23 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Sat, 05 Jun 2021 21:11:23 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
206 B 14ms
13ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1442062396&t=pageview&_s=1&dl=https%3A%2F%2Fwww.edocr.com%2Fv%2Fnarav7rp%2Fsweetslindapeony89peacekramersheltonpigeonhood73%2Fchanging-kitchen-area-style&ul=en-us&de=UTF-8&dt=Changing%20Kitchen%20Area%20Style%20%7C%20edocr&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1614887842&gjid=710963775&cid=589232484.1622922321&tid=UA-160144-46&_gid=1758940786.1622922321&_r=1&_slc=1&z=123334513

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 05 Jun 2021 19:45:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.edocr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210601/r20190131/ Frame B0CA 10 KB
5 KB 30ms
6ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210601/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210601/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.edocr.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.edocr.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 04 Jun 2021 23:22:09 GMT
expires: Fri, 18 Jun 2021 23:22:09 GMT
content-type: text/html; charset=UTF-8
etag: 15349191498103243965
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4506
x-xss-protection: 0
age: 73392
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK narav7rp Show response
www.edocr.com/api-user/viewingSession/ 2 KB
1 KB 333ms
333ms XHR
application/json 3.222.244.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/api-user/viewingSession/narav7rp?isEmbed=false

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/static/bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.222.244.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-222-244-201.compute-1.amazonaws.com

Software

/ Express

Resource Hash

deb503b3cb419db782d6b48531102313f8111585b3159f49cfa144e5151d5734

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.edocr.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: application/json, text/plain, */*
Cache-Control: no-cache
Sec-Fetch-Dest: empty
Referer: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style
Cookie: _ga=GA1.2.589232484.1622922321; _gid=GA1.2.1758940786.1622922321; _gat=1
Connection: keep-alive
Accept: application/json, text/plain, */*
Referer: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
content-encoding: gzip
X-Content-Type-Options: nosniff
x-powered-by: Express
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
date: Sat, 05 Jun 2021 19:45:21 GMT
Connection: keep-alive
Content-Length: 1129
etag: W/"974-NA5kRhNI5Dgk6/nOuXMQahS+ULo"
build-number: 2087

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210601/r20190131/ 232 KB
86 KB 47ms
34ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210601/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-6933461940627641&plah=www.edocr.com&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0d5f76008f1784b20b99d51741b2f8b8bbee28d5f2950ca2cf4226b6d61b1344

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 19:45:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87637
x-xss-protection: 0
server: cafe
etag: 15632250250964762239
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 05 Jun 2021 19:45:22 GMT

GET
H/1.1 200
OK restrictions Show response
www.edocr.com/pas/v2/ViewingSessions/aF1j38FVo41UOpOcKbPRChxYwaRMMmMSc_LeOTSIaTpq-1yOo4VR7Wq2alJh04KR3g_zIV60bdDRbQFOU--twSJqCuuwy5_LeSCuxGNTgSVKzXe4_u7i3WqN8lGA_3dZZaoUvaZOjKLjF6rZedqfL1Lj07xnAxNV... 226 B
655 B 134ms
134ms XHR
application/json 3.222.244.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/pas/v2/ViewingSessions/aF1j38FVo41UOpOcKbPRChxYwaRMMmMSc_LeOTSIaTpq-1yOo4VR7Wq2alJh04KR3g_zIV60bdDRbQFOU--twSJqCuuwy5_LeSCuxGNTgSVKzXe4_u7i3WqN8lGA_3dZZaoUvaZOjKLjF6rZedqfL1Lj07xnAxNVd5Zuv8RdWk4/restrictions

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/static/bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.222.244.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-222-244-201.compute-1.amazonaws.com

Software

nginx / Express

Resource Hash

b1ba9fa4ad8fdf667f000a62ef0aebcd3b169d9e70a0e7079072471016139c68

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Accusoft-Parent-Pid: 0
Accusoft-Parent-Name: ViewerControl
Sec-Fetch-Dest: empty
Cookie: _ga=GA1.2.589232484.1622922321; _gid=GA1.2.1758940786.1622922321; _gat=1
Connection: keep-alive
Accusoft-Gid: 9MLorud5cYV3av6wdiX3dw
Pragma: no-cache
Host: www.edocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json
Accept: */*
Cache-Control: no-cache
Referer: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style
Sec-Fetch-Site: same-origin
Accusoft-Parent-Taskid: 0
Accusoft-Parent-Name: ViewerControl
Referer: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style
Accusoft-Gid: 9MLorud5cYV3av6wdiX3dw
Accusoft-Parent-Pid: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accusoft-Parent-Taskid: 0
Content-Type: application/json

Response headers

content-security-policy: frame-ancestors 'none'
content-encoding: gzip
X-Content-Type-Options: nosniff
x-powered-by: Express
Connection: keep-alive
Content-Length: 125
pragma: no-cache
server: nginx
date: Sat, 05 Jun 2021 19:45:22 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: *
build-number: 2087
expires: -1

GET
H/1.1 200
OK 0 Show response
www.edocr.com/pas/Page/q/ 25 KB
15 KB 148ms
146ms XHR
image/svg+xml 3.222.244.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/pas/Page/q/0?DocumentID=uaF1j38FVo41UOpOcKbPRChxYwaRMMmMSc_LeOTSIaTpq-1yOo4VR7Wq2alJh04KR3g_zIV60bdDRbQFOU--twSJqCuuwy5_LeSCuxGNTgSVKzXe4_u7i3WqN8lGA_3dZZaoUvaZOjKLjF6rZedqfL1Lj07xnAxNVd5Zuv8RdWk4&Scale=1&ContentType=svgb

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/static/bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.222.244.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-222-244-201.compute-1.amazonaws.com

Software

nginx / Express

Resource Hash

32acf16bbb8b643bfcf1714175058be20bfddc6661ae39f353756da8b529f67e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Accusoft-Parent-Pid: 0
Accusoft-Parent-Name: ViewerControl
Sec-Fetch-Dest: empty
Cookie: _ga=GA1.2.589232484.1622922321; _gid=GA1.2.1758940786.1622922321; _gat=1
Connection: keep-alive
Accusoft-Gid: YJk7hr7OPYf4drVmEk5mvQ
Pragma: no-cache
Host: www.edocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Cache-Control: no-cache
Referer: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style
Sec-Fetch-Site: same-origin
Accusoft-Parent-Taskid: 0
Accusoft-Parent-Name: ViewerControl
Referer: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style
Accusoft-Gid: YJk7hr7OPYf4drVmEk5mvQ
Accusoft-Parent-Pid: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accusoft-Parent-Taskid: 0

Response headers

date: Sat, 05 Jun 2021 19:45:22 GMT
content-encoding: gzip
X-Content-Type-Options: nosniff
x-powered-by: Express
transfer-encoding: chunked
Connection: keep-alive
accusoft-data-encrypted: false
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=1209600
access-control-allow-credentials: true
content-security-policy: frame-ancestors 'none'
access-control-allow-headers: *
build-number: 2087

GET
DATA 200
OK truncated
/ 1 KB
1 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b8657baaa6b95a17c934001c3338f3cdff05bf8ce67ffe25c3b7ab53cd580241

Request headers

Origin: https://www.edocr.com
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 199 B
638 B 218ms
151ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.edocr.com&callback=_gfp_s_&client=ca-pub-6933461940627641

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210601/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-6933461940627641&plah=www.edocr.com&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

765f535c09cc85be7c8f356e5d419790d574041c609d703a6f9ef43a95dd39fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 19:45:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 189
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 36ms
16ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.edocr.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 19:45:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 35ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.edocr.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 19:45:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7893 10 KB
5 KB 190ms
176ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=600&slotname=3952982610&adk=937441900&adf=750878660&pi=t.ma~as.3952982610&w=120&lmt=1622922322&psa=0&format=120x600&url=https%3A%2F%2Fwww.edocr.com%2Fv%2Fnarav7rp%2Fsweetslindapeony89peacekramersheltonpigeonhood73%2Fchanging-kitchen-area-style&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622922322008&bpp=4&bdt=1069&idt=95&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=2318248038001&frm=20&pv=2&ga_vid=589232484.1622922321&ga_sid=1622922322&ga_hid=1442062396&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=25&ady=295&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3598084296949102&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Cd%7CeE%7Cp&abl=XS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=JuQEdpsP4Z&p=https%3A//www.edocr.com&dtd=110

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ce69dc4942a0b2894791ac9606f9d76b07062d46ee423cb90814bdacea3fe731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-6933461940627641&output=html&h=600&slotname=3952982610&adk=937441900&adf=750878660&pi=t.ma~as.3952982610&w=120&lmt=1622922322&psa=0&format=120x600&url=https%3A%2F%2Fwww.edocr.com%2Fv%2Fnarav7rp%2Fsweetslindapeony89peacekramersheltonpigeonhood73%2Fchanging-kitchen-area-style&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622922322008&bpp=4&bdt=1069&idt=95&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=2318248038001&frm=20&pv=2&ga_vid=589232484.1622922321&ga_sid=1622922322&ga_hid=1442062396&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=25&ady=295&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3598084296949102&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Cd%7CeE%7Cp&abl=XS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=JuQEdpsP4Z&p=https%3A//www.edocr.com&dtd=110
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.edocr.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.edocr.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 05 Jun 2021 19:45:22 GMT
server: cafe
content-length: 5300
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 05-Jun-2021 20:00:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 05 Jun 2021 19:45:22 GMT
cache-control: private

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 39ms
25ms XHR
application/json 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210601&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

388979aa4efbc1c6f0e2aae148cf6c98906a7b3b3f75371a2e76ccc141a8f4d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 19:45:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8254
x-xss-protection: 0

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a06800ad719e1f1b46691ded5a5577666d2fc30f950b0ba544352ede4e25de7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 19:45:22 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622805992319560"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28149
x-xss-protection: 0
expires: Sat, 05 Jun 2021 19:45:22 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A91C 405 B
228 B 168ms
164ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=250&slotname=4103433139&adk=402904232&adf=2030016460&pi=t.ma~as.4103433139&w=300&lmt=1622922322&psa=0&format=300x250&url=https%3A%2F%2Fwww.edocr.com%2Fv%2Fnarav7rp%2Fsweetslindapeony89peacekramersheltonpigeonhood73%2Fchanging-kitchen-area-style&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622922322012&bpp=1&bdt=1073&idt=112&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=120x600&correlator=2318248038001&frm=20&pv=1&ga_vid=589232484.1622922321&ga_sid=1622922322&ga_hid=1442062396&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1270&ady=184&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3598084296949102&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Cd%7CeE%7Cp&abl=XS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=bwoPI0kXNE&p=https%3A//www.edocr.com&dtd=116

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

17324ad254705998994843b2b6dd005bc144217f3bc66af8037341fe0dcb9478

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-6933461940627641&output=html&h=250&slotname=4103433139&adk=402904232&adf=2030016460&pi=t.ma~as.4103433139&w=300&lmt=1622922322&psa=0&format=300x250&url=https%3A%2F%2Fwww.edocr.com%2Fv%2Fnarav7rp%2Fsweetslindapeony89peacekramersheltonpigeonhood73%2Fchanging-kitchen-area-style&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622922322012&bpp=1&bdt=1073&idt=112&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=120x600&correlator=2318248038001&frm=20&pv=1&ga_vid=589232484.1622922321&ga_sid=1622922322&ga_hid=1442062396&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1270&ady=184&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3598084296949102&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Cd%7CeE%7Cp&abl=XS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=bwoPI0kXNE&p=https%3A//www.edocr.com&dtd=116
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.edocr.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.edocr.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 05 Jun 2021 19:45:22 GMT
server: cafe
content-length: 205
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 05-Jun-2021 20:00:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 05 Jun 2021 19:45:22 GMT
cache-control: private

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
39ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 05 Jun 2021 19:45:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 39ms
39ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.edocr.com%2Fv%2Fnarav7rp%2Fsweetslindapeony89peacekramersheltonpigeonhood73%2Fchanging-kitchen-area-style&tn=HEADER&cls=MuiPaper-root%20MuiAppBar-root%20MuiAppBar-positionFixed%20MuiAppBar-colorPrimary%20jss2%20mui-fixed%20MuiPaper-elevation4&ign=false

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 05 Jun 2021 19:45:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 15A5 0
19 B 28ms
28ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&adk=1812271804&adf=3025194257&lmt=1622922322&plat=1%3A16809992%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.edocr.com%2Fv%2Fnarav7rp%2Fsweetslindapeony89peacekramersheltonpigeonhood73%2Fchanging-kitchen-area-style&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622922322042&bpp=1&bdt=1103&idt=88&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=120x600%2C300x250&nras=1&correlator=2318248038001&frm=20&pv=1&ga_vid=589232484.1622922321&ga_sid=1622922322&ga_hid=1442062396&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3598084296949102&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=94

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-6933461940627641&output=html&adk=1812271804&adf=3025194257&lmt=1622922322&plat=1%3A16809992%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.edocr.com%2Fv%2Fnarav7rp%2Fsweetslindapeony89peacekramersheltonpigeonhood73%2Fchanging-kitchen-area-style&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622922322042&bpp=1&bdt=1103&idt=88&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=120x600%2C300x250&nras=1&correlator=2318248038001&frm=20&pv=1&ga_vid=589232484.1622922321&ga_sid=1622922322&ga_hid=1442062396&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3598084296949102&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=94
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.edocr.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.edocr.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 05 Jun 2021 19:45:22 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 05-Jun-2021 20:00:22 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 05 Jun 2021 19:45:22 GMT
cache-control: private

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 35ms
14ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 19:45:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Sat, 05 Jun 2021 19:45:22 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 2A38 12 KB
5 KB 20ms
6ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.edocr.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.edocr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Sat, 05 Jun 2021 18:27:42 GMT
expires: Sun, 05 Jun 2022 18:27:42 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4660
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5A36 783 B
1008 B 37ms
16ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c95d9ef1a1bb413ac430a1e46993f0edba1a95817448b35e92124c4d46af4f2d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qoJO/rSEaA8eI2xW2hP6tQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.edocr.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.edocr.com/

Response headers

expires: Sat, 05 Jun 2021 19:45:22 GMT
date: Sat, 05 Jun 2021 19:45:22 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-qoJO/rSEaA8eI2xW2hP6tQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js Show response
pagead2.googlesyndication.com/bg/ Frame 2A38 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 04 Jun 2021 06:47:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 133102
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5751
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 04 Jun 2022 06:47:00 GMT

GET
DATA 200
OK truncated
/ 8 KB
8 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6e90f213f5b1f2e40d6d2670f81f28b39885d7787ca1326a142a55daf0917b17

Request headers

Origin: https://www.edocr.com
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H/1.1 200
OK Attributes Show response
www.edocr.com/pas/Document/q/ 41 B
590 B 130ms
130ms XHR
application/json 3.222.244.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/pas/Document/q/Attributes?DocumentID=uaF1j38FVo41UOpOcKbPRChxYwaRMMmMSc_LeOTSIaTpq-1yOo4VR7Wq2alJh04KR3g_zIV60bdDRbQFOU--twSJqCuuwy5_LeSCuxGNTgSVKzXe4_u7i3WqN8lGA_3dZZaoUvaZOjKLjF6rZedqfL1Lj07xnAxNVd5Zuv8RdWk4&DesiredPageCountConfidence=50

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/static/bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.222.244.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-222-244-201.compute-1.amazonaws.com

Software

nginx / Express

Resource Hash

db8483df46939e49776f18e2b3166a60f9703cb8cda142a0305b0402aca1af12

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Accusoft-Parent-Pid: 0
Accusoft-Parent-Name: ViewerControl
Sec-Fetch-Dest: empty
Cookie: _ga=GA1.2.589232484.1622922321; _gid=GA1.2.1758940786.1622922321; _gat=1
Connection: keep-alive
Accusoft-Gid: eBNB4kTOPcACR950P4qEQg
Pragma: no-cache
Host: www.edocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json
Accept: */*
Cache-Control: no-cache
Referer: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style
Sec-Fetch-Site: same-origin
Accusoft-Parent-Taskid: 0
Accusoft-Parent-Name: ViewerControl
Referer: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style
Accusoft-Gid: eBNB4kTOPcACR950P4qEQg
Accusoft-Parent-Pid: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accusoft-Parent-Taskid: 0
Content-Type: application/json

Response headers

content-security-policy: frame-ancestors 'none'
content-encoding: gzip
X-Content-Type-Options: nosniff
x-powered-by: Express
transfer-encoding: chunked
Connection: keep-alive
server: nginx
date: Sat, 05 Jun 2021 19:45:22 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json;charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
access-control-allow-credentials: true
access-control-allow-headers: *
build-number: 2087

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 7893 3 KB
2 KB 157ms
87ms Script
application/x-javascript 185.29.135.190
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRVMk1tVTNORFV0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzczMTM0NTE0MjUwNjg1MzMzODgvODY3NTYwNy83MzI0NDE5LzQvcmhOUkdTaUktbWpPalQ3ek92U1ltTzVROVN3cnMtcGROYi1oSWxfX0Ywcy8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNzMxMzQ1MTQyNTA2ODUzMzM4OC96cmgvMC8yNTUvOTAvOTk5LzY2LzJhMDE6NGY4OjEyMTo6LzAuMDAwLzE2MjI5MjIzMjIvMTYyMjkzNDkyMi80L3B1Yi02OTMzNDYxOTQwNjI3NjQxLw/vWG9b_kAdoUWaeSkiybopBI6rcI&nodeid=2630&group=eu&auctionid=7313451425068533388&sid=7324419&cid=8675607&bp=a_ahdhbb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.24&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCTLUhUtS7YI-kCc2d1fAPo6OP8A3Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTY5MzM0NjE5NDA2Mjc2NDHIAQmoAwGqBPQBT9BV0pxWpsGUL3X_cMfKKTmAQTAAnhmrP0-cQ9ZNe6ZpohyoCyFHwMEmHwIEu9mm6QXONBf-n6i7ph5R_XMWrWQg5uHxXBVasL-QaN_NchqgAGb9FwIMefhMyGUGbNkkmwmOhgiCLZudA5ZnZ3ndWErX2in0hJ_0zwhiXuvO0k7PRPe9cb4ksaURonpWRR-I7jJ8l-FxVQKKqx9G5E8P1fuANJb3EH5QtxscN3O-2-X1DBbvzL9s1zzBhgBX_qxAezl5sZRREttMuXvbOHHrAqpjjmmVkg1kVhl2IgfFM3O3ezyniIk8nBy2Ahs_cBk3q-CC74AG98y_582tn8zJAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1qDNTO-D928HKlDgJXCyuyw2aPLg%26client%3Dca-pub-6933461940627641%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=600&slotname=3952982610&adk=937441900&adf=750878660&pi=t.ma~as.3952982610&w=120&lmt=1622922322&psa=0&format=120x600&url=https%3A%2F%2Fwww.edocr.com%2Fv%2Fnarav7rp%2Fsweetslindapeony89peacekramersheltonpigeonhood73%2Fchanging-kitchen-area-style&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622922322008&bpp=4&bdt=1069&idt=95&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=2318248038001&frm=20&pv=2&ga_vid=589232484.1622922321&ga_sid=1622922322&ga_hid=1442062396&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=25&ady=295&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3598084296949102&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Cd%7CeE%7Cp&abl=XS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=JuQEdpsP4Z&p=https%3A//www.edocr.com&dtd=110
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.135.190 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.200.1 /
Resource Hash: 81dd3736f3db9a912b56b15716ea40f37b242140f6de5814425de07fa0702def

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 05 Jun 2021 19:45:20 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1622922322
Last-Modified: Sat, 05 Jun 2021 19:45:22 GMT
Server: MMBD/3.200.1
x-mm-latency: 53 (4)
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: cdg-router-x29, zrh-bidder-x144
Connection: close
Content-Type: application/x-javascript; charset=UTF-8
Expires: Sat, 05 Jun 2021 19:45:19 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 7893 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=600&slotname=3952982610&adk=937441900&adf=750878660&pi=t.ma~as.3952982610&w=120&lmt=1622922322&psa=0&format=120x600&url=https%3A%2F%2Fwww.edocr.com%2Fv%2Fnarav7rp%2Fsweetslindapeony89peacekramersheltonpigeonhood73%2Fchanging-kitchen-area-style&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622922322008&bpp=4&bdt=1069&idt=95&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=2318248038001&frm=20&pv=2&ga_vid=589232484.1622922321&ga_sid=1622922322&ga_hid=1442062396&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=25&ady=295&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3598084296949102&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Cd%7CeE%7Cp&abl=XS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=JuQEdpsP4Z&p=https%3A//www.edocr.com&dtd=110

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 19:39:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 345
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 19 Jun 2021 19:39:37 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7893 122 KB
37 KB 27ms
14ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 19:45:22 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622806011323838"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37960
x-xss-protection: 0
expires: Sat, 05 Jun 2021 19:45:22 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 7893 13 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 19:44:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1091097466425408374
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 19 Jun 2021 19:44:14 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7893 0
0 18ms
17ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CjSo3UtS7YI-kCc2d1fAPo6OP8A3Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTY5MzM0NjE5NDA2Mjc2NDHIAQmoAwGqBPEBT9BV0pxWpsGUL3X_cMfKKTmAQTAAnhmrP0-cQ9ZNe6ZpohyoCyFHwMEmHwIEu9mm6QXONBf-n6i7ph5R_XMWrWQg5uHxXBVasL-QaN_NchqgAGb9FwIMefhMyGUGbNkkmwmOhgiCLZudA5ZnZ3ndWErX2in0hJ_0zwhiXuvO0k7PRPe9cb4ksaURonpWRR-I7jJ8l-FxVQKKqx9G5E8P1fuANJb3EH5QtxscN3O-2-X1DBbvzL9s1zzBhgBX_qxAezl5sZRREttMuXvbOHHrAqpjjmmVkg1kVhl2IgfFMzG1dq4LGC07Ebj-qcN_3-kqv4AG98y_582tn8zJAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxgKFhIUcHViLTY5MzM0NjE5NDA2Mjc2NDE&sigh=gK5ARAVxqyA&tpd=AGWhJmsIS8j2fTyRllQrYE6O-i_Eq5vBKfqOXhRDgMiEgawcoPnWwaYDn8lsjWIeb5fwgrCu9ZeY0Xzb9v9lZQNF1XMUR8J1qlsbPo3SrDu1fKPJY2tQ_DbsUTErKRG_UYHuJADdan8F9uH_lbyHPoVKjYw_GeaYrOO_VlbgoB_-9VMj1Vbx_Vn-Z0IU_dXZd21kOf9ZwRwioOtUWWyW8QVDD8aq7crj9SS13-5UvNS5WMTIp-vMR0YBOWK6Q5wEOmWkyYVCp_rw1bS8G_VM-6hPeZX4dtd8E43BNo6HLA60IIa8IDLH33iD3MDUy5VHeaOaf8vaCHhK9Wg5JLgpHF2AANh2EvSPq5H3QfLtcSvwhpwBcP6g_9x2YZOgsD4T6oJqHun18jlhogSt2jCpHwQveP8qiu8tocljr8ex1gvZ0XlOe5QUcnk9G-zykhi5JO8E-hDzrkxDEY6N9iXJJzKjEtTFPyWmPy8HZLrVEp9JXk2q5v5tbHJb-zDpoWfCTUGwB_5yqVSKZlcpdq7gzomfbWIzD6dhzSft2DfsZF-U5f73lepmTzJPTa5Fx9ieY-u4MsuRQqVT0zKgOflJJtl-0URWL5uzGts91-0rgTHd8M3a_kuZ3idF70NT6x9oBQY3QAMIADN_WEcY2fvu0sd4NPdNl8sgRHV_h3Ycodp-LjAlOHO_78GubkXBP7LvZhWn3Ey3lwKDt8JBZ4pTPgWXgKL4Wba7TV52l_QwipgAQTPuEKZBJDk71hNmBqwTgJQVaRbQzk_ldGMfJJPFvU_OVE6l232loLpZOnMNBCg64V8wZkO1f55GXNeXmtqUsmSgLPO3v3DwJSVl-4dw7RmxR6hN9iTFt9YeFPvow8Kanr0YkHrbuxKqToYjdw0IWKA_uR0Rghp9J7sY4hdEb7dSQ64mo3eXvwHUf8j-lM90A_NmTALdoflWc7zIE6trMAb1RmhRG0Hg7Y1PcJRcXEOLA64Xd3sL0e6Ymuyx5tOiHKlHsHNNpZ8TpADed-cLqQepDQjKJXju_neguDkfR9edDm-lZe_wjg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=600&slotname=3952982610&adk=937441900&adf=750878660&pi=t.ma~as.3952982610&w=120&lmt=1622922322&psa=0&format=120x600&url=https%3A%2F%2Fwww.edocr.com%2Fv%2Fnarav7rp%2Fsweetslindapeony89peacekramersheltonpigeonhood73%2Fchanging-kitchen-area-style&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622922322008&bpp=4&bdt=1069&idt=95&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=2318248038001&frm=20&pv=2&ga_vid=589232484.1622922321&ga_sid=1622922322&ga_hid=1442062396&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=25&ady=295&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3598084296949102&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Cd%7CeE%7Cp&abl=XS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=JuQEdpsP4Z&p=https%3A//www.edocr.com&dtd=110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 05 Jun 2021 19:45:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 05 Jun 2021 19:45:22 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210601&jk=3598084296949102&bg=!7e6l7qrNAAY6sG-_OrA7ACkAdvg8Wr_XURLQqULL0a0oKbEcjsv2UW5OYojKIDRRatqYfOeFwNX3ywIAAABxUgAAAAtoAQcKAPpo5KJl5n4qfxEe-YroKP4QlogcHGoaRVtWdYkVszC-8DhOZG7HDTWGuF1AC9-8bHUJ2CojBs9aw1TeuRrCCgkE-_1uJ9FpQqFDZ40WVUYbppqDn6Bb-A6drFYQ8AnEs1G5VVLwL2bA3s87OcmYE6drTAR8ieLidNnFgu9ZD3GCLdT4B06hOJi42ysfxkuj8jCtf2Q-zeT0hXesog4KQES6lHN8Dv4x_S6Tyni5YpFhstIKwv0obempC9zZojrWEGtUp1d9yYoGF1GfsVOa-_fCzLYIJV0vGsXkVV_tMh1fxXl1Ke9CgoCVdHDW4KoymIOnkOjAiRnaDm5rmQI_IXVW8GEFGM4WSv1caehMe7VxT0mmpmI_x3Lmt6MwVewTUwvja1ngj2TyNmOE0s5Q0VypQAwKpNxuQ70rZhcI4SQRnmJh2PnV-7XVV-RdUesozfxCvfiF50fcOpkDxlPKfEKbrDq1JC_eIKT58AQbrABM9zUhaL8AMHWDvmFFBW-m7t4WMPmpelLdwP6JtwDD_l0wJnqsLtnJbrlfGUZfc-v8FRJfJXM8EWvKfGOMEvlsiOjGQye3kXfbIA63WckqlO7bWTsvzndzRQEqe3xza4q0M2V-XpR-LnWcxYazraqsWikYg1scIns-6DQ-TupfJu2f3GbNy6P6sYGezh2Wm9nIb7HTHzuJ8w7QMTY3wTAujfjNMe21h0K7G9oF4A1-mgsBnjoFTv22EvmVEaQ3mMzX6ad0H9qSUDeWbsaEswoPaCpfarKPhWntvBBUEYh7Pf2Kqhi4yACxsTwH4vFDrC295-gYLqucSE4FkXk2mbNbCHqVbRL3yumWJAAE6cRJ3kw6toes9Y00-Z7MRD-ht0lsHQ6As0VHATU3PyOEVR-uHQz4KWxM-ZhCLv3gIDNVQlrYwRju6SJ-wanzdv2kLxBUbT0BQc6gBZ9-u5CuExN6EQZcp7xg1gifkQlEkWiruhzFJJftBcNM8e8uDQB8gmDEIeb5RWpeG568cCmLkAVclN_jzqs0Dw8JH-wl6EOOGoRg9VtgHBwBRiVvDhyx_aSNtESOPf5TRw1pNTZOyvNwASLFJH0ATkQTXWIdDw4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 05 Jun 2021 19:45:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 437qqb2vcmsn Show response
hal9000.redintelligence.net/zone/ Frame 7893 11 KB
4 KB 116ms
38ms Script
text/html 138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/437qqb2vcmsn?subid=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&rnd=7313451425068533388&extVar[]=DOUBLEBORDER:1&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7313451425068533388%26mt_id%3D8675607%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D861460bb-d452-4601-9a53-f2e4ca5b1362%26mt_cid%3D861460bb-d452-4601-9a53-f2e4ca5b1362%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCTLUhUtS7YI-kCc2d1fAPo6OP8A3Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTY5MzM0NjE5NDA2Mjc2NDHIAQmoAwGqBPQBT9BV0pxWpsGUL3X_cMfKKTmAQTAAnhmrP0-cQ9ZNe6ZpohyoCyFHwMEmHwIEu9mm6QXONBf-n6i7ph5R_XMWrWQg5uHxXBVasL-QaN_NchqgAGb9FwIMefhMyGUGbNkkmwmOhgiCLZudA5ZnZ3ndWErX2in0hJ_0zwhiXuvO0k7PRPe9cb4ksaURonpWRR-I7jJ8l-FxVQKKqx9G5E8P1fuANJb3EH5QtxscN3O-2-X1DBbvzL9s1zzBhgBX_qxAezl5sZRREttMuXvbOHHrAqpjjmmVkg1kVhl2IgfFM3O3ezyniIk8nBy2Ahs_cBk3q-CC74AG98y_582tn8zJAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1qDNTO-D928HKlDgJXCyuyw2aPLg%2526client%253Dca-pub-6933461940627641%2526adurl%253D%26redirect%3D
Requested by: Host: www.edocr.com
URL: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.30.220.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 52a85a1f5745df0caf4e728fab6ef906f6a0c4ca8dc72c11d07cfe54a7d756cf

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 05 Jun 2021 19:45:22 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3474
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 7893 49 B
330 B 109ms
48ms Image
image/gif 185.29.135.190
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=7313451425068533388&node_id=2630&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRVMk1tVTNORFV0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzczMTM0NTE0MjUwNjg1MzMzODgvODY3NTYwNy83MzI0NDE5LzQvcmhOUkdTaUktbWpPalQ3ek92U1ltTzVROVN3cnMtcGROYi1oSWxfX0Ywcy8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNzMxMzQ1MTQyNTA2ODUzMzM4OC96cmgvMC8yNTUvOTAvOTk5LzY2LzJhMDE6NGY4OjEyMTo6LzAuMDAwLzE2MjI5MjIzMjIvMTYyMjkzNDkyMi80L3B1Yi02OTMzNDYxOTQwNjI3NjQxLw/vWG9b_kAdoUWaeSkiybopBI6rcI&nodeid=2630&group=eu&auctionid=7313451425068533388&sid=7324419&cid=8675607&bp=a_ahdhbb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.24&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCTLUhUtS7YI-kCc2d1fAPo6OP8A3Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTY5MzM0NjE5NDA2Mjc2NDHIAQmoAwGqBPQBT9BV0pxWpsGUL3X_cMfKKTmAQTAAnhmrP0-cQ9ZNe6ZpohyoCyFHwMEmHwIEu9mm6QXONBf-n6i7ph5R_XMWrWQg5uHxXBVasL-QaN_NchqgAGb9FwIMefhMyGUGbNkkmwmOhgiCLZudA5ZnZ3ndWErX2in0hJ_0zwhiXuvO0k7PRPe9cb4ksaURonpWRR-I7jJ8l-FxVQKKqx9G5E8P1fuANJb3EH5QtxscN3O-2-X1DBbvzL9s1zzBhgBX_qxAezl5sZRREttMuXvbOHHrAqpjjmmVkg1kVhl2IgfFM3O3ezyniIk8nBy2Ahs_cBk3q-CC74AG98y_582tn8zJAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1qDNTO-D928HKlDgJXCyuyw2aPLg%26client%3Dca-pub-6933461940627641%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.135.190 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.200.1 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 05 Jun 2021 19:45:21 GMT
Server: MMBD/3.200.1
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x38, zrh-bidder-x144
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Sat, 05 Jun 2021 19:45:20 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 7893 43 B
359 B 122ms
53ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=7313451425068533388&v3=863182&v4=7324419&v5=8675607&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRVMk1tVTNORFV0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzczMTM0NTE0MjUwNjg1MzMzODgvODY3NTYwNy83MzI0NDE5LzQvcmhOUkdTaUktbWpPalQ3ek92U1ltTzVROVN3cnMtcGROYi1oSWxfX0Ywcy8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNzMxMzQ1MTQyNTA2ODUzMzM4OC96cmgvMC8yNTUvOTAvOTk5LzY2LzJhMDE6NGY4OjEyMTo6LzAuMDAwLzE2MjI5MjIzMjIvMTYyMjkzNDkyMi80L3B1Yi02OTMzNDYxOTQwNjI3NjQxLw/vWG9b_kAdoUWaeSkiybopBI6rcI&nodeid=2630&group=eu&auctionid=7313451425068533388&sid=7324419&cid=8675607&bp=a_ahdhbb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.24&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCTLUhUtS7YI-kCc2d1fAPo6OP8A3Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTY5MzM0NjE5NDA2Mjc2NDHIAQmoAwGqBPQBT9BV0pxWpsGUL3X_cMfKKTmAQTAAnhmrP0-cQ9ZNe6ZpohyoCyFHwMEmHwIEu9mm6QXONBf-n6i7ph5R_XMWrWQg5uHxXBVasL-QaN_NchqgAGb9FwIMefhMyGUGbNkkmwmOhgiCLZudA5ZnZ3ndWErX2in0hJ_0zwhiXuvO0k7PRPe9cb4ksaURonpWRR-I7jJ8l-FxVQKKqx9G5E8P1fuANJb3EH5QtxscN3O-2-X1DBbvzL9s1zzBhgBX_qxAezl5sZRREttMuXvbOHHrAqpjjmmVkg1kVhl2IgfFM3O3ezyniIk8nBy2Ahs_cBk3q-CC74AG98y_582tn8zJAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1qDNTO-D928HKlDgJXCyuyw2aPLg%26client%3Dca-pub-6933461940627641%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3759 5f8f15b master cdg-pixel-x5 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 05 Jun 2021 19:45:22 GMT
Server: MT3 3759 5f8f15b master cdg-pixel-x5
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 05 Jun 2021 19:46:55 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 7893 49 B
330 B 134ms
73ms Image
image/gif 185.29.135.190
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=7313451425068533388&st=7324419&time=1622922322&nodeid=2630
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRVMk1tVTNORFV0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzczMTM0NTE0MjUwNjg1MzMzODgvODY3NTYwNy83MzI0NDE5LzQvcmhOUkdTaUktbWpPalQ3ek92U1ltTzVROVN3cnMtcGROYi1oSWxfX0Ywcy8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNzMxMzQ1MTQyNTA2ODUzMzM4OC96cmgvMC8yNTUvOTAvOTk5LzY2LzJhMDE6NGY4OjEyMTo6LzAuMDAwLzE2MjI5MjIzMjIvMTYyMjkzNDkyMi80L3B1Yi02OTMzNDYxOTQwNjI3NjQxLw/vWG9b_kAdoUWaeSkiybopBI6rcI&nodeid=2630&group=eu&auctionid=7313451425068533388&sid=7324419&cid=8675607&bp=a_ahdhbb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.24&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCTLUhUtS7YI-kCc2d1fAPo6OP8A3Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTY5MzM0NjE5NDA2Mjc2NDHIAQmoAwGqBPQBT9BV0pxWpsGUL3X_cMfKKTmAQTAAnhmrP0-cQ9ZNe6ZpohyoCyFHwMEmHwIEu9mm6QXONBf-n6i7ph5R_XMWrWQg5uHxXBVasL-QaN_NchqgAGb9FwIMefhMyGUGbNkkmwmOhgiCLZudA5ZnZ3ndWErX2in0hJ_0zwhiXuvO0k7PRPe9cb4ksaURonpWRR-I7jJ8l-FxVQKKqx9G5E8P1fuANJb3EH5QtxscN3O-2-X1DBbvzL9s1zzBhgBX_qxAezl5sZRREttMuXvbOHHrAqpjjmmVkg1kVhl2IgfFM3O3ezyniIk8nBy2Ahs_cBk3q-CC74AG98y_582tn8zJAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1qDNTO-D928HKlDgJXCyuyw2aPLg%26client%3Dca-pub-6933461940627641%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.135.190 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.200.1 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 05 Jun 2021 19:45:21 GMT
Server: MMBD/3.200.1
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x90, zrh-bidder-x144
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Sat, 05 Jun 2021 19:45:20 GMT

GET
H/1.1

200
OK

request.php Show response
hal900025.redintelligence.net/ Frame 7893
Redirect Chain

https://hal900025.redintelligence.net/request.php?zone=437qqb2vcmsn&nw=20&renderingType=javascript&namespace=06d9bcab4e&subid=&uid=6e16bcce8038ad04&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900025.redintelligence.net/request.php?zone=437qqb2vcmsn&nw=20&renderingType=javascript&namespace=06d9bcab4e&subid=&uid=6e16bcce8038ad04&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

2 KB
1 KB

140ms
74ms

Script
application/x-javascript

138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/request.php?zone=437qqb2vcmsn&nw=20&renderingType=javascript&namespace=06d9bcab4e&subid=&uid=6e16bcce8038ad04&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=120x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7313451425068533388%26mt_id%3D8675607%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D861460bb-d452-4601-9a53-f2e4ca5b1362%26mt_cid%3D861460bb-d452-4601-9a53-f2e4ca5b1362%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCTLUhUtS7YI-kCc2d1fAPo6OP8A3Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTY5MzM0NjE5NDA2Mjc2NDHIAQmoAwGqBPQBT9BV0pxWpsGUL3X_cMfKKTmAQTAAnhmrP0-cQ9ZNe6ZpohyoCyFHwMEmHwIEu9mm6QXONBf-n6i7ph5R_XMWrWQg5uHxXBVasL-QaN_NchqgAGb9FwIMefhMyGUGbNkkmwmOhgiCLZudA5ZnZ3ndWErX2in0hJ_0zwhiXuvO0k7PRPe9cb4ksaURonpWRR-I7jJ8l-FxVQKKqx9G5E8P1fuANJb3EH5QtxscN3O-2-X1DBbvzL9s1zzBhgBX_qxAezl5sZRREttMuXvbOHHrAqpjjmmVkg1kVhl2IgfFM3O3ezyniIk8nBy2Ahs_cBk3q-CC74AG98y_582tn8zJAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1qDNTO-D928HKlDgJXCyuyw2aPLg%2526client%253Dca-pub-6933461940627641%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.edocr.com%2F&ancestorOrigins=https%3A%2F%2Fwww.edocr.com&random=3854745827297&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=600&slotname=3952982610&adk=937441900&adf=750878660&pi=t.ma~as.3952982610&w=120&lmt=1622922322&psa=0&format=120x600&url=https%3A%2F%2Fwww.edocr.com%2Fv%2Fnarav7rp%2Fsweetslindapeony89peacekramersheltonpigeonhood73%2Fchanging-kitchen-area-style&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622922322008&bpp=4&bdt=1069&idt=95&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=2318248038001&frm=20&pv=2&ga_vid=589232484.1622922321&ga_sid=1622922322&ga_hid=1442062396&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=25&ady=295&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3598084296949102&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Cd%7CeE%7Cp&abl=XS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=JuQEdpsP4Z&p=https%3A//www.edocr.com&dtd=110
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 3592ec3b1a7716b3e0957b82089de473d5752f796822a81d17d734c7dd516132

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 05 Jun 2021 19:45:22 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 13561000184666702179197011616025
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 725
Expires: Sat, 05 Jun 2021 20:45:22 +0200

Redirect headers

Pragma: no-cache
Date: Sat, 05 Jun 2021 19:45:22 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=437qqb2vcmsn&nw=20&renderingType=javascript&namespace=06d9bcab4e&subid=&uid=6e16bcce8038ad04&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=120x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7313451425068533388%26mt_id%3D8675607%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D861460bb-d452-4601-9a53-f2e4ca5b1362%26mt_cid%3D861460bb-d452-4601-9a53-f2e4ca5b1362%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCTLUhUtS7YI-kCc2d1fAPo6OP8A3Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTY5MzM0NjE5NDA2Mjc2NDHIAQmoAwGqBPQBT9BV0pxWpsGUL3X_cMfKKTmAQTAAnhmrP0-cQ9ZNe6ZpohyoCyFHwMEmHwIEu9mm6QXONBf-n6i7ph5R_XMWrWQg5uHxXBVasL-QaN_NchqgAGb9FwIMefhMyGUGbNkkmwmOhgiCLZudA5ZnZ3ndWErX2in0hJ_0zwhiXuvO0k7PRPe9cb4ksaURonpWRR-I7jJ8l-FxVQKKqx9G5E8P1fuANJb3EH5QtxscN3O-2-X1DBbvzL9s1zzBhgBX_qxAezl5sZRREttMuXvbOHHrAqpjjmmVkg1kVhl2IgfFM3O3ezyniIk8nBy2Ahs_cBk3q-CC74AG98y_582tn8zJAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1qDNTO-D928HKlDgJXCyuyw2aPLg%2526client%253Dca-pub-6933461940627641%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.edocr.com%2F&ancestorOrigins=https%3A%2F%2Fwww.edocr.com&random=3854745827297&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Sat, 05 Jun 2021 20:45:22 +0200

GET
H/1.1 200
OK request_content.php Show response
hal900025.redintelligence.net/ Frame 4852 3 KB
2 KB 112ms
38ms Document
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/request_content.php?s=13561000184666702179197011616025&a=dbbc8801
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request.php?zone=437qqb2vcmsn&nw=20&renderingType=javascript&namespace=06d9bcab4e&subid=&uid=6e16bcce8038ad04&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=120x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7313451425068533388%26mt_id%3D8675607%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D861460bb-d452-4601-9a53-f2e4ca5b1362%26mt_cid%3D861460bb-d452-4601-9a53-f2e4ca5b1362%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCTLUhUtS7YI-kCc2d1fAPo6OP8A3Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTY5MzM0NjE5NDA2Mjc2NDHIAQmoAwGqBPQBT9BV0pxWpsGUL3X_cMfKKTmAQTAAnhmrP0-cQ9ZNe6ZpohyoCyFHwMEmHwIEu9mm6QXONBf-n6i7ph5R_XMWrWQg5uHxXBVasL-QaN_NchqgAGb9FwIMefhMyGUGbNkkmwmOhgiCLZudA5ZnZ3ndWErX2in0hJ_0zwhiXuvO0k7PRPe9cb4ksaURonpWRR-I7jJ8l-FxVQKKqx9G5E8P1fuANJb3EH5QtxscN3O-2-X1DBbvzL9s1zzBhgBX_qxAezl5sZRREttMuXvbOHHrAqpjjmmVkg1kVhl2IgfFM3O3ezyniIk8nBy2Ahs_cBk3q-CC74AG98y_582tn8zJAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1qDNTO-D928HKlDgJXCyuyw2aPLg%2526client%253Dca-pub-6933461940627641%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fwww.edocr.com%2F&ancestorOrigins=https%3A%2F%2Fwww.edocr.com&random=3854745827297&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: bd38c484db9be47111f5c09466c01c8c25c5396e1ef24de610d26a24933db22f

Request headers

Host: hal900025.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 8lcfmzhxc8d6_uid=b95267806846f584
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

Date: Sat, 05 Jun 2021 19:45:22 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Sat, 05 Jun 2021 20:45:22 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1340
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 7893 43 B
704 B 122ms
61ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2846668&v=14098&q=409715&r=296283&pref1=13561000184666702179197011616025&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 05 Jun 2021 19:45:22 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
DATA 200
OK truncated
/ Frame 7893 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ec92d051eaeb6b5ba0db56b336fb2bee6f41a6197bd783e6de99b6fa303fd266

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

kl_kts_120x600px.jpg
cdn.contentspread.net/24i/advertiser/3839/creativesup/ Frame 4852
Redirect Chain

https://www.awin1.com/cshow.php?s=2846668&v=14098&q=409715&r=296283&pref1=13561000184666702179197011616025&pv=0
https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kts_120x600px.jpg

37 KB
38 KB

149ms
50ms

Image
image/jpeg

85.114.131.234
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kts_120x600px.jpg
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=13561000184666702179197011616025&a=dbbc8801
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.234 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21038.dus4.fastwebserver.de
Software: nginx /
Resource Hash: dfb8142570fc8da70edd4681e3b94d987e2b315ffe25dc692907aad7f0280194

Request headers

Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 05 Jun 2021 19:45:23 GMT
Last-Modified: Mon, 29 Mar 2021 07:44:23 GMT
Server: nginx
ETag: "60618557-95b8"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 38328

Redirect headers

Date: Sat, 05 Jun 2021 19:45:23 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kts_120x600px.jpg
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK viewability Show response
hal900025.redintelligence.net/ Frame 4852 0
150 B 112ms
38ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/viewability?s=13561000184666702179197011616025&a=c556082f&vb=m
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=13561000184666702179197011616025&a=dbbc8801
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal900025.redintelligence.net/request_content.php?s=13561000184666702179197011616025&a=dbbc8801
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 05 Jun 2021 19:45:23 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 4852 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/24i/tools/js/ Frame 4852 851 B
1 KB 131ms
31ms Script
application/javascript 85.114.131.234
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/24i/tools/js/addDoubleBorder.js
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=13561000184666702179197011616025&a=dbbc8801
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.234 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21038.dus4.fastwebserver.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 05 Jun 2021 19:45:23 GMT
Last-Modified: Tue, 03 May 2016 20:54:50 GMT
Server: nginx
ETag: "5729101a-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H/1.1 200
OK Text Show response
www.edocr.com/pas/Document/q/0-0/ 60 KB
13 KB 217ms
217ms XHR
application/json 3.222.244.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/pas/Document/q/0-0/Text?DocumentID=uaF1j38FVo41UOpOcKbPRChxYwaRMMmMSc_LeOTSIaTpq-1yOo4VR7Wq2alJh04KR3g_zIV60bdDRbQFOU--twSJqCuuwy5_LeSCuxGNTgSVKzXe4_u7i3WqN8lGA_3dZZaoUvaZOjKLjF6rZedqfL1Lj07xnAxNVd5Zuv8RdWk4

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/static/bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.222.244.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-222-244-201.compute-1.amazonaws.com

Software

nginx / Express

Resource Hash

2eb06f7508546e58804293795beda6071a36516d16a860d8d83848b83eca400f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Accusoft-Parent-Pid: 0
Accusoft-Parent-Name: ViewerControl
Sec-Fetch-Dest: empty
Cookie: _ga=GA1.2.589232484.1622922321; _gid=GA1.2.1758940786.1622922321; _gat=1; __gads=ID=31e180a826aded3f-2294a078b9c800f8:T=1622922322:RT=1622922322:S=ALNI_MaGeIbDRUA6Tw5oqVxwhANpMSMB0Q
Connection: keep-alive
Accusoft-Gid: le79aRgBMSl58rdbKJKfaA
Pragma: no-cache
Host: www.edocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json
Cache-Control: no-cache
Referer: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style
Sec-Fetch-Site: same-origin
Accusoft-Parent-Taskid: 0
accept: application/json
Referer: https://www.edocr.com/v/narav7rp/sweetslindapeony89peacekramersheltonpigeonhood73/changing-kitchen-area-style
Accusoft-Parent-Name: ViewerControl
Accusoft-Gid: le79aRgBMSl58rdbKJKfaA
Accusoft-Parent-Pid: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accusoft-Parent-Taskid: 0

Response headers

date: Sat, 05 Jun 2021 19:45:23 GMT
content-encoding: gzip
X-Content-Type-Options: nosniff
x-powered-by: Express
Connection: keep-alive
Content-Length: 12582
pragma: no-cache
accusoft-data-encrypted: false
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
content-security-policy: frame-ancestors 'none'
access-control-allow-headers: *
build-number: 2087
expires: -1

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c39b8da49b4b191f00365068d8401cc38c6747b58dbb1a7f5aab9601504e201f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7893 42 B
64 B 40ms
39ms Fetch
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstm_x5jW9hq9ZSyidyKwEyUaIzz2b6Sf9XEQF4YtsOuFuvv4fxo5pNk4CV83dddjFmGdnQ4_n3yDztOWoD9cBAfJJe2hKhviA&sig=Cg0ArKJSzI-oNfHQeTU8EAE&id=lidar2&mcvt=1000&p=295,25,895,145&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210604&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=937441900&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1622922322120&dlt=209&rpt=107&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 05 Jun 2021 19:45:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900025.redintelligence.net/ Frame 4852 0
150 B 113ms
38ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/viewability?s=13561000184666702179197011616025&a=c556082f&vb=v
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=13561000184666702179197011616025&a=dbbc8801
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal900025.redintelligence.net/request_content.php?s=13561000184666702179197011616025&a=dbbc8801
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 05 Jun 2021 19:45:24 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

76 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.edocr.com/	1970-01-19 18:48:42	Name: _gat Value: 1
.edocr.com/	1970-01-19 18:50:08	Name: _gid Value: GA1.2.1758940786.1622922321
.edocr.com/	1970-01-20 12:19:54	Name: _ga Value: GA1.2.589232484.1622922321

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'none'
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cdn.contentspread.net
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900025.redintelligence.net
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.mathtag.com
tags.mathtag.com
tpc.googlesyndication.com
www.awin1.com
www.edocr.com
www.google-analytics.com
www.google.com
www.googletagservices.com
104.111.239.217
138.201.220.30
138.201.84.245
142.250.185.130
185.29.135.190
2.18.233.201
2a00:1450:4001:802::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2002
2a00:1450:4001:813::2001
2a00:1450:4001:827::2004
2a00:1450:4001:829::2002
2a00:1450:4001:831::200e
3.222.244.201
85.114.131.234
026e2bb99bffa28f8904e44809f6766b5a66690c1d3d1429f36ec56efbf12ce8
0d5f76008f1784b20b99d51741b2f8b8bbee28d5f2950ca2cf4226b6d61b1344
17324ad254705998994843b2b6dd005bc144217f3bc66af8037341fe0dcb9478
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650
265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6
27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2eb06f7508546e58804293795beda6071a36516d16a860d8d83848b83eca400f
32acf16bbb8b643bfcf1714175058be20bfddc6661ae39f353756da8b529f67e
3592ec3b1a7716b3e0957b82089de473d5752f796822a81d17d734c7dd516132
388979aa4efbc1c6f0e2aae148cf6c98906a7b3b3f75371a2e76ccc141a8f4d8
52a85a1f5745df0caf4e728fab6ef906f6a0c4ca8dc72c11d07cfe54a7d756cf
5a06800ad719e1f1b46691ded5a5577666d2fc30f950b0ba544352ede4e25de7
5d96587812c5db0e5b60f2f53ba3f04de229d0db9a8e4e4250ce7d2733f491dd
65e4e63638e9c69fe634cc25b595b20afe3e704f5eb8adf36a551e3c23a12ecf
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971
6e90f213f5b1f2e40d6d2670f81f28b39885d7787ca1326a142a55daf0917b17
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
765f535c09cc85be7c8f356e5d419790d574041c609d703a6f9ef43a95dd39fd
81dd3736f3db9a912b56b15716ea40f37b242140f6de5814425de07fa0702def
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1ba9fa4ad8fdf667f000a62ef0aebcd3b169d9e70a0e7079072471016139c68
b8657baaa6b95a17c934001c3338f3cdff05bf8ce67ffe25c3b7ab53cd580241
bca58cb91d0442fbc4394a6675603165ecaa067a92f4f6e115e34dfa2833a37a
bd38c484db9be47111f5c09466c01c8c25c5396e1ef24de610d26a24933db22f
c39b8da49b4b191f00365068d8401cc38c6747b58dbb1a7f5aab9601504e201f
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c95d9ef1a1bb413ac430a1e46993f0edba1a95817448b35e92124c4d46af4f2d
ce69dc4942a0b2894791ac9606f9d76b07062d46ee423cb90814bdacea3fe731
db8483df46939e49776f18e2b3166a60f9703cb8cda142a0305b0402aca1af12
deb503b3cb419db782d6b48531102313f8111585b3159f49cfa144e5151d5734
dfb8142570fc8da70edd4681e3b94d987e2b315ffe25dc692907aad7f0280194
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec92d051eaeb6b5ba0db56b336fb2bee6f41a6197bd783e6de99b6fa303fd266
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

www.edocr.com Open in urlscan Pro 3.222.244.201 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

45 Requests

100 %HTTPS

47 %IPv6

12 Domains

16 Subdomains

16 IPs

3 Countries

915 kBTransfer

2915 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.edocr.com Open in urlscan Pro
3.222.244.201 Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

100 %
HTTPS

47 %
IPv6

12
Domains

16
Subdomains

16
IPs

3
Countries

915 kB
Transfer

2915 kB
Size

3
Cookies

45 HTTP transactions
5 data transactions